You’ll examine an application bundle and its contents to understand how it works and find an interesting encrypted text file. You’ll install all the tools you need (bonus: doesn’t cost a cent!) and learn where you can source samples of macOS malware from. In Part 1, you’ll learn how to set up a safe environment to test malware on macOS. In this series of posts, you’ll take a sample file and use native tools and techniques to understand what a file does and to build a list of IoCs (Indicators of Compromise) that can be used in detection.Īs there’s a lot of ground to cover, the tutorial is split over several parts. Resources for learning malware analysis and reverse engineering abound for the Windows platform and PE files, but by comparison there’s very little literature or tutorials for those who want to learn specifically about how to reverse macOS malware and macOS malware analysis techniques.