| Skip to content | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#start-of-content |
|
| https://github.com/ |
|
Sign in
| https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fmalwareengineering%2FmacOS-Security-and-Privacy-Guide |
| GitHub CopilotWrite better code with AI | https://github.com/features/copilot |
| GitHub Copilot appDirect agents from issue to merge | https://github.com/features/ai/github-app |
| MCP RegistryNewIntegrate external tools | https://github.com/mcp |
| ActionsAutomate any workflow | https://github.com/features/actions |
| CodespacesInstant dev environments | https://github.com/features/codespaces |
| IssuesPlan and track work | https://github.com/features/issues |
| Code ReviewManage code changes | https://github.com/features/code-review |
| GitHub Advanced SecurityFind and fix vulnerabilities | https://github.com/security/advanced-security |
| Code securitySecure your code as you build | https://github.com/security/advanced-security/code-security |
| Secret protectionStop leaks before they start | https://github.com/security/advanced-security/secret-protection |
| Why GitHub | https://github.com/why-github |
| Documentation | https://docs.github.com |
| Blog | https://github.blog |
| Changelog | https://github.blog/changelog |
| Marketplace | https://github.com/marketplace |
| View all features | https://github.com/features |
| Enterprises | https://github.com/enterprise |
| Small and medium teams | https://github.com/team |
| Startups | https://github.com/enterprise/startups |
| Nonprofits | https://github.com/solutions/industry/nonprofits |
| App Modernization | https://github.com/solutions/use-case/app-modernization |
| DevSecOps | https://github.com/solutions/use-case/devsecops |
| DevOps | https://github.com/solutions/use-case/devops |
| CI/CD | https://github.com/solutions/use-case/ci-cd |
| View all use cases | https://github.com/solutions/use-case |
| Healthcare | https://github.com/solutions/industry/healthcare |
| Financial services | https://github.com/solutions/industry/financial-services |
| Manufacturing | https://github.com/solutions/industry/manufacturing |
| Government | https://github.com/solutions/industry/government |
| View all industries | https://github.com/solutions/industry |
| View all solutions | https://github.com/solutions |
| AI | https://github.com/resources/articles?topic=ai |
| Software Development | https://github.com/resources/articles?topic=software-development |
| DevOps | https://github.com/resources/articles?topic=devops |
| Security | https://github.com/resources/articles?topic=security |
| View all topics | https://github.com/resources/articles |
| Customer stories | https://github.com/customer-stories |
| Events & webinars | https://github.com/resources/events |
| Ebooks & reports | https://github.com/resources/whitepapers |
| Business insights | https://github.com/solutions/executive-insights |
| GitHub Skills | https://skills.github.com |
| Documentation | https://docs.github.com |
| Customer support | https://support.github.com |
| Community forum | https://github.com/orgs/community/discussions |
| Trust center | https://github.com/trust-center |
| Partners | https://github.com/partners |
| View all resources | https://github.com/resources |
| GitHub SponsorsFund open source developers | https://github.com/open-source/sponsors |
| Security Lab | https://securitylab.github.com |
| Maintainer Community | https://maintainers.github.com |
| Accelerator | https://github.com/open-source/accelerator |
| GitHub Stars | https://stars.github.com |
| Archive Program | https://archiveprogram.github.com |
| Topics | https://github.com/topics |
| Trending | https://github.com/trending |
| Collections | https://github.com/collections |
| Enterprise platformAI-powered developer platform | https://github.com/enterprise |
| GitHub Advanced SecurityEnterprise-grade security features | https://github.com/security/advanced-security |
| Copilot for BusinessEnterprise-grade AI features | https://github.com/features/copilot/copilot-business |
| Premium SupportEnterprise-grade 24/7 support | https://github.com/enterprise/premium-support |
| Pricing | https://github.com/pricing |
| Search syntax tips | https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax |
| documentation | https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax |
|
Sign in
| https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fmalwareengineering%2FmacOS-Security-and-Privacy-Guide |
|
Sign up
| https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=malwareengineering%2FmacOS-Security-and-Privacy-Guide |
| Reload | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| Reload | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| Reload | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| Please reload this page | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
|
malwareengineering
| https://github.com/malwareengineering |
| macOS-Security-and-Privacy-Guide | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| drduh/macOS-Security-and-Privacy-Guide | https://github.com/drduh/macOS-Security-and-Privacy-Guide |
|
Notifications
| https://github.com/login?return_to=%2Fmalwareengineering%2FmacOS-Security-and-Privacy-Guide |
|
Fork
0
| https://github.com/login?return_to=%2Fmalwareengineering%2FmacOS-Security-and-Privacy-Guide |
|
Star
0
| https://github.com/login?return_to=%2Fmalwareengineering%2FmacOS-Security-and-Privacy-Guide |
|
Code
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
|
Pull requests
0
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/pulls |
|
Actions
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/actions |
|
Projects
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/projects |
|
Security and quality
0
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/security |
|
Insights
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/pulse |
|
Code
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
|
Pull requests
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/pulls |
|
Actions
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/actions |
|
Projects
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/projects |
|
Security and quality
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/security |
|
Insights
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/pulse |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| Branches | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/branches |
| Tags | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/tags |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/branches |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/tags |
| 480 Commits | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/commits/master/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/commits/master/ |
| 14F27_launchd.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/14F27_launchd.csv |
| 14F27_launchd.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/14F27_launchd.csv |
| 15B42_launchd.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/15B42_launchd.csv |
| 15B42_launchd.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/15B42_launchd.csv |
| 16A323_launchd.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/16A323_launchd.csv |
| 16A323_launchd.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/16A323_launchd.csv |
| CNAME | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/CNAME |
| CNAME | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/CNAME |
| InstallESD_Hashes.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/InstallESD_Hashes.csv |
| InstallESD_Hashes.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/InstallESD_Hashes.csv |
| LICENSE | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/LICENSE |
| LICENSE | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/LICENSE |
| README-cn.md | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/README-cn.md |
| README-cn.md | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/README-cn.md |
| README.md | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/README.md |
| README.md | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/README.md |
| _config.yml | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/_config.yml |
| _config.yml | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/_config.yml |
| comments.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/comments.csv |
| comments.csv | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/comments.csv |
| read_launch_plists.py | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/read_launch_plists.py |
| read_launch_plists.py | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/blob/master/read_launch_plists.py |
| README | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| MIT license | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| open an issue | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues |
| 简体中文 | https://github.com/xitu/macOS-Security-and-Privacy-Guide/blob/master/README-cn.md |
| Basics | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#basics |
| Preparing and installing macOS | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#preparing-and-installing-macos |
| Verifying installation integrity | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#verifying-installation-integrity |
| Creating a bootable USB installer | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#creating-a-bootable-usb-installer |
| Creating an install image | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#creating-an-install-image |
| Manual way | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#manual-way |
| Target disk mode | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#target-disk-mode |
| Creating a recovery partition | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#creating-a-recovery-partition |
| Virtualization | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#virtualization |
| First boot | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#first-boot |
| System activation | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#system-activation |
| Admin and standard user accounts | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#admin-and-standard-user-accounts |
| Caveats | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#caveats |
| Setup | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#setup |
| Full disk encryption | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#full-disk-encryption |
| Firmware | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#firmware |
| Firewall | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#firewall |
| Application layer firewall | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#application-layer-firewall |
| Third party firewalls | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#third-party-firewalls |
| Kernel level packet filtering | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#kernel-level-packet-filtering |
| Services | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#services |
| Spotlight Suggestions | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#spotlight-suggestions |
| Homebrew | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#homebrew |
| DNS | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dns |
| Hosts file | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#hosts-file |
| DNSCrypt | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dnscrypt |
| Dnsmasq | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dnsmasq |
| Test DNSSEC validation | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#test-dnssec-validation |
| Captive portal | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#captive-portal |
| Certificate authorities | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#certificate-authorities |
| OpenSSL | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#openssl |
| Curl | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#curl |
| Web | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#web |
| Privoxy | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#privoxy |
| Browser | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#browser |
| Google Chrome | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#google-chrome |
| Firefox | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#firefox |
| Safari | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#safari |
| Other Web browsers | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#other-web-browsers |
| Web browsers and privacy | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#web-browsers-and-privacy |
| Plugins | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#plugins |
| PGP/GPG | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#pgpgpg |
| OTR | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#otr |
| Tor | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#tor |
| VPN | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#vpn |
| Viruses and malware | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#viruses-and-malware |
| System Integrity Protection | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#system-integrity-protection |
| Gatekeeper and XProtect | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#gatekeeper-and-xprotect |
| Metadata and artifacts | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#metadata-and-artifacts |
| Passwords | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#passwords |
| Backup | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#backup |
| Wi-Fi | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#wi-fi |
| SSH | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#ssh |
| Physical access | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#physical-access |
| System monitoring | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#system-monitoring |
| OpenBSM audit | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#openbsm-audit |
| DTrace | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dtrace |
| Execution | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#execution |
| Network | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#network |
| Binary Whitelisting | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#binary-whitelisting |
| Miscellaneous | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#miscellaneous |
| Related software | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#related-software |
| Additional resources | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#additional-resources |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#basics |
| threat model | https://www.owasp.org/index.php/Application_Threat_Modeling |
| three letter agency | https://theintercept.com/document/2015/03/10/strawhorse-attacking-macos-ios-software-development-kit/ |
| OpenBSD | https://www.openbsd.org/ |
| apt | https://en.wikipedia.org/wiki/Advanced_persistent_threat |
| Recognize threats | https://www.usenix.org/system/files/1401_08-12_mickens.pdf |
| Apple security-announce | https://lists.apple.com/mailman/listinfo/security-announce |
| regular backups | https://www.amazon.com/o/ASIN/0596102461/backupcentral |
| free | https://www.gnu.org/philosophy/free-sw.en.html |
| which macOS is not | https://superuser.com/questions/19492/is-mac-os-x-open-source |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#preparing-and-installing-macos |
| Recovery Mode | https://support.apple.com/en-us/HT201314 |
| https://cloud.githubusercontent.com/assets/12475110/20312189/8987c958-ab20-11e6-90fa-7fd7c8c1169e.png |
| App Store | https://itunes.apple.com/us/app/macos-high-sierra/id1246284741 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#verifying-installation-integrity |
| code signed | https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW6 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#creating-a-bootable-usb-installer |
| Create a bootable installer for macOS | https://support.apple.com/en-us/HT201372 |
| does not appear to work | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/120 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#creating-an-install-image |
| restored | https://en.wikipedia.org/wiki/Apple_Software_Restore |
| MagerValp/AutoDMG | https://github.com/MagerValp/AutoDMG |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#manual-way |
| verify | https://support.apple.com/en-us/HT201259 |
| InstallESD_Hashes.csv | https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/InstallESD_Hashes.csv |
| HT204319 | https://support.apple.com/en-us/HT204319 |
| Target Disk Mode | https://support.apple.com/en-us/HT201462 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#target-disk-mode |
| securely erase | https://www.backblaze.com/blog/securely-erase-mac-ssd/ |
| https://cloud.githubusercontent.com/assets/12475110/14804078/f27293c8-0b2d-11e6-8e1f-0fb0ac2f1a4d.png |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#creating-a-recovery-partition |
| AutoDMG | https://github.com/MagerValp/AutoDMG |
| MagerValp/Create-Recovery-Partition-Installer | https://github.com/MagerValp/Create-Recovery-Partition-Installer |
| RecoveryHDUpdate.dmg | https://support.apple.com/downloads/DL1464/en_US/RecoveryHDUpdate.dmg |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#virtualization |
| VMware Fusion | https://www.vmware.com/products/fusion.html |
| Recovery Mode | https://support.apple.com/en-us/HT201314 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#first-boot |
| late 2016 MacBooks | https://www.ifixit.com/Device/MacBook_Pro_15%22_Late_2016_Touch_Bar |
| require online OS activation | https://onemoreadmin.wordpress.com/2016/11/27/the-untouchables-apples-new-os-activation-for-touch-bar-macbook-pros/ |
| clear NVRAM | https://support.apple.com/en-us/HT204063 |
| strong password | https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength |
| computer's name and local hostname | https://support.apple.com/kb/PH18720 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#system-activation |
| iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment | https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#admin-and-standard-user-accounts |
| weaknesses that can be exploited | https://bogner.sh/2014/03/another-mac-os-x-sudo-password-bypass/ |
| unlocked by default | https://csrc.nist.gov/publications/drafts/800-179/sp800_179_draft.pdf |
| Apple | https://help.apple.com/machelp/mac/10.12/index.html#/mh11389 |
| others | https://csrc.nist.gov/publications/drafts/800-179/sp800_179_draft.pdf |
| recommendations | https://support.apple.com/HT203998 |
| removed from FileVault | https://apple.stackexchange.com/a/94373 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#caveats |
| issue #167 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/167 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#setup |
| issue #179 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/179 |
| this post | https://superuser.com/a/395738 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#full-disk-encryption |
| FileVault | https://en.wikipedia.org/wiki/FileVault |
| not always prevents | https://blog.frizk.net/2016/12/filevault-password-retrieval.html |
| efficiently in hardware | https://web.archive.org/web/20180720195105/https://software.intel.com/sites/default/files/m/d/4/1/d/8/AES_WP_Rev_03_Final_2010_01_26.pdf |
| more secure | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/230 |
| ent | http://www.fourmilab.ch/random/ |
| Entropy and Random Number Generators | https://calomel.org/entropy_random_number_generators.html |
| Fun with encryption and randomness | https://rsmith.home.xs4all.nl/howto/fun-with-encryption-and-randomness.html |
| OneRNG | http://onerng.info/ |
| Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption | https://eprint.iacr.org/2012/374.pdf |
| presentation | http://www.cl.cam.ac.uk/~osc22/docs/slides_fv2_ifip_2013.pdf |
| IEEE Std 1619-2007 “The XTS-AES Tweakable Block Cipher” | http://libeccio.di.unisa.it/Crypto14/Lab/p1619.pdf |
| issue #124 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/124 |
| Best Practices for
Deploying FileVault 2 | https://training.apple.com/pdf/WP_FileVault2.pdf |
| Lest We Remember: Cold Boot Attacks on Encryption Keys | https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#firmware |
| can be helpful if your laptop is lost or stolen | https://www.ftc.gov/news-events/blogs/techftc/2015/08/virtues-strong-enduser-device-controls |
| pcileech | https://github.com/ufrisk/pcileech |
| SPI programmer | https://reverse.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/ |
| Bus Pirate | http://ho.ax/posts/2012/06/unbricking-a-macbook/ |
| Recovery Mode | https://support.apple.com/en-au/HT201314 |
| https://cloud.githubusercontent.com/assets/12475110/17075918/0f851c0c-50e7-11e6-904d-0b56cf0080c1.png |
| Dediprog SF600 | http://www.dediprog.com/pd/spi-flash-solution/sf600 |
| HT204455 | https://support.apple.com/en-au/HT204455 |
| LongSoft/UEFITool | https://github.com/LongSoft/UEFITool |
| chipsec/chipsec | https://github.com/chipsec/chipsec |
| this blog post | http://michaellynn.github.io/2018/07/27/booting-secure/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#firewall |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#application-layer-firewall |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#third-party-firewalls |
| Little Snitch | https://www.obdev.at/products/littlesnitch/index.html |
| Hands Off | https://www.oneperiodic.com/products/handsoff/ |
| Radio Silence | https://radiosilenceapp.com/ |
| Security Growler | https://pirate.github.io/security-growler/ |
| https://cloud.githubusercontent.com/assets/12475110/10596588/c0eed3c0-76b3-11e5-95b8-9ce7d51b3d82.png |
| kernel extension | https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/KernelProgramming/Extend/Extend.html |
| OS vulnerabilities | https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf |
| deletes itself | https://www.cnet.com/how-to/how-to-remove-the-flashback-malware-from-os-x/ |
| Network Kernel Extensions Programming Guide | https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/socket_nke/socket_nke.html#//apple_ref/doc/uid/TP40001858-CH228-SW1 |
| Shut up snitch! – reverse engineering and exploiting a critical Little Snitch vulnerability | https://reverse.put.as/2016/07/22/shut-up-snitch-reverse-engineering-and-exploiting-a-critical-little-snitch-vulnerability/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#kernel-level-packet-filtering |
| IceFloor | http://www.hanynet.com/icefloor/ |
| Murus | https://www.murusfirewall.com/ |
| NAT | https://www.grc.com/nat/nat.htm |
| Merit RADb | http://www.radb.net/ |
| Facebook | https://ipinfo.io/AS32934 |
| fix-macosx/net-monitor | https://github.com/fix-macosx/net-monitor |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#services |
| System Integrity Protection | https://github.com/drduh/macOS-Security-and-Privacy-Guide#system-integrity-protection |
| fix-macosx/yosemite-phone-home | https://github.com/fix-macosx/yosemite-phone-home |
| l1k/osxparanoia | https://github.com/l1k/osxparanoia |
| karek314/macOS-home-call-drop | https://github.com/karek314/macOS-home-call-drop |
| launchd.info | http://launchd.info/ |
| Apple's Daemons and Services Programming Guide | https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html |
| Technical Note TN2083 | https://developer.apple.com/library/mac/technotes/tn2083/_index.html |
| KnockKnock | https://github.com/synack/knockknock |
| single user mode | https://support.apple.com/en-us/HT201573 |
| Console | https://en.wikipedia.org/wiki/List_of_macOS_components#Console |
| Activity Monitor | https://support.apple.com/en-us/HT201464 |
| cirrusj.github.io/Yosemite-Stop-Launch | https://cirrusj.github.io/Yosemite-Stop-Launch/ |
| Provisioning OS X and Disabling Unnecessary Services | https://vilimpoc.org/blog/2014/01/15/provisioning-os-x-and-disabling-unnecessary-services/ |
| Mac OSX Startup | http://www.malicious-streams.com/article/Mac_OSX_Startup.pdf |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#spotlight-suggestions |
| fix-macosx.com | https://fix-macosx.com/ |
| issue 164 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/164 |
| https://web.archive.org/web/20180412124005/https://fix10.isleaked.com/ | https://web.archive.org/web/20180412124005/https://fix10.isleaked.com/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#homebrew |
| Homebrew | https://brew.sh/ |
| Apple’s great GPL purge | http://meta.ath0.com/2012/02/05/apples-great-gpl-purge/ |
| install Homebrew | https://github.com/Homebrew/brew/blob/master/docs/Installation.md#installation |
| fairly secure | https://github.com/Homebrew/homebrew/issues/18036 |
| Homebrew's Anonymous Aggregate User Behaviour Analytics | https://github.com/Homebrew/brew/blob/master/docs/Analytics.md |
| additional security options | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/138 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dns |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#hosts-file |
| hosts file | https://en.wikipedia.org/wiki/Hosts_(file) |
| 2ndalpha/gasmask | https://github.com/2ndalpha/gasmask |
| here | https://someonewhocares.org/hosts/ipv6/ |
| someonewhocares.org | https://someonewhocares.org/hosts/zero/hosts |
| l1k/osxparanoia/blob/master/hosts | https://github.com/l1k/osxparanoia/blob/master/hosts |
| StevenBlack/hosts | https://github.com/StevenBlack/hosts |
| FreeBSD Configuration Files | https://www.freebsd.org/doc/handbook/configtuning-configfiles.html |
| dnsmasq | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dnsmasq |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dnscrypt |
| dnscrypt | https://dnscrypt.info |
| alterstep/dnscrypt-osxclient | https://github.com/alterstep/dnscrypt-osxclient |
| dnscrypt-proxy version 2 | https://github.com/jedisct1/dnscrypt-proxy |
| DNSCrypt Menu | https://github.com/JayBrown/DNSCrypt-Menu |
| dnscrypt-proxy-switcher | https://github.com/jedisct1/bitbar-dnscrypt-proxy-switcher |
| https://cloud.githubusercontent.com/assets/12475110/19222914/8e6f853e-8e31-11e6-8dd6-27c33cbfaea5.png |
| dnscrypt server | https://github.com/Cofyc/dnscrypt-wrapper |
| drduh/Debian-Privacy-Server-Guide#dnscrypt | https://github.com/drduh/Debian-Privacy-Server-Guide#dnscrypt |
| public servers | https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv |
| Sample configuration file for dnscrypt-proxy | https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy.conf |
| What is a DNS leak | https://dnsleaktest.com/what-is-a-dns-leak.html |
| mDNSResponder manual page | https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/mDNSResponder.8.html |
| ipv6-test.com | http://ipv6-test.com/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dnsmasq |
| dnsmasq | http://www.thekelleys.org.uk/dnsmasq/doc.html |
| not provided | http://bcn.boulder.co.us/~neal/ietf/verisign-abuse.html |
| by your ISP | http://hackercodex.com/guide/how-to-stop-isp-dns-server-hijacking/ |
| Google DNS | https://developers.google.com/speed/public-dns/ |
| OpenDNS | https://www.opendns.com/home-internet-security/ |
| DNSSEC | https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions |
| from IANA website | https://www.iana.org/dnssec/files |
| dnssec.net website | http://www.dnssec.net |
| recommended settings | https://github.com/drduh/config/blob/master/dnsmasq.conf |
| privileged port | https://unix.stackexchange.com/questions/16564/why-are-the-first-1024-ports-restricted-to-the-root-user-only |
| issue #24 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/24 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#test-dnssec-validation |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#captive-portal |
| Apple's secret "wispr" request | https://web.archive.org/web/20171008071031/http://blog.erratasec.com/2010/09/apples-secret-wispr-request.html |
| How to disable the captive portal window in Mac OS Lion | https://web.archive.org/web/20130407200745/http://www.divertednetworks.net/apple-captiveportal.html |
| An undocumented change to Captive Network Assistant settings in OS X 10.10 Yosemite | https://web.archive.org/web/20170622064304/https://grpugh.wordpress.com/2014/10/29/an-undocumented-change-to-captive-network-assistant-settings-in-os-x-10-10-yosemite/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#certificate-authorities |
| over 200 | https://support.apple.com/en-us/HT202858 |
| Certification Authority Trust Tracker | https://github.com/kirei/catt |
| Analysis of the HTTPS certificate ecosystem | https://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf |
| You Won’t Be Needing These Any More: On Removing Unused Certificates From Trust Stores | https://www.ifca.ai/fc14/papers/fc14_submission_100.pdf |
| https://cloud.githubusercontent.com/assets/12475110/19222972/6b7aabac-8e32-11e6-8efe-5d3219575a98.png |
| man in the middle | https://en.wikipedia.org/wiki/Man-in-the-middle_attack |
| possible | https://en.wikipedia.org/wiki/DigiNotar#Issuance_of_fraudulent_certificates |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#openssl |
| not current | https://apple.stackexchange.com/questions/200582/why-is-apple-using-an-older-version-of-openssl |
| more | https://stackoverflow.com/questions/27502215/difference-between-openssl-09-8z-and-1-0-1 |
| Secure Transport | https://developer.apple.com/documentation/security/secure_transport |
| Cryptographic Services Guide | https://developer.apple.com/library/mac/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html |
| surprise you | https://hynek.me/articles/apple-openssl-verification-surprises/ |
| issue #39 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/39 |
| Comparison of TLS implementations | https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations |
| How's My SSL | https://www.howsmyssl.com/ |
| Qualys SSL Labs Tools | https://www.ssllabs.com/projects/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#curl |
| Secure Transport | https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/ |
| options | https://curl.haxx.se/docs/manpage.html |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#web |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#privoxy |
| Privoxy | https://www.privoxy.org/ |
| silvester.org.uk | https://silvester.org.uk/privoxy/OSX/ |
| Sourceforge | https://sourceforge.net/projects/ijbswa/files/Macintosh%20%28OS%20X%29/ |
| more secure | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/65 |
| http://p.p/ | http://p.p/ |
| redirecting blocked requests | https://www.privoxy.org/user-manual/actions-file.html#SET-IMAGE-BLOCKER |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#browser |
| SOP | https://en.wikipedia.org/wiki/Same-origin_policy |
| Chrome | https://courses.csail.mit.edu/6.857/2016/files/24.pdf |
| Google Chrome | https://www.google.com/chrome/browser/desktop/ |
| Firefox | https://www.mozilla.org/en-US/firefox/new/ |
| Safari | https://www.apple.com/safari/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#google-chrome |
| Google Chrome | https://www.google.com/chrome/browser/desktop/ |
| Chromium project | https://www.chromium.org/Home |
| following | https://fossbytes.com/difference-google-chrome-vs-chromium-browser/ |
| PDF viewer | http://0xdabbad00.com/2013/01/13/most-secure-pdf-viewer-chrome-pdf-viewer/ |
| separate profiles | https://www.chromium.org/user-experience/multi-profiles |
| sandboxing | https://www.chromium.org/developers/design-documents/sandbox |
| frequent updates | https://googlechromereleases.blogspot.com/ |
| impressive credentials | https://www.chromium.org/Home/chromium-security/brag-sheet |
| bounty | https://www.google.com/about/appsecurity/chrome-rewards/ |
| Project Zero | https://googleprojectzero.blogspot.com |
| 5 dollar lifetime fee | https://developer.chrome.com/webstore/publish#pay-the-developer-signup-fee |
| node.js | https://nodejs.org/en/ |
| Chrome's V8 | https://developers.google.com/v8/ |
| Electron | https://electron.atom.io/ |
| uMatrix | https://github.com/gorhill/uMatrix |
| uBlock Origin | https://github.com/gorhill/uBlock |
| Privacy Badger | https://www.eff.org/privacybadger |
| HTTPSEverywhere | https://www.eff.org/https-everywhere |
| CertPatrol | http://patrol.psyced.org/ |
| Incognito | https://support.google.com/chrome/answer/7440301 |
| Chromium Security | https://www.chromium.org/Home/chromium-security |
| Chromium Privacy | https://www.chromium.org/Home/chromium-privacy |
| DNS prefetching | https://www.chromium.org/developers/design-documents/dns-prefetching |
| DNS Prefetching and Its Privacy Implications | https://www.usenix.org/legacy/event/leet10/tech/full_papers/Krishnan.pdf |
| information | https://www.google.com/policies/privacy/#infocollect |
| use | https://www.google.com/policies/privacy/#infouse |
| Google services | https://www.google.com/services/#?modal_active=none |
| account settings | https://myaccount.google.com/privacy?pli=1 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#firefox |
| Firefox | https://www.mozilla.org/en-US/firefox/new/ |
| Quantum | https://wiki.mozilla.org/Quantum |
| Photon | https://wiki.mozilla.org/Firefox/Photon/Updates |
| Rust | https://www.rust-lang.org/en-US/ |
| bounty | https://www.mozilla.org/en-US/security/bug-bounty/ |
| #2 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/2 |
| #90 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/90 |
| TheCreeper/PrivacyFox | https://github.com/TheCreeper/PrivacyFox |
| pyllyukko/user.js | https://github.com/pyllyukko/user.js |
| ghacksuserjs/ghacks-user.js | https://github.com/ghacksuserjs/ghacks-user.js/ |
| NoScript | https://noscript.net/ |
| tracking protection | https://developer.mozilla.org/en-US/Firefox/Privacy/Tracking_Protection |
| Containers | https://testpilot.firefox.com/experiments/containers |
| Web Extension SDK | https://developer.mozilla.org/en-US/Add-ons/Legacy_add_ons |
| paper | https://www.exploit-db.com/docs/24541.pdf |
| Web Extension Api | https://developer.mozilla.org/en-US/Add-ons/WebExtensions |
| issue | https://bugzilla.mozilla.org/show_bug.cgi?id=1393493 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#safari |
| Safari | https://www.apple.com/safari/ |
| WebKit | https://en.wikipedia.org/wiki/WebKit |
| Blink | https://www.chromium.org/blink |
| Content blockers | https://webkit.org/blog/3476/content-blockers-first-look/ |
| Intelligent Tracking Prevention | https://webkit.org/blog/7675/intelligent-tracking-prevention/ |
| bounty program | https://developer.apple.com/bug-reporting/ |
| presentation | https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf |
| BlackHat | https://www.blackhat.com/us-16/briefings.html#behind-the-scenes-of-ios-security |
| developer subscription | https://developer.apple.com/support/compare-memberships/ |
| encrypted | https://support.apple.com/en-gb/HT202303 |
| Safari Technology Preview | https://developer.apple.com/safari/technology-preview/ |
| dgraham/Ka-Block | https://github.com/dgraham/Ka-Block |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#other-web-browsers |
| closed source | http://yro.slashdot.org/comments.pl?sid=4176879&cid=44774943 |
| poorly maintained | https://plus.google.com/+JustinSchuh/posts/69qw9wZVH8z |
| have bugs | https://code.google.com/p/google-security-research/issues/detail?id=679 |
| The Private Life of Chromium Browsers | https://web.archive.org/web/20180517132144/http://thesimplecomputer.info/the-private-life-of-chromium-browsers |
| Brave | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/94 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#web-browsers-and-privacy |
| Navigator | https://developer.mozilla.org/en-US/docs/Web/API/Navigator |
| HowTo: Privacy & Security Conscious Browsing | https://gist.github.com/atcuno/3425484ac5cce5298932 |
| browserleaks.com | https://www.browserleaks.com/ |
| EFF Panopticlick | https://panopticlick.eff.org/ |
| WebRTC | https://en.wikipedia.org/wiki/WebRTC#Concerns |
| uBlock Origin | https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address |
| rentamob/WebRTC-Leak-Prevent | https://github.com/rentamob/WebRTC-Leak-Prevent |
| system hack | https://github.com/JayBrown/Disable-and-toggle-WebRTC-in-macOS-Safari |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#plugins |
| HTML5 | https://help.netflix.com/en/node/23742 |
| security risks | https://news.ycombinator.com/item?id=9901480 |
| Hacking Team Flash Zero-Day | https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/ |
| Java Trojan BackDoor.Flashback | https://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback |
| Acrobat Reader: Security Vulnerabilities | https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html |
| Angling for Silverlight Exploits | https://blogs.cisco.com/security/angling-for-silverlight-exploits |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#pgpgpg |
| symmetrically | https://en.wikipedia.org/wiki/Symmetric-key_algorithm |
| asymmetrically | https://en.wikipedia.org/wiki/Public-key_cryptography |
| GPG Suite | https://gpgtools.org/ |
| drduh/config/gpg.conf | https://github.com/drduh/config/blob/master/gpg.conf |
| drduh/YubiKey-Guide | https://github.com/drduh/YubiKey-Guide |
| online | https://alexcabal.com/creating-the-perfect-gpg-keypair/ |
| guides | https://security.stackexchange.com/questions/31594/what-is-a-good-general-purpose-gnupg-key-setup |
| practice | https://help.riseup.net/en/security/message-security/openpgp/best-practices |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#otr |
| XMPP | https://xmpp.org/about |
| Adium | https://adium.im/ |
| disable logging | https://trac.adium.im/ticket/15722 |
| profanity | http://www.profanity.im/ |
| Tor Messenger | https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily |
| Ricochet | https://ricochet.im/ |
| security audit | https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf |
| Off-the-Record Communication, or, Why Not To Use PGP | https://otr.cypherpunks.ca/otr-wpes.pdf |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#tor |
| offical Tor Project Web site | https://www.torproject.org/projects/torbrowser.html |
| How to verify signatures for packages | https://www.torproject.org/docs/verifying-signatures.html |
| exit node | https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Exit_node_eavesdropping |
| Tor Protocol Specification | https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt |
| Tor/TLSHistory | https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory |
| pluggable transport | https://www.torproject.org/docs/pluggable-transports.html |
| Yawning/obfs4proxy | https://github.com/Yawning/obfs4 |
| SRI-CSL/stegotorus | https://github.com/SRI-CSL/stegotorus |
| Tor relay | https://www.torproject.org/docs/tor-relay-debian.html |
| bridge | https://www.torproject.org/docs/bridges.html.en#RunningABridge |
| VirtualBox | https://www.virtualbox.org/wiki/Downloads |
| VMware | https://www.vmware.com/products/fusion |
| GNU/Linux | http://www.brianlinkletter.com/installing-debian-linux-in-a-virtualbox-virtual-machine/ |
| BSD | https://www.openbsd.org/faq/faq4.html |
| anonymity | https://www.privateinternetaccess.com/blog/2013/10/how-does-privacy-differ-from-anonymity-and-why-are-both-important/ |
| correlation | https://blog.torproject.org/category/tags/traffic-correlation |
| Seeking Anonymity in an Internet Panopticon | http://bford.info/pub/net/panopticon-cacm.pdf |
| Traffic Correlation on Tor by Realistic Adversaries | http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf |
| Invisible Internet Project (I2P) | https://geti2p.net/en/about/intro |
| Tor comparison | https://geti2p.net/en/comparison/tor |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#vpn |
| connection metadata | https://security.stackexchange.com/questions/142833/does-https-encrypt-metadata#142855 |
| drduh/Debian-Privacy-Server-Guide | https://github.com/drduh/Debian-Privacy-Server-Guide |
| PPTP | https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security |
| OpenVPN | https://en.wikipedia.org/wiki/OpenVPN |
| scy/8122924 | https://gist.github.com/scy/8122924 |
| sarfata/voodooprivacy | https://github.com/sarfata/voodooprivacy |
| hwdsl2/setup-ipsec-vpn | https://github.com/hwdsl2/setup-ipsec-vpn |
| hwdsl2/docker-ipsec-vpn-server | https://github.com/hwdsl2/docker-ipsec-vpn-server |
| issue #114 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/114 |
| technical overview | https://blog.timac.org/2018/0717-macos-vpn-architecture/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#viruses-and-malware |
| ever-increasing | https://www.documentcloud.org/documents/2459197-bit9-carbon-black-threat-research-report-2015.html |
| Java bundling Ask Toolbar | https://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/ |
| Mac.BackDoor.iWorm | https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1 |
| Malwarebytes Anti-Malware for Mac | https://www.malwarebytes.com/antimalware/mac/ |
| Methods of malware persistence on Mac OS X | https://www.virusbtn.com/pdf/conference/vb2014/VB2014-Wardle.pdf |
| Malware Persistence on OS X Yosemite | https://www.rsaconference.com/events/us15/agenda/sessions/1591/malware-persistence-on-os-x-yosemite |
| Knock Knock | https://github.com/synack/knockknock |
| Block Block | https://objective-see.com/products/blockblock.html |
| Ostiarius | https://objective-see.com/products/ostiarius.html |
| issue #90 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/90 |
| maclaunch.sh | https://github.com/hazcod/maclaunch |
| Sophail: Applied attacks against Antivirus | https://lock.cmpxchg8b.com/sophailv2.pdf |
| Analysis and Exploitation of an ESET Vulnerability | https://googleprojectzero.blogspot.ro/2015/06/analysis-and-exploitation-of-eset.html |
| a trivial Avast RCE | https://code.google.com/p/google-security-research/issues/detail?id=546 |
| Popular Security Software Came Under Relentless NSA and GCHQ Attacks | https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/ |
| How Israel Caught Russian Hackers Scouring the World for U.S. Secrets | https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html |
| AVG: "Web TuneUP" extension multiple critical vulnerabilities | https://code.google.com/p/google-security-research/issues/detail?id=675 |
| issue #44 | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/44 |
| whitepaper | https://www.cylance.com/content/dam/cylance/pdfs/data_sheets/CylancePROTECT.pdf |
| Cyberforce | https://cybrforce.com |
| Malware Managed | https://www.malwaremanaged.com |
| example | https://arstechnica.com/security/2015/08/0-day-bug-in-fully-patched-os-x-comes-under-active-exploit-to-hijack-macs/ |
| The Safe Mac | http://www.thesafemac.com/ |
| Malwarebytes Blog | https://blog.malwarebytes.com/ |
| VirusTotal | https://www.virustotal.com/#/home/upload |
| Hacking Team | https://www.schneier.com/blog/archives/2015/07/hacking_team_is.html |
| root installation for MacOS | https://github.com/hackedteam/vector-macos-root |
| Support driver for Mac Agent | https://github.com/hackedteam/driver-macos |
| RCS Agent for Mac | https://github.com/hackedteam/core-macos |
| A Brief Analysis of an RCS Implant Installer | https://objective-see.com/blog/blog_0x0D.html |
| reverse.put.as | https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#system-integrity-protection |
| System Integrity Protection | https://support.apple.com/en-us/HT204899 |
| can be disabled | https://derflounder.wordpress.com/2015/10/01/system-integrity-protection-adding-another-layer-to-apples-security-model/ |
| What's New in OS X 10.11 | https://developer.apple.com/library/prerelease/mac/releasenotes/MacOSX/WhatsNewInOSX/Articles/MacOSX10_11.html |
| What is the “rootless” feature in El Capitan, really? | https://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really |
| SIP disabled | https://appleinsider.com/articles/16/11/17/system-integrity-protection-disabled-by-default-on-some-touch-bar-macbook-pros |
| enable SIP | https://developer.apple.com/library/content/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#gatekeeper-and-xprotect |
| Mac Malware Guide : How does Mac OS X protect me? | http://www.thesafemac.com/mmg-builtin/ |
| Gatekeeper, XProtect and the Quarantine attribute | https://ilostmynotes.blogspot.com/2012/06/gatekeeper-xprotect-and-quarantine.html |
| here | https://www.zoharbabin.com/hey-mac-i-dont-appreciate-you-spying-on-me-hidden-downloads-log-in-os-x/ |
| clear the file | https://superuser.com/questions/90008/how-to-clear-the-contents-of-a-file-from-the-command-line |
| make it immutable | http://hints.macworld.com/article.php?story=20031017061722471 |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#metadata-and-artifacts |
| HFS+ extended attributes | https://en.wikipedia.org/wiki/Extended_file_attributes#OS_X |
| 'quicklook' cache may leak encrypted data | https://objective-see.com/blog/blog_0x30.html |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#passwords |
| /dev/urandom | https://github.com/jedisct1/libsodium/issues/594 |
| anders/pwgen | https://github.com/anders/pwgen |
| PBKDF2 derived key | https://en.wikipedia.org/wiki/PBKDF2 |
| Breaking into the OS X keychain | http://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain |
| does not encrypt | https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/118 |
| drduh/Purse | https://github.com/drduh/Purse |
| drduh/pwd.sh | https://github.com/drduh/pwd.sh |
| two factor authentication | https://en.wikipedia.org/wiki/Two-factor_authentication |
| Yubikey | https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ |
| drduh/YubiKey-Guide | https://github.com/drduh/YubiKey-Guide |
| trmm.net/Yubikey | https://trmm.net/Yubikey |
| Yubico | https://www.yubico.com/wp-content/uploads/2016/02/Yubico_YubiKeyMacOSXLogin_en.pdf |
| U2F Zero | https://www.u2fzero.com/ |
| set it up | https://microamps.gibsjose.com/u2f-authentication-on-os-x/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#backup |
| YubiKey | https://github.com/drduh/YubiKey-Guide |
| SpiderOak | https://spideroak.com/ |
| Arq | https://www.arqbackup.com/ |
| Espionage | https://www.espionageapp.com/ |
| restic | https://restic.github.io/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#wi-fi |
| Signals from the Crowd: Uncovering Social Relationships through Smartphone Probes | https://conferences.sigcomm.org/imc/2013/papers/imc148-barberaSP106.pdf |
| Wi-Fi told me everything about you | http://confiance-numerique.clermont-universite.fr/Slides/M-Cunche-2014.pdf |
| spoof the MAC address | https://en.wikipedia.org/wiki/MAC_spoofing |
| feross/SpoofMAC | https://github.com/feross/SpoofMAC |
| not secure | http://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-it-matters/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#ssh |
| set up | http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/ |
| hashing | http://nms.csail.mit.edu/projects/ssh/ |
| options | https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5 |
| macOS Sierra permanently remembers SSH key passphrases by default | https://openradar.appspot.com/28394826 |
| encrypted tunnel | http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html |
| SOCKS proxy | https://www.mikeash.com/ssh_socks.html |
| hardening | https://stribika.github.io/2015/01/04/secure-secure-shell.html |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#physical-access |
| Thunderstrike | https://trmm.net/Thunderstrike |
| usbkill | https://github.com/hephaest0s/usbkill |
| privacy filter | https://www.amazon.com/s/ref=nb_sb_noss_2?url=node%3D15782001&field-keywords=macbook |
| Nail polish | https://trmm.net/Glitter |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#system-monitoring |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#openbsm-audit |
| ilostmynotes.blogspot.com | https://ilostmynotes.blogspot.com/2013/10/openbsm-auditd-on-os-x-these-are-logs.html |
| derflounder.wordpress.com | https://derflounder.wordpress.com/2012/01/30/openbsm-auditing-on-mac-os-x/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#dtrace |
| System Integrity Protection | https://github.com/drduh/macOS-Security-and-Privacy-Guide#system-integrity-protection |
| interferes | https://internals.exposed/blog/dtrace-vs-sip.html |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#execution |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#network |
| Wireshark | https://www.wireshark.org/ |
| BonzaiThePenguin/Loading | https://github.com/BonzaiThePenguin/Loading |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#binary-whitelisting |
| google/santa | https://github.com/google/santa/ |
| Kernel Authorization API | https://developer.apple.com/library/content/technotes/tn2127/_index.html |
| Releases | https://github.com/google/santa/releases |
| https://cloud.githubusercontent.com/assets/12475110/21062284/14ddde88-be1e-11e6-8e9b-32f8a44c0cf6.png |
| Zentral | https://github.com/zentralopensource/zentral |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#miscellaneous |
| Diagnostics & Usage Data | https://github.com/fix-macosx/fix-macosx/wiki/Diagnostics-&-Usage-Data |
| VLC media player | https://www.videolan.org/vlc/index.html |
| Transmission | https://www.transmissionbt.com/download/ |
| malware may still find its way in | http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/ |
| Which is the best blocklist for Transmission | https://giuliomac.wordpress.com/2014/02/19/best-blocklist-for-transmission/ |
| johntyree/3331662 | https://gist.github.com/johntyree/3331662 |
| duti | http://duti.org/ |
| Protecting Yourself From Sparklegate | https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/ |
| tty_tickets flag | https://derflounder.wordpress.com/2016/09/21/tty_tickets-option-now-on-by-default-for-macos-sierras-sudo-tool/ |
| Secure Keyboard Entry | https://security.stackexchange.com/questions/47749/how-secure-is-secure-keyboard-entry-in-mac-os-xs-terminal |
| YubiKey | https://mig5.net/content/secure-keyboard-entry-os-x-blocks-interaction-yubikeys |
| TextExpander | https://smilesoftware.com/textexpander/secureinput |
| multicast advertisements | https://www.trustwave.com/Resources/SpiderLabs-Blog/mDNS---Telling-the-world-about-you-(and-your-device)/ |
| Disable Handoff | https://apple.stackexchange.com/questions/151481/why-is-my-macbook-visibile-on-bluetooth-after-yosemite-install |
| sandboxing | https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/sandbox-exec.1.html |
| fG! Sandbox Guide | https://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v0.1.pdf |
| s7ephen/OSX-Sandbox--Seatbelt--Profiles | https://github.com/s7ephen/OSX-Sandbox--Seatbelt--Profiles |
| 2006 | http://osxbook.com/book/bonus/chapter10/tpm/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#related-software |
| stronghold | https://github.com/alichtman/stronghold |
| Santa | https://github.com/google/santa |
| kristovatlas/osx-config-check | https://github.com/kristovatlas/osx-config-check |
| Lockdown | https://objective-see.com/products/lockdown.html |
| Dylib Hijack Scanner | https://objective-see.com/products/dhs.html |
| F-Secure XFENCE | https://campaigns.f-secure.com/xfence/ |
| Little Flocker | https://github.com/drduh/macOS-Security-and-Privacy-Guide/pull/237 |
| facebook/osquery | https://github.com/facebook/osquery |
| google/grr | https://github.com/google/grr |
| yelp/osxcollector | https://github.com/yelp/osxcollector |
| jipegit/OSXAuditor | https://github.com/jipegit/OSXAuditor |
| libyal/libfvde | https://github.com/libyal/libfvde |
| CISOfy/lynis | https://github.com/CISOfy/lynis |
| Zentral | https://github.com/zentralopensource/zentral |
| The Eclectic Light Company - Downloads | https://eclecticlight.co/downloads/ |
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#additional-resources |
| MacOS Hardening Guide - Appendix of *OS Internals: Volume III - Security & Insecurity Internals | http://newosxbook.com/files/moxii3/AppendixA.pdf |
| Mac Developer Library: Secure Coding Guide | https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html |
| OS X Core Technologies Overview White Paper | https://www.apple.com/osx/all-features/pdf/osx_elcapitan_core_technologies_overview.pdf |
| Reverse Engineering Mac OS X blog | https://reverse.put.as/ |
| Reverse Engineering Resources | http://samdmarshall.com/re.html |
| Patrick Wardle's Objective-See blog | https://objective-see.com/blog.html |
| Managing Macs at Google Scale (LISA '13) | https://www.usenix.org/conference/lisa13/managing-macs-google-scale |
| OS X Hardening: Securing a Large Global Mac Fleet (LISA '13) | https://www.usenix.org/conference/lisa13/os-x-hardening-securing-large-global-mac-fleet |
| DoD Security Technical Implementation Guides for Mac OS | http://iase.disa.mil/stigs/os/mac/Pages/mac-os.aspx |
| The EFI boot process | http://web.archive.org/web/20160508052211/http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/efi-boot-process.html |
| The Intel Mac boot process | http://refit.sourceforge.net/info/boot_process.html |
| Userland Persistence on Mac OS X | https://archive.org/details/joshpitts_shmoocon2015 |
| Developing Mac OSX kernel rootkits | http://phrack.org/issues/66/16.html#article |
| IOKit kernel code execution exploit | https://code.google.com/p/google-security-research/issues/detail?id=135 |
| Hidden backdoor API to root privileges in Apple OS X | https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/ |
| IPv6 Hardening Guide for OS X | http://www.insinuator.net/2015/02/ipv6-hardening-guide-for-os-x/ |
| Harden the World: Mac OSX 10.11 El Capitan | http://docs.hardentheworld.org/OS/OSX_10.11_El_Capitan/ |
| Hacker News discussion | https://news.ycombinator.com/item?id=10148077 |
| Hacker News discussion 2 | https://news.ycombinator.com/item?id=13023823 |
| Apple Open Source | https://opensource.apple.com/ |
| OS X 10.10 Yosemite: The Ars Technica Review | https://arstechnica.com/apple/2014/10/os-x-10-10/ |
| CIS Apple OSX 10.10 Benchmark | https://benchmarks.cisecurity.org/tools2/osx/CIS_Apple_OSX_10.10_Benchmark_v1.1.0.pdf |
| How to Switch to the Mac | https://taoofmac.com/space/HOWTO/Switch |
| Security Configuration For Mac OS X Version 10.6 Snow Leopard | https://www.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf |
| EFF Surveillance Self-Defense Guide | https://ssd.eff.org/ |
| MacAdmins on Slack | https://macadmins.herokuapp.com/ |
| iCloud security and privacy overview | https://support.apple.com/kb/HT4865 |
| Demystifying the DMG File Format | http://newosxbook.com/DMG.html |
| There's a lot of vulnerable OS X applications out there (Sparkle Framework RCE) | https://vulnsec.com/2016/osx-apps-vulnerabilities/ |
| iSeeYou: Disabling the MacBook Webcam Indicator LED | https://jscholarship.library.jhu.edu/handle/1774.2/36569 |
| Mac OS X Forensics - Technical Report | https://www.ma.rhul.ac.uk/static/techrep/2015/RHUL-MA-2015-8.pdf |
| Mac Forensics: Mac OS X and the HFS+ File System | https://cet4861.pbworks.com/w/file/fetch/71245694/mac.forensics.craiger-burke.IFIP.06.pdf |
| Extracting FileVault 2 Keys with Volatility | https://tribalchicken.com.au/security/extracting-filevault-2-keys-with-volatility/ |
| Auditing and Exploiting Apple IPC | https://googleprojectzero.blogspot.com/2015/09/revisiting-apple-ipc-1-distributed_28.html |
| Mac OS X and iOS Internals: To the Apple's Core by Jonathan Levin | https://www.amazon.com/Mac-OS-iOS-Internals-Apples/dp/1118057651 |
| Demystifying the i-Device NVMe NAND (New storage used by Apple) | http://ramtin-amin.fr/#nvmepcie |
| The macOS Phishing Easy Button: AppleScript Dangers | https://duo.com/blog/the-macos-phishing-easy-button-applescript-dangers |
| Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices | https://googleprojectzero.blogspot.com/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html |
| The Great DOM Fuzz-off of 2017 | https://googleprojectzero.blogspot.be/2017/09/the-great-dom-fuzz-off-of-2017.html |
| Remote code execution, git, and OS X | https://rachelbythebay.com/w/2016/04/17/unprotected/ |
| OSX.Pirrit Mac Adware Part III: The DaVinci Code | https://www.cybereason.com/blog/targetingedge-mac-os-x-pirrit-malware-adware-still-active |
| How to make macOS Spotlight fuck the fuck off and do your bidding | https://m4.rkw.io/blog/how-to-make-macos-spotlight-fuck-the-fuck-off-and-do-your-bidding.html |
| Fuzzing the macOS WindowServer for Exploitable Vulnerabilities | http://blog.ret2.io/2018/07/25/pwn2own-2018-safari-sandbox/ |
|
Readme
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#readme-ov-file |
|
MIT license
| https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide#MIT-1-ov-file |
| Please reload this page | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
|
Activity | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/activity |
|
Custom properties | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/custom-properties |
|
0
forks | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/forks |
|
Report repository
| https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Fmalwareengineering%2FmacOS-Security-and-Privacy-Guide&report=malwareengineering+%28user%29 |
| Releases | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/releases |
| Packages
0 | https://github.com/orgs/malwareengineering/packages?repo_name=macOS-Security-and-Privacy-Guide |
| Please reload this page | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
| Contributors | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide/graphs/contributors |
| Please reload this page | https://github.com/malwareengineering/macOS-Security-and-Privacy-Guide |
|
| https://github.com |
| Terms | https://docs.github.com/site-policy/github-terms/github-terms-of-service |
| Privacy | https://docs.github.com/site-policy/privacy-policies/github-privacy-statement |
| Security | https://github.com/security |
| Status | https://www.githubstatus.com/ |
| Community | https://github.community/ |
| Docs | https://docs.github.com/ |
| Contact | https://support.github.com?tags=dotcom-footer |