Ricci Adams

If you have any interest in code injection on macOS, I've made two demo repositories with write-ups:

https://github.com/iccir/ESInjectorDemo
Demonstrates Saagar Jha's method of using Endpoint Security to inject into a newly-launched process.

https://github.com/iccir/ThreadInjectorDemo
Demonstrates the "traditional" way of injecting into an already-running process via thread_create_running().

GitHub - iccir/ESInjectorDemo: macOS code injection using Endpoint Security

macOS code injection using Endpoint Security. Contribute to iccir/ESInjectorDemo development by creating an account on GitHub.

GitHub
Mar 7 at 3:46pmWeb