Getting started in macOS security

Many people used to ask me where to start learning about macOS security or exploitation, what are the trainings or books out there that can help with this topic. Nowadays there are a few trainings, which can get you started. Other great resources for macOS security are blog posts and conference talks.

I thought I will try to collect some resources that can help people to get started in this field.


There are quite a few trainings as of 2021, this wasn’t the case in the past, but as the popularity of macOS is growing, so the training offerings.





Similarly to the trainings there are not really books about macOS exploitation. There are two, but they are rather dated. The rest are mostly programming guides, or covering macOS internals. All of them, expect Levin’s new series are dated, but it doesn’t mean there is no useful information in them.

When it comes to defense, there are two free ebooks about macOS malware, which are up-to-date! This is pretty good considering how everything else is so much old.

Here follows a list, that I think can be useful for security:



Malware & DFIR


Reverse engineering


I found the following people having awesome blog posts on macOS internals or security on a constant basis.

Conference Talks and Papers

@osxreverser maintains an awesome collection of paper and conference talks on his website: macOS · Papers, Slides and Thesis Archive

Although it’s covered in Pedro’s collection, I still want to highlight the Objective By The Sea conference, which is entirely dedicated to macOS security.


Apple’s own developer documents can be also very useful, especially the older ones. These are also dated, yet a very valuable resources. Apple Documentation Archive

Part of the XNU kernel is open sourced by Apple, which is also an invaluable resource. Apple Open Source

I hope these resources can get help people started and answer the question answered so frequently. It’s probably far from being complete, and sorry if I missed anyone. If you know of a good resource let me know, and I can update this list.