0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

Merge pull request #507 from johnsaigle/master 

Add disclaimer to MacOS memory dump tool
This commit is contained in:
Carlos Polop 2022-10-02 23:26:37 +01:00 committed by GitHub
parent 0d2cf72036 46b5984146
commit fa6370b177
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
macos-hardening/macos-security-and-privilege-escalation/README.md
View File

@ -806,6 +806,10 @@ ls -Rl /Library/Managed\ Preferences/
In order to dump the memory in a MacOS machine you can use [**osxpmem**](https://github.com/google/rekall/releases/download/v1.5.1/osxpmem-2.1.post4.zip).
**Note**: The following instructions will only work for Macs with Intel architecture. This tool is now archived and the last release was in 2017.
The binary downloaded using the instructions below targets Intel chips as Apple Silicon wasn't around in 2017. It may be possible to compile
the binary for arm64 architecture but you'll have to try for yourself.
```bash
#Dump raw format
sudo osxpmem.app/osxpmem --format raw -o /tmp/dump_mem