What do you think?
Rate this book
The Art of Mac Malware, Volume 1: The Guide to Analyzing Malicious Software
A comprehensive guide to the threats facing Apple computers and the foundational knowledge needed to become a proficient Mac malware analyst.Defenders must fully understand how malicious software works if they hope to stay ahead of the increasingly sophisticated threats facing Apple products today. The Art of Mac The Guide to Analyzing Malicious Software is a comprehensive handbook to cracking open these malicious programs and seeing what’s inside. Discover the secrets of nation state backdoors, destructive ransomware, and subversive cryptocurrency miners as you uncover their infection methods, persistence strategies, and insidious capabilities. Then work with and extend foundational reverse-engineering tools to extract and decrypt embedded strings, unpack protected Mach-O malware, and even reconstruct binary code. Next, using a debugger, you’ll execute the malware, instruction by instruction, to discover exactly how it operates. In the book’s final section, you’ll put these lessons into practice by analyzing a complex Mac malware specimen on your own.You’ll learn • Recognize common infections vectors, persistence mechanisms, and payloads leveraged by Mac malware • Triage unknown samples in order to quickly classify them as benign or malicious • Work with static analysis tools, including disassemblers, in order to study malicious scripts and compiled binaries • Leverage dynamical analysis tools, such as monitoring tools and debuggers, to gain further insight into sophisticated threats • Quickly identify and bypass anti-analysis techniques aimed at thwarting your analysis attemptsA former NSA hacker and current leader in the field of macOS threat analysis, Patrick Wardle uses real-world examples pulled from his original research. The Art of Mac The Guide to Analyzing Malicious Software is the definitive resource to battling these ever more prevalent and insidious Apple-focused threats.
303 pages, Kindle Edition
Published June 28, 2022
22 people are currently reading
85 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
April 1, 2023
The author of this book, Patrick Wardle, is one of the leading macOS malware researchers, and he runs the probably most important website in this field, Objective-See. So I had high hopes for this book, but I got somewhat disappointed in the end.
The book is a long tutorial on macOS reverse engineering and malware analysis. It begins with a brief overview of infection vectors on macOS, then coverse the main techniques for analyzing malware and the corresponding tools, and ends with a walk-through of the analysis of a sophisticated piece of macOS malware, EvilQuest.
Given the tutorial style of the book, it shows certain concepts by example and rarely bothers to explain anything beyond that. In-depth information is outsourced to an extensive list of external online references per chapter. These references are valueable, but personally, I prefer my books self-contained and not just a springboard to other sources. (Sadly, this has become a trend in tech-writing that I cannot quite explain, perhaps reading habits have changed so much that only boomers like me yearn for the thick tomes of yesteryear.) As just one example for the missed opportunities for greatness in this book, there is a brief section on how Hopper Python scripts can be used to deobfuscate encrypted strings in a binary. But there is just one script given as is, there is no introduction to Hopper's Python interface that would help the reader go beyond what is written in the book.
To be fair, what actually is written in the book is explained clearly and the book is well-structured. As far as I understand it, every relevant aspect of malware analysis is addressed.
For a second edition, I would hope that the author elaborates more on the usage of the tools, and more theoretical explanations of what is going on under the hood.
The book is a long tutorial on macOS reverse engineering and malware analysis. It begins with a brief overview of infection vectors on macOS, then coverse the main techniques for analyzing malware and the corresponding tools, and ends with a walk-through of the analysis of a sophisticated piece of macOS malware, EvilQuest.
Given the tutorial style of the book, it shows certain concepts by example and rarely bothers to explain anything beyond that. In-depth information is outsourced to an extensive list of external online references per chapter. These references are valueable, but personally, I prefer my books self-contained and not just a springboard to other sources. (Sadly, this has become a trend in tech-writing that I cannot quite explain, perhaps reading habits have changed so much that only boomers like me yearn for the thick tomes of yesteryear.) As just one example for the missed opportunities for greatness in this book, there is a brief section on how Hopper Python scripts can be used to deobfuscate encrypted strings in a binary. But there is just one script given as is, there is no introduction to Hopper's Python interface that would help the reader go beyond what is written in the book.
To be fair, what actually is written in the book is explained clearly and the book is well-structured. As far as I understand it, every relevant aspect of malware analysis is addressed.
For a second edition, I would hope that the author elaborates more on the usage of the tools, and more theoretical explanations of what is going on under the hood.
August 12, 2022
The author is a respected contributor in the field and provides an abridged introduction of malware analysis for the macOS operating system. The book touches both static and dynamic approaches and also covers advanced topics like scripting and automation. This work may end up as a pivotal source for researchers of macOS threats.
December 20, 2022
Really detailed and useful with step by step examples. Just note that in any of the disassembly sections, all examples are done on an Intel based hardware system. If you have any of the newer Macs that are on ARM (M1 or newer) your assembly will be different.
June 21, 2023
Great intro book for malware analysts who want to venture into the macOS space. Lots of examples with plenty of resources for references in each chapter. I highly recommend reading the "companion" articles on the OBTS blog as you go through the book.
Displaying 1 - 4 of 4 reviews