In-person training is now sold out!
However, we've just added an option to attend the training virtually.
If you're interested in joining us virtually, please shoot us an email at
πŸ‘ΎπŸ”¬ "The Art of Mac Malware Analysis"

The tools & techniques to comprehensively understand threats targeting macOS.

Topics include:
  • Common infection vectors, persistence, and capabilities of macOS malware.

  • Introduction to tools and techniques used to classify and analyze (malicious) binaries.

  • Hands-on (static and dynamic) analysis of macOS malware uncovering its; infection vectors, persistence, and payloads.

  • Exploring Objective-See's open-source tools & libraries, to create custom analysis (and detection) capabilities.

Price: $1,999 USD (+tax).

Date: Sept 28th - 29th

Location: Westin Resort & Spa, Maui (the conference venue) the Haleakala Ballroom.

Training Details:

As macOS grows in popularity, so does the prevalence of malware targeting this platform. Recent specimens include OSX.EvilQuest, OSX.ElectroRAT, and many more ...including ones designed to run natively on Apple Silicon.

Ever wanted to learn exactly how to tear apart these malicious creations in order to reveal their inner workings? Here's your chance!

In this content-packed two-day course, Mac security expert Patrick Wardle will teach the tools and techniques needed to comprehensively analyze and understand malware targeting Apple's desktop OS.

...and yes, during the training you'll be able try out the analysis concepts, directly upon captured macOS malware! πŸ€—

Suggested Prerequisites

In order to get the most out of this training, attendees should have a basic understanding of the following:
  • Malware concepts
  • Reversing topics and tools
  • Programming topics (ideally some coding experience)
Training Outline:
  • Part 0: Introduction
    Covers basic macOS malware and security concepts (such as common infection vectors & persistence).

  • Part 1: Static Malware Analysis
    Starts by explaining how statically triage a sample, for example via extracting embedded strings, code-signing information (and entitlements), and more. Binary disassembly (both Intel and Arm) will also be covered and explored, to illustrate how details of malware's inner workings may be uncovered.

  • Part 2: Dynamic Malware Analysis
    Covers dynamic analysis tools (such Objective-See FileMonitor and ProcessMonitor) to passively observe malware's action. Various debugging concepts will also be taught, in order to analyze more complex malware samples.

  • Part 3: Writing Security Tools
    Leveraging Objective-See's open-source libraries (built atop Apple new Endpoint Security Framework), build your own malware detection and analysis tools.

Required Setup:
  • MacBook
  • VMWare Fusion (with Catalina or Big Sur VM)
  • Xcode (with cmdline/developer tools)
  • Disassembler (IDA, Hopper, Ghidra, etc.)

Training Instructor:

Patrick Wardle is the founder of the "Objective by the Sea" macOS security conference and Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.