issues
search
infosecB
/
LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
https://loobins.io
GNU General Public License v3.0
434
stars
57
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
bump to version 1.7.2
#209
infosecB
closed
1 month ago
0
Adding Sigma rules and references to tmutil.yml
#208
DefenderDaniel
closed
1 month ago
0
Adding Sigma detection and resource link to pbpaste.yml
#207
DefenderDaniel
closed
1 month ago
0
Adding Sigma Detection to nscurl.yml
#206
DefenderDaniel
closed
1 month ago
0
bump to 1.7.1
#205
infosecB
closed
2 months ago
0
Fix job name, deploy
#204
infosecB
closed
2 months ago
0
add poetry version bump
#203
infosecB
closed
2 months ago
0
use PAT instead of github_token for tagging
#202
infosecB
closed
2 months ago
0
Jamf Protect: Linking additional LOOBins to Jamf Protect
#201
txhaflaire
closed
2 months ago
2
Adding initial version of the `codesign` loobin
#200
txhaflaire
closed
2 months ago
0
Add another example for the `log` loobin
#199
txhaflaire
closed
2 months ago
0
add bump action
#198
infosecB
closed
2 months ago
0
Update defaults
#197
demonduck
closed
2 months ago
0
Adding chflags command
#196
demonduck
closed
2 months ago
1
Add LOOBin for chflags
#195
demonduck
closed
2 months ago
0
Add detections that are applicable with Jamf Protect
#194
txhaflaire
closed
2 months ago
2
Add LOOBin for streamzip
#193
0xv1n
closed
2 months ago
0
Adds LOOBin for streamzip
#192
0xv1n
closed
2 months ago
2
bump to version 1.7
#191
infosecB
closed
3 months ago
0
fix: Broken links to Check Point research
#190
0xv1n
closed
3 months ago
1
New use cases for launchctl, dscl, csrutil
#189
marcopedrinazzi
closed
4 months ago
1
Updated dscacheutil with 2 new use cases, fix descriptions of previous use cases
#188
marcopedrinazzi
closed
4 months ago
0
Add LOOBin for lsappinfo
#187
infosecB
opened
5 months ago
0
bump to version 1.6
#186
infosecB
closed
6 months ago
0
Update defaults
#185
infosecB
closed
6 months ago
0
Updated YAML file for nscurl
#184
DefenderDaniel
closed
6 months ago
1
Update detection for ioreg.yml
#183
pratinavchandra
closed
6 months ago
1
Update detection for system_profiler.yml
#182
pratinavchandra
closed
6 months ago
0
Change dscl
#181
Res260
closed
8 months ago
0
Fix test ci
#180
infosecB
closed
9 months ago
0
Bump to v1.5
#179
infosecB
closed
9 months ago
0
Add test to release action
#178
infosecB
closed
9 months ago
0
Add version argument to cli
#177
infosecB
closed
9 months ago
0
Add event samples to LOOBin schema
#176
infosecB
opened
9 months ago
0
Migrate to Pydantic v2
#175
infosecB
closed
9 months ago
0
bump to version 1.4.3
#174
infosecB
closed
9 months ago
0
Formatting and spelling fixes
#173
infosecB
closed
9 months ago
0
Add release action, remove pre
#172
infosecB
closed
9 months ago
0
bump to 1.4.2
#171
infosecB
closed
9 months ago
0
Add swift
#170
0v3rride
closed
9 months ago
1
Add LOOBin for swift
#169
0v3rride
closed
9 months ago
0
killall.yml
#168
Uptycs-PratikJ
closed
9 months ago
1
Change tactics in osacompile
#167
Res260
closed
10 months ago
1
Bump v1.4.1
#166
infosecB
closed
11 months ago
0
Rename say extension
#165
infosecB
closed
11 months ago
0
Bump to v1.4
#164
infosecB
closed
11 months ago
0
Adding Say command
#163
pinarsadioglu
closed
11 months ago
1
Add LOOBin for Say
#162
pinarsadioglu
closed
11 months ago
0
Change several mentions of reconnaissance to discovery
#161
Res260
closed
11 months ago
0
Add the "Defense Evasion" tactic to ssh-keygen
#160
Res260
closed
11 months ago
0
Next