Summary: A list of macOS security related resources. Not all resources are 100% security focused but they provide value in relationship to security principles by either explaining how macOS internals works or provide a way to check and verify settings.
- objective-see
- The Mitten Mac
- The Mac Security Blog
- Jamf Security Blog
- SentinelOne macOS Security Blog
- The Electric Light Company
- mac4n6
- Wojciech Reguła
- Beyond the good ol' LaunchAgents
- MacAdmin.news
- macsecurity.net/news
- The Hacker News macOS Feed
- Crash Security
- Stuart Ashenbrenner
- Apple Platform Security
- Apple security releases
- Mitre MacOS Matrix
- Apple macOS CIS Benchmarks
- Built-in macOS Security Tools
- Mac Logging and the log Command: A Guide for Apple Admins
- ESFang - Exploring the macOS Endpoint Security Framework (ESF) for Threat Detection
- MacOS Endpoint Security Framework (ESF)
- Endpoint Security In a macOS World
- Apple Docs: Endpoint Security Framework
- macOS Incident Response | Part 1: Collecting Device, File & System Data
- macOS Incident Response | Part 2: User Data, Activity, and Behavior
- macOS Incident Response | Part 3: System Manipulation
- Malware Hunting on macOS | A Practical Guide
- NIST SP 800-219 Automated Secure Configuration
- The Complete Guide to Understanding Apple Mac Security for Enterprise
- macOS vs Windows security: a detailed analysis
- IT Teams are also Security Teams
- Best Practices for MacOS Logging & Monitoring
- Cyber Security Checklist for Macs
- Enabling Touch ID for sudo in macOS Sonoma
- macOS Sequoia Makes It Harder to Override Gatekeeper Security
- How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
- Bypassing the gate: A closer look into Gatekeeper flaws on macOS
- Hackers use macOS extended file attributes to hide malicious code
- MacOS Malware Surges as Corporate Usage Grows
- Objective-See Tools
- The Mitten Mac Tools
- The macOS Security Compliance Project
- Red Canary Mac Monitor
- The Electric Light Company Tools
- Jamf Aftermath
- Suspicious Package
- Apparency
- CrowdStrike: Automated Mac Forensic Triage Collector
- Stronghold
- LowProfile
- gnes
- BinaryNinja
- ghidra
- Workbrew
- Objective by the Sea YouTube Channel
- A Closer Look at MacOS Built-In Security Tools | JNUC 2022
- MacOS Application Security Intelligence and Vulnerability Detection | JNUC 2022
- Using the NIST macOS Security Toolchain to Implement Security Benchmarks | JNUC 2022
- MacAdUK 2022 Robin Lauren - Security for Humans
- MacAdUK 2022 David Acland - Implementing a security policy for your Macs
- MDOYVR21 - Csaba Fitzl - Mitigating exploits using Apple's Endpoint Security
- MDOYVR20 - Thomas Reed - Mac security features… and how malware evades them!
- How to Exfiltrate Data from a Mac
- Unearth the Secrets of Secure Token, Bootstrap Token, and Volume Ownership
- Security for Mac Admins (macAdmins at PSU 2023)
- Overview on how to use SpriteTree (starts about the 8:35 marker)
- Workbrew: A Deep Dive into the Enterprise Software Delivery Platform (macAdmins at PSU 2024)
- Cybersecurity is more than having the right tools (macAdmins at PSU 2024)
Malware Samples:
Community:
- macadmins Slack (#security channel)
Podcasts: Not specific macOS security podcasst but great for overall macOS news or security news and trends