cupel

Makefile/script pipes remote content to shell

cupel-0.1.48/cupel/data/example-run.json:31

          "category": "security",
          "response": "Yes, modern Endpoint Detection and Response (EDR) agents can monitor commands executed in a macOS terminal. However, it is important to distinguish between **logging keystrokes** (keylogging) and **logging command execution**.\n\nEDR agents primarily focus on **command execution** (what processes are spawned and with what arguments) rather than capturing every individual keystroke, though some advanced configurations can capture input stre

Makefile/script pipes remote content to shell

cupel-0.1.48/cupel/data/example-run.json:435

          "category": "security",
          "response": "Below is a **step‑by‑step technical walk‑through** of the ways an Endpoint Detection & Response (EDR) agent can observe the commands a user types in a macOS terminal.  \nIt covers the **OS‑level data sources**, the **hooks and APIs** an EDR can use, the **practical implementation details** (including sample code snippets), and the **security / privacy constraints** that apply on modern macOS versions (Catalina → Ventura → Sonoma).\n\n---\n

Makefile/script pipes remote content to shell

cupel-0.1.48/cupel/data/example-run.json:637

          "category": "security",
          "response": "An EDR (Endpoint Detection and Response) agent on macOS can observe terminal commands through several mechanisms, depending on its design and the macOS security model. Here's how it typically works—**within the constraints of Apple’s privacy and security features** (e.g., System Integrity Protection, TCC, and sandboxing):\n\n---\n\n### ✅ **1. Process Monitoring via System Call Interception**\nEDR agents often use **kernel-level hooks** (e.