Some notes and scripts for "installing" my Mac malware analysis setup.

binary-ninja lldb macos malware-analysis reverse-engineering

Shell 68.5%
C 31.5%

Find a file

nubbsterr 5969102ba9 added note for frida/lief installation, also readme has tools section now, also lldb cheat sheet in setup script		2026-03-02 17:47:09 -05:00
custom-dylibs	added test file for ptrace-deny and added some better notes to setup/dynamic analysis scripts	2026-02-18 10:57:48 -05:00
tests	added test file for ptrace-deny and added some better notes to setup/dynamic analysis scripts	2026-02-18 10:57:48 -05:00
dynamic-analysis.sh	more notes in dynamic/setup script, tips in readme	2026-02-26 07:11:04 -05:00
README.md	added note for frida/lief installation, also readme has tools section now, also lldb cheat sheet in setup script	2026-03-02 17:47:09 -05:00
setup.sh	added note for frida/lief installation, also readme has tools section now, also lldb cheat sheet in setup script	2026-03-02 17:47:09 -05:00

README.md

macOS-MA-setup

Some notes and scripts for "installing" my Mac malware analysis setup, as well as some experimental custom dylibs for malware analysis. My setup is entirely powered by Docker at the moment.

LLDB scripts can be found here!

My notes on Mac malware analysis can be found here!

other cool tools

Check out IRFlow Timeline as a Timeline Explorer equivalent for macOS. It's a very neat application that I think many will enjoy using for its various utilities such as the Persistence Analyzer and Process Inspector.

words of wisdom?

Check out this guide by SentinelOne on how to analyze malware without getting infected. You can find some info on VM setup and things assuming you're on Mac hardware.