“Norimaci” is a simple and lightweight malware analysis sandbox for macOS.

From github.com


This tool was inspired by “Noriben“. Norimaci uses the features of OpenBSM or Monitor.app to monitor macOS system activity instead of Sysinternals Process Monitor (procmon).

Norimaci consists of 3 Python scripts.

  • norimaci.py : Main script
  • openbsmconv.py : OpenBSM audit log converter
  • monitorappconv.py : Monitor.app data converter

OpenBSM is a framework to audit activities on macOS. Please see their web site for details.

Monitor.app is a free tool which is made by FireEye. Please see their web site for details.

Read more…