// Comparison

The Art of Mac Malware, Volume 1 vs Practical Malware Analysis: Which Should You Read?

Two cybersecurity books on Malware, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52022

The Guide to Analyzing Malicious Software

Patrick Wardle

Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

Intermediate

5/52012

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Michael Sikorski, Andrew Honig

Still the gold standard textbook for static and dynamic malware analysis on Windows.

Read this if

Malware analysts who need to handle macOS samples and have so far worked Windows-only. The only serious book in print on Mac malware, by the most prominent practitioner in the field.

Aspiring threat researchers, blue-teamers who want to read samples instead of forwarding them to a vendor, anyone preparing for GREM.

Skip this if

Analysts who don't see macOS in their pipeline. The platform specifics (Mach-O, code signing, TCC, XPC, launch agents) are non-transferable to other operating systems.

Mac/Linux malware, mobile, or modern packed loaders that defeat IDA's autoanalysis. The book is x86 Windows in spirit.

Key takeaways

Mach-O analysis differs from PE analysis in non-trivial ways; the chapters on entitlements, code signing, and notarization are the practical foundation.
macOS persistence has its own taxonomy (LaunchAgents, LaunchDaemons, login items, period plists, dylib hijacks); learning it is half the analyst's job.
Apple's own tooling (Console.app, sample, fs_usage, Endpoint Security framework) is the right starting toolkit for triage; Wardle's framing is the cleanest in print.

Static and dynamic analysis are two halves of one workflow, not alternatives.
The labs are the book, the chapters are scaffolding to make the labs solvable.
Anti-analysis techniques deserve more time than newcomers usually give them.

How they compare

We rate Practical Malware Analysis higher (5/5 against 4/5 for The Art of Mac Malware, Volume 1). For most readers, that means Practical Malware Analysis is the primary pick and The Art of Mac Malware, Volume 1 is a useful follow-up.

The Art of Mac Malware, Volume 1 is pitched at advanced level. Practical Malware Analysis is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

The Art of Mac Malware, Volume 1 and Practical Malware Analysis both cover Malware, Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading

The Art of Mac Malware, Volume 1

→ Alternatives to The Art of Mac Malware, Volume 1 → What to read after The Art of Mac Malware, Volume 1