The Art of Mac Malware, Volume 2 cover

The Art of Mac Malware, Volume 2

Detecting Malicious Software
by Patrick Wardle
January 2025, 376 pp
ISBN-13: 
9781718503786

Download Chapter 4: Network State and Statistics

Look Inside!

The Art of Mac Malware, Volume 2 back cover

The Art of Mac Malware, Volume 2 pages 76-77The Art of Mac Malware, Volume 2 pages 158-159The Art of Mac Malware, Volume 2 pages 254-255

As renowned Mac security expert Patrick Wardle notes in The Art of Mac Malware, Volume 2, the substantial and growing number of Mac users, both personal and enterprise, has created a compelling incentive for malware authors to ever more frequently target macOS systems. The only effective way to counter these constantly evolving and increasingly sophisticated threats is through learning and applying robust heuristic-based detection techniques. 

To that end, Wardle draws upon decades of experience to guide you through the programmatic implementation of such detection techniques. By exploring how to leverage macOS’s security-centric frameworks (both public and private), diving into key elements of behavioral-based detection, and highlighting relevant examples of real-life malware, Wardle teaches and underscores the efficacy of these powerful approaches.

Across 14 in-depth chapters, you’ll learn how to:

  • Capture critical snapshots of system state to reveal the subtle signs of infection
  • Enumerate and analyze running processes to uncover evidence of malware
  • Parse the macOS’s distribution and binary file formats to detect malicious anomalies 
  • Utilize code signing as an effective tool to identify malware and reduce false positives
  • Write efficient code that harnesses the full potential of Apple’s public and private APIs
  • Leverage Apple’s Endpoint Security and Network Extension frameworks to build real-time monitoring tools

This comprehensive guide provides you with the knowledge to develop tools and techniques, and to neutralize threats before it’s too late.

Author Bio 

Patrick Wardle is the founder of Objective-See, a nonprofit dedicated to creating free, open source macOS security tools and organizing the “Objective by the Sea” Apple security conference. Wardle is also the co-founder and CEO of DoubleYou, a cybersecurity startup focused on empowering the builders of Apple-focused security tools. Having worked at both NASA and the National Security Agency and having presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.

Table of contents 

Foreword
Acknowledgments
Introduction

Part I: Data Collection
Chapter 1. Examining Processes
Chapter 2. Parsing Binaries
Chapter 3. Code Signing
Chapter 4. Network State and Statistics
Chapter 5. Persistence

Part II: System Monitoring
Chapter 6. Log Monitoring
Chapter 7. Network Monitoring
Chapter 8. Endpoint Security
Chapter 9: Muting and Authorization Events

Part III: Tool Development
Chapter 10: Persistence Enumerator
Chapter 11: Persistence Monitor
Chapter 12: Mic and Webcam Monitor
Chapter 13: DNS Monitor
Chapter 14. Case Studies
Index

View the Copyright page
View the detailed Table of Contents
View the Index