Cyber Shelf

// Comparison

Practical Binary Analysis vs The Mac Hacker's Handbook: Which Should You Read?

Two cybersecurity books on Reverse Engineering, compared honestly: who each is for, what each does best, and which to read first.

Advanced
5/52018
Practical Binary Analysis

Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

Dennis Andriesse

Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.

Advanced
3/52009
The Mac Hacker's Handbook

Charlie Miller, Dino Dai Zovi

Charlie Miller and Dino Dai Zovi's 2009 deep dive into the Mac OS X exploit landscape — Mach-O, IPC, sandboxing as it then existed, and the early-Intel-Mac exploitation chains.

Read this if

Reverse engineers ready to stop being IDA clickers and start being programmers who happen to RE. Andriesse covers DBI (Pin), taint analysis (Triton), and symbolic execution (angr) at exactly the level a practitioner needs to weaponize them.
Reverse engineers and exploit developers who want the historical foundation of Mac exploitation, especially as a stepping stone to The Art of Mac Malware (Wardle). Most useful for the conceptual scaffolding around Mach, Objective-C runtimes, and IPC, which are still load-bearing on modern macOS.

Skip this if

RE beginners who haven't yet finished Practical Reverse Engineering, or readers without C and Python comfort. The book assumes you can already disassemble; the value is in the automation layer.
Anyone needing current Apple-silicon, Hardened Runtime, System Integrity Protection, Endpoint Security, or modern sandbox-escape tradecraft. The book is pre-iPhone-era macOS in spirit; 2009 was a different planet.

Key takeaways

  • Modern RE is automated RE; the book is the bridge between hand-driven analysis and the toolchain that scales to large binaries.
  • Symbolic execution is finally accessible to working RE engineers thanks to angr, and Andriesse's framing is what makes it click for most practitioners.
  • Custom DBI passes solve a category of problems that no GUI tool can; the book teaches you when to reach for them and how to write them.
  • The conceptual material (Mach, IPC, Mach-O, Objective-C dispatch) generalizes to modern macOS; the specific exploits do not.
  • Most of the value is historical archaeology — knowing why the macOS sandbox and SIP exist is far easier after this book.
  • Pair with current Wardle and Apple Platform Security material for any operational use; treat this as background reading.

How they compare

We rate Practical Binary Analysis higher (5/5 against 3/5 for The Mac Hacker's Handbook). For most readers, that means Practical Binary Analysis is the primary pick and The Mac Hacker's Handbook is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Practical Binary Analysis and The Mac Hacker's Handbook both cover Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading

Practical Binary Analysis

Alternatives to Practical Binary AnalysisWhat to read after Practical Binary Analysis

The Mac Hacker's Handbook

Alternatives to The Mac Hacker's HandbookWhat to read after The Mac Hacker's Handbook

Related topics

Reverse Engineering