-
Notifications
You must be signed in to change notification settings - Fork 49
References
Brandon Dalton edited this page Dec 13, 2023
·
5 revisions
| This is a living document of references for this wiki.
- CrowdStrike: Finding Waldo: Leveraging the Apple Unified Log for Incident Response
- Amnesty International: Forensic Methodology Report: How to catch NSO Group’s Pegasus
- Red Canary: Gatekeeping in macOS: Keeping adversaries off our Apples
- Kandji: Mac Logging and the log Command: A Guide for Apple Admins
- Belkasoft: KnowledgeC Database Forensics: A Comprehensive Guide
- Apple Developer: Kernel Architecture Overview
- Apple Support: System Integrity Protection
- Gorkem Karadeniz: Defeating RunAsPPL: Utilizing Vulnerable Drivers to Read Lsass with Mimikatz
- Apple Support: System security overview
- Apple Support: Contents of a LocalPolicy file for a Mac with Apple silicon
- The Eclectic Light Company: Booting macOS on Apple silicon: LocalPolicy
- Apple Developer: Boot process for a Mac with Apple silicon
- Apple Developer: Boot process for an Intel-based Mac
- Apple Developer: Installing a Custom Kernel Extension
- Apple Technical Note: Kernel Authorization
- Apple OSS GitHub: XNU
- Scott Knight: Virus scanning on macOS
- Objective-See Foundation: Monitoring Process Creation via the Kernel (Part I)
- CISA: The Urgent Need for Memory Safety in Software Products
- Anderson, T., & Dahlin, M. (2014). Operating systems: principles and practice (2nd ed.)
- Jonathan Levin: OS X/iOS Entitlement Database
- Scott Knight: System Extension internals
- Jiska Classen: iOS Reverse Engineering :: Part I :: Dynamic Reversing and iOS Basics
- Brandon Dalton: How does Gatekeeper know if an executable is Notarized?