Hello Friends, Been a While. Anyone have some guidance on macOS Malware Analysis?

hartescout · January 23, 2021, 6:54pm

So, basically the title of the post. Recently took on a full-time position on a threat research/hunt team and have become interested in filling a gap in macOS reverse engineering/Malware Analysis expertise. Zero2Auto and these forums and Discord are huge part in why I have this position so I thought I should ask the community.

Any guidance? Some initial searches have turned up some decent-looking information but I haven’t found any books specifically focused on the architecture and or OS.

Would be much appreciated!

alexa · January 24, 2021, 5:30am

idk man this is what i got, i hope you will find some help:

peta909 · January 26, 2021, 2:24am

hi there,
yup there isn’t as much info on mac malware stuff vs Windows or *nix. but the best you can turn to are the following:

https://objective-see.com/about.html

https://www.amazon.com/Jonathan-Levin/e/B008ZF7ZKK/ref=dp_byline_cont_book_1

always start with the basics learning the OSX file types and internals of OSX.

kris · February 7, 2021, 12:03am

I came across the MacOS Internals triology a few days ago, they aim to be the equivalent of Windows Internals books for MacOS. No idea how good they are though.

leftbeef · March 3, 2021, 8:44pm

True but they are expensive. Have you taken a look at The Art of Mac Malware? I think it’s still free: https://taomm.org/

ryodan0x · March 9, 2021, 6:54am

This website has a workshop on macos Dylib injection , its awasome you should defenitly check it…

Ph03n1x_Crus4d3r · March 9, 2021, 3:30pm

Wow this is a good resource, thanks for posting