From ee7b5d87593bdacf13ec6e6bcaaf4a41a3981128 Mon Sep 17 00:00:00 2001
From: Meir Wahnon <meir@demisto.com>
Date: Mon, 15 Feb 2016 15:38:47 +0200
Subject: [PATCH] Adding KonckKnock

to OSX section
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 89b950d..9e1fb12 100644
--- a/README.md
+++ b/README.md
@@ -93,6 +93,7 @@ A curated list of tools and resources for security incident response, aimed to h
 ### OSX Evidence Collection
 * [OSX Auditor](https://github.com/jipegit/OSXAuditor) - OSX Auditor is a free Mac OS X computer forensics tool
 * [OSX Collector](https://github.com/yelp/osxcollector) - An OSX Auditor offshoot for live response
+* [Knockknock](https://github.com/synack/knockknock) - displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X
 
 
 ### Linux Evidence Collection