LOOBins
Living Off the Orchard: macOS Binaries
A curated list of macOS built-in binaries that can be used by threat actors for post-exploitation activities.
62
Binaries
14
Tactics
183
Use Cases
Recently Added
sharing
Create and manage macOS file sharing points for SMB, AFP, and FTP.
snmptrap
Send SNMP trap notifications; receive them with snmptrapd.
tftp
Trivial File Transfer Protocol client and server utilities.
funzip
The malicious binaries use funzip to extract the malicious binary with a password and using head or tail commands.
pkill
Kill processes by name or pattern.
tccutil
Command-line tool for managing the Transparency, Consent, and Control (TCC) permissions database