Threat Hunting macOS

Successful threat hunting requires more than just technical skill—it requires a deep understanding of system internals and a sharp investigative mindset. Threat Hunting macOS bridges that critical gap, offering security professionals a clear and practical guide to investigating threats on a platform that remains underexplored in many security teams. As macOS continues to grow in popularity due to its reliability and performance, it has also become an increasingly attractive target for attackers. Yet many cybersecurity professionals lack the foundational knowledge needed to effectively investigate incidents on Apple systems. This book changes that. Drawing on years of experience, author Jaron Bradley shares real-world insights and short stories from encounters with active macOS threats. He breaks down the techniques used by attackers and demonstrates how to identify, understand, and respond to them.

Chapters begin with a formal information section that introduces key concepts, system behaviors, and relevant technical background. This is followed by a hands-on learning section, where readers are guided through practical exercises and real-world scenarios to reinforce the material.

Whether you're a seasoned threat hunter or just stepping into the macOS landscape, this book will give you the tools and confidence to track adversaries in one of today’s most unique operating systems.

This book also includes the first two chapters in embedded audiobook form.

The chapters discussed in this book are as follows:

Foreword by Patrick Warldle (Includes embedded Audio)
1. Welcome to the Niche (Includes embedded Audio)
2. Down Memory Lane (Includes embedded Audio)
3. Process Trees
4. Endpoint Security API
5. Users
6. Launchd
7. Persistence
8. Process Creation
9. Apps and Executables
10. OS Specific Technology
11. PIDS
12. Passwords
13. XPC
14. Conclusion