• Apple,  Mac Security

    Our Journey To A Quantum-Safe Secret Manager

    Once upon a time, when the COVID was upon us, I retreated into my lab to write a book on the history of computing. I was fortunate, privileged, and delighted to get the chance to interview some of the people who built the foundational technologies that power our digital lives. People who invented the first data packets, installed the first nodes on the internet, developed the first search engines, and founders of companies that have become household names. Many from the history of computing began their careers as academics. Their original research was published as they pursued their PhDs. I started to notice some trends. A few notable ones caught…

  • Apple,  Mac OS X,  Mac Security,  MacAdmins Podcast

    Test A Fork Of NoMAD Maybe?

    tldr: here’s a slightly modernized fork of NoMAD that needs a little testing: https://gitlab.com/krypted1/nomad2 Been working on a fork of NoMAD that will hopefull just modernize code and get merged back in. In general, the changes shouldn’t be noticed with a big exception, it’s a breaking change for machines that run an operating system older than Catalina. Apple changes APIs and so we have the option to either introduce a breaking change or make the code really complicated by retaining existing code or moving to new APIs. So this version starts to transition away from UIKit and towards Swift UI. It also removes Carthage in favor of Swift Package Manager.…

  • Mac Security

    Use ChatGPT to Analyze macOS Logs for Anomaly Detection

    tldr: Posted this anomaly detector that uses ChatGPT at https://github.com/krypted/Lightweight-GPT-Log-Anomaly-Detector. Can be used untrained or with lightly trained troves of macOS system logs. Tweak to your delight… Use A number of options may need to be run in a given environment. To do so, use the following: Create a virtual environment python3.6 -m virtualenv venv Activate the virtual environment source venv/bin/activate Install the requirements pip install -r requirements.txt Create the log file sudo log show --last 10m > log-info-10m.txt Run the script log-analysis.py to parse log file and generate anomalous logs. Example usage: python log-analysis.py --log_filename log-info-10m.txt python log-analysis.py --log_filename log-info-10m.txt --use_error_keywords True --score_threshold 0.5 python log-analysis.py --log_filename log-info-10m.txt --use_error_keywords…

  • Mac Security

    Base64 Encoding and Decoding

    I received a piece of malware today and as one will do, I of course opened it up on my test machine. Like with a lot of phishing-types of emails, it was really just trying to get at a password (in this case it was a fake Office365 login). One thing that jumped out at me was that the payload was a bunch of base64 encoded blobs. The machine was offline, so I couldn’t use one of the many online decoders to see what it was doing. Thus, time to bust out the old openssl and base64 commands. Let’s start with a quick example of encoding a string object into…

  • Mac Security

    Get a list of Google Chrome extensions on a Mac (and more on what’s in the manifest.json)

    A common task for those who manage devices is trying to get a list of things installed on a computer. Plenty of the things are apps. But increasingly there are extensions in apps that expand the functionality of those apps. This is nowhere more true than in web browsers, where it’s possible to intercept endpoints and manipulate text on the screen. Google Chrome stores extensions in /Users/<username>/Library/Application\ Support/Google/Chrome/Default/Extensions. To see a list of all of the extensions in Google Chrome, the following find command can parse through the directory, read the manifest.json, and find the name field. It’s quoted such that it will skip those that also have short_name defined…

  • Mac OS X,  Mac Security

    New Version of Extensions Manager

    Just uploaded a new version of Extensions Manager to GitHub at https://github.com/krypted/extensionsmanager. Now it has a search function and can sort by column. These make it much quicker to find potential extension conflicts. Uploaded the Xcode project and the compiled binary to just download and run it.

  • Mac OS X,  Mac Security

    The Return Of Extensions Manager

    Just posted a graphical interface to see what extensions are running on Macs, the version of extension, what type of extension each is, the status, path, and SDK. This is a rebirth of the slick Extensions Manager of old. It’s less cool like that as it doesn’t yet allow for extensions management – but should once the logic is worked out (or an API is provided for these types of system-wide tasks rather than just for the app that instantiated the extension). To download Extensions Manager, click https://github.com/krypted/extensionsmanager/raw/main/Extension%20Manager%20Executable.zip or to access the source for it and the CLI version, visit https://github.com/krypted/extensionsmanager. The tool is similar in nature to the early…

  • Mac OS X,  Mac Security

    Extensions Manager Swift Project for macOS

    Extension Manager was an important app for those who managed Macs in the System 8 and System 9 era. It allowed us to see all of the extensions loaded in the classic OS and disable them. It was also easy to take extensions and move them to the desktop for troubleshooting. In the years since Apple began to pick apart what developers used kernel extensions to do, the type of extensions and how we use them has left us with a few different tools to comb through to see what extensions are on a system and what they do. Thus, let’s bring Extension Manager back (ish). Let’s start with a…