Snake VIII update

Article_tags.md

@@ -376,9 +376,12 @@ ___
   * Eicar test
   * Malware creator test
 ___
+#### ☑ [Apple Gatekeeper Bypass](https://karol-mazurek.medium.com/apple-gatekeeper-bypass-4315bbb33018?sk=v2%2F3c20fa28-1a3d-4bd0-9a25-79646f60c44f)
+USB flash drive bypass | Network Shares bypass
+___
 
-### [VIII. Sandbox]()
-com.apple.security.app-sandbox | Sandbox Operations | Sandbox Profiles | SBPL | /System/Library/Sandbox/Profiles/application.sb | SandboxProfileData | libsystem_sandbox.dylib | libsystem_sandbox.dylib | AppSandbox.framework | sandboxd | containermanagerd | sandbox_init | .com.apple.containermanagerd.metadata.plist | SandboxProfileDataValidationInfo
+### [VIII. Sandbox](https://karol-mazurek.medium.com/snake-apple-viii-app-sandbox-5aff081f07d5?sk=v2%2F5b65151b-d1f3-4f18-93da-4ad9aeacadb7)
+com.apple.security.app-sandbox | Sandbox Operations | Sandbox Profiles | SBPL | /System/Library/Sandbox/Profiles/application.sb | SandboxProfileData | libsystem_sandbox.dylib | libsystem_sandbox.dylib | AppSandbox.framework | sandboxd | containermanagerd | sandbox_init | .com.apple.containermanagerd.metadata.plist | SandboxProfileDataValidationInfo | com.apple.MobileInstallation.ContentProtectionClass | com.apple.security.sandbox | AppleSystemPolicy.kext | CVE-2021–30853 | AppSandbox Framework | 
 ___
 #### [SBPL Compilator](https://karol-mazurek.medium.com/sbpl-compilator-c05f5304d057?sk=v2%2F4ae3bf90-ff12-4fea-b0fc-0f2ef60d7b93)
 .com.apple.containermanagerd.metadata.plist | SandboxProfileData | /System/Library/Sandbox/Profiles/ | sandbox_compile_file | com.apple.security.get-task-allow | sandbox-exec | Sandbox.kext

README.md

@@ -34,11 +34,12 @@ The table of contents showing links to all articles is below:
   * ☑ [Unexpected but expected behavior](https://karol-mazurek.medium.com/unexpected-but-expected-behavior-bf281cc21ee2?sk=v2%2Fda20f402-b7fa-4bb1-a160-83e758cdd513)
 * ☑ [VII. Antivirus](https://karol-mazurek.medium.com/snake-apple-vii-antivirus-0a57acc10185?sk=v2%2F2c46d7ac-4435-41e6-bbda-2acb4eb78c76)
   * ☑ [Apple Gatekeeper Bypass](https://karol-mazurek.medium.com/apple-gatekeeper-bypass-4315bbb33018?sk=v2%2F3c20fa28-1a3d-4bd0-9a25-79646f60c44f)
-* ☐ [VIII. Sandbox]()
+* ☐ [VIII. Sandbox](https://karol-mazurek.medium.com/snake-apple-viii-app-sandbox-5aff081f07d5?sk=v2%2F5b65151b-d1f3-4f18-93da-4ad9aeacadb7)
   * ☑ [SBPL Compilator](https://karol-mazurek.medium.com/sbpl-compilator-c05f5304d057?sk=v2%2F4ae3bf90-ff12-4fea-b0fc-0f2ef60d7b93)
   * ☑ [Sandbox Detector](https://karol-mazurek.medium.com/sandbox-detector-4268ab3cd361?sk=v2%2F58fe49fb-1381-4db3-9db9-3f6309e4053a)
   * ☑ [Sandbox Validator](https://karol-mazurek.medium.com/sandbox-validator-e760e5d88617?sk=v2%2F145ac2ef-ca06-41a0-b310-c96f4ce0037b)
   * ☑ [App Sandbox startup](https://karol-mazurek.medium.com/app-sandbox-startup-71daf8f259d1?sk=v2%2F9f3b09a6-c7c0-445d-8613-8e25bf3f4e4d)
+  * ☐ [System Intigrity Protection]()
 * ☐ [IX. TCC]()
 * ☐ [X. NU]()
   * ☑ [Kernel Debugging Setup on MacOS](https://karol-mazurek.medium.com/kernel-debugging-setup-on-macos-07dd8c86cdb6?sk=v2%2F782bf539-a057-4f14-bbe7-f8e1ace26701)
@@ -566,4 +567,5 @@ Each Snake class will be a child of the previous one and infinitely "eat itself"
 * Consider moving methods like `removeNullBytesAlignment`, `calcTwoComplement64` etc. to `Utils` class.
 * Move `--mig` option to Snake & Apple chapter about Mach Kernel when ready.
 * Make Thread manager class and improve the Threading.thread with tracing methods and `kill()`.
-* Reconsider moving --xattr like args to another Snake class related to filesystem.
+* Reconsider moving --xattr like args to another Snake class related to filesystem.
+* Consider adding second option to dump Sandbox Operations based on this [Csaba Fitzl comment](https://x.com/theevilbit/status/1828773101041221755).