🍭Dynamic Analysis Toolkit

• Ghidra: While primarily a static analysis tool, Ghidra can also be used in conjunction with dynamic analysis tools for a more comprehensive approach.

• Frida: A dynamic instrumentation toolkit that allows you to inject scripts into running processes to monitor and modify their behavior. It supports macOS and can be used to trace function calls, modify memory, and more.

• Cuckoo Sandbox: An open-source automated malware analysis system that can run malware in a controlled environment and provide detailed reports on its behavior. You can set up a macOS environment for Cuckoo Sandbox to analyze macOS malware.

• Wireshark: A network protocol analyzer that can capture and inspect network traffic generated by malware. It helps you understand how malware communicates with remote servers.

• DTrace: A dynamic tracing framework for macOS that can be used to observe system calls, function calls, and other runtime behaviors of malware.

• Little Snitch: A macOS firewall that monitors and controls outgoing network connections. It can help you identify malicious network activity initiated by malware.

• Process Monitor (Procmon): While originally for Windows, similar tools like Activity Monitor on macOS can help you track processes, file system activity, and system calls.

• Charles Proxy: A web debugging proxy application that can capture HTTP and HTTPS traffic. Useful for monitoring web requests made by malware.

• Burp Suite: A web application security testing tool that can be used to intercept and analyze HTTP/S traffic. It helps in identifying malicious network interactions.

• MacOS Debugger (lldb): The default debugger on macOS, part of the LLVM project. It helps you analyze and debug running processes.