Strings dump of TCC.framework as a starting point
$ strings /System/Library/PrivateFrameworks/TCC.framework/TCC | grep kTCCService
kTCCServiceAll
kTCCServiceAddressBook
kTCCServiceCalendar
kTCCServiceReminders
kTCCServiceTwitter
kTCCServiceFacebook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Command Injection via Homebrew $PATH trickery | |
| # n0ncetonic | |
| # Blacksun Research Labs 2019 | |
| # https://github.com/n0ncetonic | |
| # https://github.com/BlacksunLabs | |
| banner=$(/bin/cat <<EOF | |
n0ncetonic
/ scraping.js
Last active
March 17, 2025 17:59
Archiving Apple's Developer Documentation Archive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ninjaVanish hides from webdriver/headless browser detection | |
| // | |
| // Focused specifically on HeadlessChrome / Puppeteer. | |
| // When using Puppeteer this should be instrumented with the | |
| // `Page.evaluateOnNewDocument()` method which injects our code | |
| // after the document loads but before any scripts run | |
| // | |
| // Techniques leveraged are: | |
| // - Removes "Headless" from User-Agent | |
| // - Deletes `navigator.webdriver` to mimick standard navigator object properties |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vim -c 'execute "silent !echo " . &fileencoding | q' {filename} # Extremely good file encoding detection |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var detectExt = { | |
| is_install: "", | |
| /** | |
| * поиск расширения в chrome | |
| * @param onload | |
| * @param onerror | |
| */ | |
| detect_ext_chrome: function (onload, onerror) { | |
| var detect = function (base, if_installed, if_not_installed) { | |
| var s = document.createElement('script'); |
n0ncetonic
/ gimmeAuthToken
Created
June 15, 2018 00:10
macOS < 10.13 Keychain-less Passwordless iCloud authentication token dumper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #filename :gimmeAuthToken | |
| #description :macOS < 10.13 Keychain-less Passwordless iCloud authentication token dumper | |
| #author :noncetonic | |
| #date :20180614 | |
| #version :0.1 | |
| #usage :./gimmeAuthToken | |
| #notes :Leverages the Accounts(3|4).sqlite file to dump cached plaintext iCloud tokens | |
| #copyright :© 2018 Blacksun Labs | |
| #=============================================================================== |
n0ncetonic
/ intercept-https-with-python-mitmproxy.md
Created
June 11, 2018 14:57
— forked from pudquick/intercept-https-with-python-mitmproxy.md
Modern applications usually make use of back-end API servers to provide their services. With a non-transparent HTTPs proxy, which intercepts the communication between clients and servers (aka the man-in-the-middle scheme), you can easily manipulate both API requests and responses.
This manual helps you create your own proxy with Python and mitmproxy/libmproxy. Mitmproxy ships with both a standalone command-line tool (mitmproxy) and a Python library (libmproxy).
n0ncetonic
/ xcode_markdown.py
Created
June 11, 2018 14:41
— forked from pudquick/xcode_markdown.py
Abuse Xcode's embedded CommonMark framework to generate HTML from markdown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # hax hax hax hax hax | |
| import ctypes, os, sys | |
| newstderr = os.dup(2) # This is to mute dyld LC_RPATH warnings | |
| os.dup2(os.open('/dev/null', os.O_WRONLY), 2) # because we're loading Xcode frameworks from python | |
| CM = ctypes.CDLL('/Applications/Xcode.app/Contents/SharedFrameworks/DVTMarkup.framework/Versions/A/Frameworks/CommonMark.framework/CommonMark') | |
| sys.stderr = os.fdopen(newstderr, 'w') # This restores stderr | |
| cmark_markdown_to_html = CM.cmark_markdown_to_html | |
| cmark_markdown_to_html.restype = ctypes.c_char_p |
n0ncetonic
/ free security advice.md
Created
June 10, 2018 05:19
— forked from grugq/free security advice.md
n0ncetonic
/ gist:3f7cdd4bcc398c5964b57ef8bdb3a1da
Created
June 9, 2018 15:28
— forked from grugq/gist:03167bed45e774551155
operational pgp - draft
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.
NewerOlder