// Comparison

The Art of Mac Malware, Volume 1 vs Practical Reverse Engineering: Which Should You Read?

Two cybersecurity books on Malware, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52022

The Guide to Analyzing Malicious Software

Patrick Wardle

Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

Advanced

4/52014

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Read this if

Malware analysts who need to handle macOS samples and have so far worked Windows-only. The only serious book in print on Mac malware, by the most prominent practitioner in the field.

Reverse engineers transitioning from "I can read disassembly" to "I can audit a Windows kernel driver." The architecture-first companion to Practical Malware Analysis.

Skip this if

Analysts who don't see macOS in their pipeline. The platform specifics (Mach-O, code signing, TCC, XPC, launch agents) are non-transferable to other operating systems.

Beginners with no assembly background, or readers focused exclusively on Linux/userland. The book is heavy on Windows internals and assumes you'll do the exercises in WinDbg.

Key takeaways

Mach-O analysis differs from PE analysis in non-trivial ways; the chapters on entitlements, code signing, and notarization are the practical foundation.
macOS persistence has its own taxonomy (LaunchAgents, LaunchDaemons, login items, period plists, dylib hijacks); learning it is half the analyst's job.
Apple's own tooling (Console.app, sample, fs_usage, Endpoint Security framework) is the right starting toolkit for triage; Wardle's framing is the cleanest in print.

x86, x64, ARM, kernel-mode debugging, and anti-RE techniques in a single coherent volume; nothing else competes for breadth.
The kernel debugging chapters are the practical introduction the official Windows Internals book never quite delivers for security audiences.
Anti-RE coverage (obfuscation, packing, anti-debug, virtualization-based protection) is the bridge to modern malware analysis that PMA consciously skips.

How they compare

The Art of Mac Malware, Volume 1 and Practical Reverse Engineering are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

The Art of Mac Malware, Volume 1 and Practical Reverse Engineering both cover Malware, Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading

The Art of Mac Malware, Volume 1

→ Alternatives to The Art of Mac Malware, Volume 1 → What to read after The Art of Mac Malware, Volume 1