0xv1n

0xv1n / macnoise

Public

Extensible MacOS system telemetry generator.

35
0
100% credibility
Found Mar 01, 2026 at 22 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

MacNoise generates realistic macOS system events like network connections, file changes, and process activity to help security teams test and validate their detection tools.

How It Works

1
🔍 Discover MacNoise

You hear about this helpful tool from security blogs or colleagues while looking for ways to test your Mac defenses.

2
🛠️ Set it up quickly

Follow a few easy steps to prepare the tool on your Mac so it's ready to create pretend threats.

3
🎯 Pick a test scenario

Choose from ready examples that mimic real hacker tricks, like stealing data or hiding files.

4
▶️ Run the pretend attack

Press go and watch it safely generate fake security events on your test machine.

5
📊 Review what happened

Check the simple logs to see exactly what events were made and if your security tools spotted them.

Strengthen your defenses

Feel confident knowing your tools catch the threats they should, and fix any gaps easily.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 22 to 35 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is macnoise?

MacNoise is an extensible macOS system telemetry generator built in Go. It simulates real events like network beacons, file archives, process injections, TCC probes, and persistence via LaunchAgents to validate EDR, SIEM, and firewall detections. Use the CLI for single runs (`./macnoise run net_connect`), category sweeps, or YAML scenarios emulating macOS threats, with dry-run previews and JSONL output.

Why is it gaining traction?

Pre-built scenarios replay full kill chains from AMOS Atomic Stealer or Lazarus Group, mapping directly to MITRE techniques for quick detection gaps. OCSF audit logs track runs with timings and outcomes, while automatic cleanup and no-root-mostly design beat ad-hoc scripts. Output formats and params make it SIEM-friendly without setup hassle.

Who should use this?

Detection engineers testing macOS EDR rules, SecOps teams generating mac noise for Intune macOS extensible single sign-on tuning, or red teamers simulating macOS extensible SSO evasion. Ideal for validating telemetry in macos extensible single sign on SSO environments.

Verdict

Strong pick for macOS detection validation—excellent docs, CLI, and coverage despite 19 stars and 1.0% credibility score. Early stage means room for more scenarios, but contribute if it fits your workflow.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.