A comprehensive guide to the threats facing Apple computers and the foundational knowledge needed to become a proficient Mac malware analyst.

Defenders must fully understand how malicious software works if they hope to stay ahead of the increasingly sophisticated threats facing Apple products today. The Art of Mac Malware: The Guide to Analyzing Malicious Software is a comprehensive handbook to cracking open these malicious programs and seeing what’s inside.

Discover the secrets of nation state backdoors, destructive ransomware, and subversive cryptocurrency miners as you uncover their infection methods, persistence strategies, and insidious capabilities. Then work with and extend foundational reverse-engineering tools to extract and decrypt embedded strings, unpack protected Mach-O malware, and even reconstruct binary code. Next, using a debugger, you’ll execute the malware, instruction by instruction, to discover exactly how it operates. In the book’s final section, you’ll put these lessons into practice by analyzing a complex Mac malware specimen on your own.

You’ll learn to:

• Recognize common infections vectors, persistence mechanisms, and payloads leveraged by Mac malware
• Triage unknown samples in order to quickly classify them as benign or malicious
• Work with static analysis tools, including disassemblers, in order to study malicious scripts and compiled binaries
• Leverage dynamical analysis tools, such as monitoring tools and debuggers, to gain further insight into sophisticated threats
• Quickly identify and bypass anti-analysis techniques aimed at thwarting your analysis attempts
• 
  

A former NSA hacker and current leader in the field of macOS threat analysis, Patrick Wardle uses real-world examples pulled from his original research. The Art of Mac Malware: The Guide to Analyzing Malicious Software is the definitive resource to battling these ever more prevalent and insidious Apple-focused threats.

Table of Contents

PART I: MAC MALWARE BASICS

Chapter 1: Infection Vectors

Chapter 2: Persistence

Chapter 3: Capabilities

PART II: MAC MALWARE ANALYSIS

Chapter 4: Nonbinary Analysis

Chapter 5: Binary Triage

Chapter 6: Disassembly and Decompilation

Chapter 7: Dynamic Analysis Tools

Chapter 8: Debugging

Chapter 9: Anti-Analysis

PART III: ANALYZING EVILQUEST

Chapter 10: EvilQuest’s Infection, Triage, and Deobfuscation

Chapter 11: EvilQuest’s Persistence and Core Functionality Analysis

About the Author

Patrick Wardle is the founder of Objective-See, a nonpro"t that creates open source macOS security tools and trainings, and organizes the Objective by the Sea conference. Having worked at NASA and the NSA and presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to Mac security and spends his time "nding Apple zero-days, analyzing Mac malware, and writing free open source security tools to protect Mac users around the world.