Skip to main contentSummary
Inject a library from on-host into a process on macOS for AMD64 (no arm support yet).
- Needs Admin: False
- Version: 1
- Author: Jonathan Levin, @xorrior
Arguments
pid
- Description: PID of process to inject into.
- Required Value: True
- Default Value: None
library
- Description: Path to the dylib to inject
- Required Value: True
- Default Value: None
Usage
MITRE ATT&CK Mapping
Detailed Summary
This command includes a shellcode stub which forces a process to load a dylib on macOS. The command uses process injection to inject this shellcode stub into a remote process which then loads the dylib specified with the library argument into the target process. 
