M

Contents

M#

Index#

macOS Commands

Default macOS commands the operator runs on the target or their own Apple workstation. The full A-Z table runs across pages 155-162 of the source handbook; the highlights below cover daily tradecraft.

macOS Commands
macOS Defend

DFIR triage on macOS hosts. The operator chains volatility-ordered collection, malware reversing primitives, and a long list of artifact locations spanning system logs, user preferences, browsers, and mail.

macOS Defend
macOS Exploit

Recon, credential access, persistence, and post-exploitation tradecraft for macOS. The survey block snapshots the target; Bifrost handles Kerberos abuse; Dylib hijacking and Apple Notes / FileVault / APFS cracking…

macOS Exploit
macOS Ports

Historical OSX / macOS services and ports across all versions. The operator hits the most common Apple-specific listeners during scan triage.

macOS Ports
Malware Resources

Sample sources, classification corpora, and C2-framework catalogues the operator pulls open during triage. Some require accounts; several rate-limit aggressive scraping. Operators handling live samples should isolate…

Malware Resources
Malware

Reference catalog of malware families an operator should recognize, organized by category. Each row is a family + brief notes; for full technical write-ups follow the references at the end (Mandiant family pages,…

Malware
Map Sources

Reference of map data, tile servers, geocoders, and imagery providers an operator builds from. The space splits into raster tile services (slippy maps), vector tile / data, satellite + aerial imagery, geocoders,…

Map Sources
MASINT

Measurement and signature intelligence. Specialized technical collection that produces intelligence by detecting, characterizing, identifying, and tracking the distinctive features of fixed and dynamic targets.

MASINT
MDXFIND / MDXSPLIT

MDXFIND runs large numbers of unsolved hashes of any type, using many algorithms concurrently, against a large number of plaintext words and rules, very quickly. Its main use is to deal with large lists (20 to 50…

MDXFIND / MDXSPLIT
Medical Devices

Reference of medical device categories, the major manufacturers, the standards governing them, and the cyber- risk surface (legacy OS, network exposure, and the FDA / EU MDR regulatory frame). Useful for hospital…

Medical Devices
Metasploit

Metasploit is the world’s most-used penetration testing framework. The operator drives modules from msfconsole, manages sessions via Meterpreter, and pivots through compromised hosts.

Metasploit
Micro

Micro is a modern terminal editor with familiar GUI-style keybindings (Ctrl-S to save, Ctrl-C to copy, Ctrl-V to paste). Single static binary written in Go; no…

Micro
Military Reference

Reference of military identifiers an operator commonly meets: NATO phonetic alphabet, time + date conventions, rank-equivalent mappings across major armed forces, organizational hierarchies, and standard map /…

Military Reference
Mimikatz Defend

Hardening and detection recipes the operator turns to when defending Windows estates against Mimikatz abuse.

Mimikatz Defend
Mimikatz

Mimikatz is the leading post-exploitation tool. The operator dumps plaintext passwords, NTLM hashes, PINs, and Kerberos tickets from memory and from on-disk hives.

Mimikatz
Timezones

A reference table of country and region time-zone names and UTC offsets. The operator reaches for this when correlating logs, parsing timestamps off a remote host, or working a target whose local time matters to…

Timezones
MITRE ATT&CK

Reference of the MITRE ATT&CK matrices: tactics, key techniques, and related frameworks the operator uses to map adversary behavior. ATT&CK is the standard taxonomy for TTPs across CTI, detection engineering, red…

MITRE ATT&CK
msfvenom

MsfVenom is the Metasploit standalone payload generator. It replaces msfpayload and msfencode.

msfvenom