Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple’s Endpoint Security Framework.
Apple has introduced some new security mechanisms that we need to enable to get Crescendo running.
Requirements
Crescendo is only compatible with >=10.15.X and at least Xcode 10.
Also Read – HTBenum : A Linux Enumeration Script For Hack The Box
Components
This project consists of three main components:
Testing & Development
It is highly recommended to test this code in a virtual machine with SIP disabled, since this project requires the endpoint-security entitlement, TCC, and proper signing when SIP is enabled.
csrutil disable
nvram boot-args=”amfi_get_out_of_my_way=0x1″
OSSystemExtensionManager.shared.submitRequest
systemextensionsctl developer on
Signing
If you wish to sign your own application, it is highly recommend to read Apple’s documentation on System Extension requirements and Notorization.
Signing and entitlement is a non-trivial exercise.
Building
I have included my .xproj file in this release to get folks started. In the future I will likely move to using the new xcconfig file as this seems much more sane of an approach instead of commiting xproj files. If you wish to simply build the example cli application you can do so with Xcode.
In order to build this application and run it on a production macOS system, you will need the endpoint-security entitlement and a developer certificate from Apple.
The Crescendo framework can easily be bundled with any Swift application. I may move to CocoaPods in the future, but I am unfamiliar with them right now.
Issues/Bugs/Features
Please feel free to raise an issue if you wish to see a feature added or encounter an issue. If you wish to contribute a pull request, please just ensure you run swiftlint over your code before contributing.
I will cut releases for the compiled + signed app and include them in the Releases tab as needed.
Troubleshooting
System Preferences -> Security & Privacy
? If not, you will not see any events.System Preferences -> Security & Privacy -> Privacy Tab
? If not, you will not see any events.crescendo
or <your_bundle_id>
/com.suprhackersteve
as a filter, that should assist you in troubleshooting any potential issues. It is also a good idea to check in CrashReporter and see if the extension has crashed or exited with fatalError
.Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…