A proof-of-concept, caveat emptor workflow for securely executing a repository-hosted script
Designed as a possible last step before a MDM “Lock Computer” command, FSWL.bash *may aid in keeping a Mac computer online for investigation, while discouraging end-user tampering
A collection of macOS scripts for CrowdStrike Falcon Real Time Response
An attacker [— or your co-worker whose account is a Standard User —] could add malicious code to $HOME/.zshenv and it may be executed when the app is installed.
Leverage a client-side LaunchDaemon, script and .plist trio to determine computer health, based on the Mac’s ability to execute an inventory update policy
Please consider filing feedback with Apple to at least allow MDM to report on the status of Lockdown Mode
We recently received a request from SecOps to search for the presence of dozens of specific filenames on multiple users’ hard drives.