Threat Hunting macOS Book

Chapter 1

Chapter 2

Preorders Now Available

Over the past year, I’ve been hard at work writing Threat Hunting macOS—a book that shares the insights I wish I had when I first started threat hunting on a less commonly targeted platform.

My philosophy is that successful threat hunting requires a solid understanding of system internals and strong investigative skills. In this book, I aim to strike a balance between the two.

While much of the book is technical, the first two chapters are different. They walk through my personal journey and provide a history of Apple’s ecosystem—laying the foundation for why threat hunting on macOS is a different experience than on Windows. These chapters don’t rely heavily on diagrams and are more narrative in style. Because of that, I’m offering them as a free audiobook preview.

Thanks for listening—and for supporting self-published authors.

—Jaron

Foundational Content: Completed

Lab Content: In-Progress

Layout Finalization: Not Started

Final Review: Not Started

Release Estimate: October 2025 (Subject to Change)
Option 1: Authors Edition - Physical Book (U.S. Only)

After dedicating so much time to this project, I plan to treat myself to a high quality print. If you’d like to share in the excitement and reserve a copy, I’ll you’ll receive the same premium edition I’m putting on my own shelf. Once these initial copies run out, the print quality may be adjusted. By reserving early, you’ll get the following bonus items…

  • Signed by the author
  • High Quality (Hardcover, color) 
  • Early Access. Get the book before it’s available through distributors.
  • A cheaper version of the book may come out upon distribution. But a better version will not. This one is for the enthusiast. 
  • $75 + shipping & tax
Preorder The Author's Edition
Option 2: The E-Book on Apple Books

If you are outside the United States or if you’re out of physical library space, I will also be releasing the book on Apple Books. This e-book includes the embedded audiobook clips for chapter 1 and 2. These are the only chapters that will be narrated as the rest get too technical. Reserving this early doesn’t necessarily get you anything special here other than my gratitude. 

More e-book platforms likely to come in the future.

  • Embedded audio recordings for chapters 1 and 2
  • Apple Reflowable Layout (subject to change pending final look)
  • First two chapters available for free as a sample
  • $70
Preorder (or sample) on Apple Books

FAQ

  • Who is this book for?
    • This book is for is designed to help teach others how macOS works for the purposes of detection and analysis. Most chapters open with a formational section that discusses a specific topic, followed by a hands-on section that focuses on analysis related to that topic.
  • Are there any prerequisites?
    • The labs require an Apple computer
    • I find that those that have a general understanding of computer science, forensics, or security on any operating system tend to follow the content.
  • Will the whole book be in Audiobook format?
    • No. Only the first two chapters will have the audio format.
  • Will you have copies at Objective by the Sea Conference?
    • Unknown at this time, but if I do happen to be finished with the book, I don’t believe I will have “authors editions” there.
  • Your last book had a lot of Middle Earth references? Should I expect more of the same?
    • One does not simply stop using Middle Earth references.
  • Do you offer refunds?
    • Apologies, I do not. I’m too busy doing the writing and self-publishing to put together any type of refundable/return process. 

Book Contents

  • Foreword by Patrick Wardle
  • Technical Review by Brandon Dalton
    • 20+ “From the Frontlines” short stories about real life intrusions
    • 9+ Hands-on sections using SpriteTree.app

    Chapters

    1. Welcome to the Niche
    2. Down Memory Lane
    3. Process Trees
    4. Endpoint Security API
    5. Users
    6. Launchd
    7. Persistence
    8. Process Creation
    9. Apps and Executables
    10. OS Specific Technology
    11. PIDS
    12. Passwords
    13. XPC
    14. Conclusion

    Foreword by Patrick Wardle

    I first met Jaron Bradley years ago at my favorite pizza restaurant in Paia, Maui. At the time, he was living on the Big Island while I was on Maui, and we were already deeply — albeit separately — immersed in the world of macOS security. Over slices of pizza and infosec banter, Jaron handed me a copy of his first book, a gesture I’ve never forgotten. I still have that copy today, now well-read and dog-eared. That meetup marked the beginning of a friendship rooted in a shared fascination with Apple’s desktop operating system and the malware, along with the wily hackers, increasingly targeting it.

    Since then, we’ve reversed malware samples, uncovered zero-days, analyzed Apple’s evolving security mechanisms, and explored the many ways attackers continue to bypass them.

    Jaron has become a leading voice in macOS security. He regularly speaks at top security conferences and holds the notable distinction of presenting at every Objective by the Sea. His talks are consistently insightful, backed by impressively designed slides that reflect both technical depth and clarity. In parallel, he offers a macOS threat hunting training that routinely sells out. He doesn’t just teach, he equips others to think critically, ask the right questions, and dig deeper.

    In addition to his research and writing, Jaron has created several tools that reflect his expertise and practical mindset. Among them is TrueTree, an indispensable utility for macOS threat hunting and incident response. These contributions have meaningfully advanced the field and continue to support analysts in real-world investigations.

    This book, like his first, is sure to become indispensable. As Macs continue to gain popularity, especially within enterprise environments, macOS malware is growing in parallel, becoming not only more prevalent but also significantly more sophisticated. In this context, the book is essential reading. It offers clear, deeply technical, and highly relevant guidance on a broad range of topics, from persistence and credential theft to inter-process communication and Apple’s Endpoint Security. Whether you are defending Apple fleets, analyzing malware, or simply seeking to understand macOS at a deeper level, this book will serve you well.

    I consider myself lucky to call Jaron not only a respected colleague, but an even closer friend. His work continues to inspire and to raise the bar for macOS security research and education. And yes, I may just try to drag him back to that same pizza restaurant — not for the pizza, but for an in-person delivery of this book too!

    Patrick Wardle

    Founder, Objective-See Foundation

    Author, The Art of Mac Malware series

    Further Questions?

    jaron@themittenmac.com