A YARA & Malware Analysis Toolkit written in Rust.

A native macOS dashboard for Jamf Pro, Jamf Protect, and Jamf School. Browse your fleet, review security posture, inspect configuration and analytics, and export reports all from one app.

Main Sigma Rule Repository

A practical DFIR-focused cheatsheet for identifying, collecting, triaging, and reviewing macOS persistence mechanisms, with acquisition-aware guidance for disk artifacts, live state, required privi…

AutoPkg Wizard - a macOS SwiftUI app for managing AutoPkg

macOS persistence mechanism scanner with code signature verification and timeline tracking.

Searchable reference for the macOS Endpoint Security API — parses SDK headers into a navigable local viewer

An implementation of EndpointSecurity on the 5BSD kernel.

Proper sandboxing for agentic coding and web browsing

bagel, a CLI that inventories security-relevant metadata on developer workstations

Voice-to-text dictation app with local (Nvidia Parakeet/Whisper) and cloud models (BYOK). Privacy-first and available cross-platform.

A MacAdmin-focused QuickLook plugin with GitOps in mind

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with built-in process inspection, lateral movement tracking, persistence detection, and V…

Deobfuscate obfuscator.io, unminify and unpack bundled javascript

Content related to medium.com/@thatsiemguy

Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, …

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Various IOCs discovered during research

Rulezet is an open-source web platform for sharing, evaluating, improving, and managing cybersecurity detection rules (YARA, Sigma, Suricata, etc). It aims to foster collaboration among professiona…

A collection of malware families and malware samples which use the Rust programming language.

command line tool to use the macOS system translation service

Python for offensive security research

mSCP Notebook - Simple Baseline Generator: A Marimo Notebook designed for creating and exploring security baselines derived from the macOS Security Compliance Project (mSCP).

A local-first web interface for managing Tart VMs on Apple Silicon macOS.

A decompiler for run-only applescripts

M.A.C.E. (Mac Advanced Compliance Editor) is a modern macOS app to simplify compliance baseline creation, auditing, and management using NIST's mSCP 2.0