"Objective By the Sea v7.0" Drop!
This app demonstrates the ability to detect common classes of XPC exploits by validating code signing properties on both sides of the connection and pivoting off of macOS 14's XPC_CONNECT Endpoint Security event.
App usage
- Download a copy below
- Since this app leverages ES it needs to be run as root with FDA on the hosting process (e.g.
Terminal.app):sudo XPC2Proc.app/Contents/MacOS/XPC2Proc - Optionally, you can test a detection.
- Switch to the build directory:
tests/build/ - Compile the test with
tests/build/build.sh - Test a detection with:
./tests/bin/xpcConnTest com.xpc.example.agent.hello
- Switch to the build directory:
