An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.
An open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of Kemon, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver firewall, etc. In general, from an attacker's perspective, this framework can help achieve more powerful Rootkit. From the perspective of defense, Kemon can help construct more granular monitoring capabilities. I also implemented a kernel fuzzer through this framework, which helped me find many vulnerabilities, such as: CVE-2017-7155, CVE-2017-7163, CVE-2017-13883, etc.
Kemon's features include：
In addition, Kemon project can also extend the Pre and Post callback-based monitoring interfaces for any macOS kernel function.
Please use Xcode project or makefile to build the Kemon kext driver
Welcome to contribute by creating issues or sending pull requests. See Contributing Guide for guidelines.
Kemon is licensed under the Apache License 2.0. See the LICENSE file.