Back on Track: Diving Deep into macOS and iOS Security

macOS and iOS Security Learning Path

The last few months I couldn’t go as far with my studies due to health issues. Without going into too much detail, dealing with a serious health problem while trying to push through intensive cybersecurity courses is… well, let’s just say it’s not the optimal learning environment. But now everything is (almost) back to normal, and I’m diving deeper than ever!

Before this forced break, I was taking multiple certifications and feeling overwhelmed. You might have read my previous post about dealing with anxiety while pursuing OffSec 301, MalDev Academy, and reviewing SANS 660. That experience taught me something important: sometimes you need to step back and rethink your approach. This health-related pause, while frustrating, gave me time to think about what I really wanted to focus on.

What’s on my desk now?

Keeping my goal in mind to focus on macOS and iOS environments, I’m currently taking two courses in parallel:

  • OffSec’s “EXP-312: macOS Control Bypasses”
  • 8ksec’s “Practical Mobile Application Exploitation”

I might skip the Android modules from 8ksec to stay focused on Apple ecosystems - I haven’t decided yet. The thing is, there’s always this temptation to learn “everything,” but I’m trying to be more strategic now.

Small victory that makes a huge difference: macOS Control Bypasses is SO much easier than other OffSec courses because I have all VMs locally - no more fighting with their VERY annoying remote VM connections! If you’ve taken any OffSec course, you know what I’m talking about. Having everything running on my local MacBook Pro is perfect. I believe they uptaded the content recently because most, if not all, of it was ported to ARM architecture. Which makes perfect sense as Apple uses only Apple Silicon chips now.

Why both courses together?

This might sound crazy - taking two intensive courses simultaneously - but hear me out. They share many similarities, so I’m using similar content as review between them while saving time. I can truly say I’ve never been this excited about courses - the only one that came close was MalDev Academy. But even that was different because it was Windows-focused, and I was learning it more for the low-level concepts than actual Windows exploitation.

The Windows elephant in the room

Here’s the thing: I’ve been a macOS user for more than 20 years and never once missed Windows. I switched in 2002 when I got my first PowerBook, and it was like breathing fresh air. The only Windows exposure I’ve had since then? Virtual machines for hacking studies.

Without Windows as my daily OS, I lack even basic user experience - which made Windows exploitation courses boring and frustrating. Deep down, I knew it wasn’t what I really wanted to learn. I was forcing myself because “that’s what everyone does”. But you know what? There’s a growing demand for macOS and iOS security researchers, especially with Apple’s increasing market share in enterprise environments and the rise of iOS as a primary computing platform for many users.

The game-changer: AI-Assisted Learning

I used Claude AI to create a study plan for taking both courses in parallel, and this changed everything. Claude didn’t just organize my schedule - it became like a personal tutor who understood my background and goals, even helping design exercises beyond the course labs. Some resources recommended by Claude:

  • “*OS Internals Vol. I-III” by Jonathan Levin
  • “The Art of Mac Malware” by Patrick Wardle
  • “ARM Assembly internals & Reverse Engineering” by Maria “Azeria” Markstedter

Bridging MalDev Academy to macOS

This was the most valuable part. Claude helped me map Windows concepts to macOS:

  • Windows DLL injection → macOS dylib injection
  • Windows process hollowing → macOS process manipulation via task ports
  • Windows API hooking → macOS method swizzling and fishhooking
  • Windows kernel callbacks → macOS kernel extensions (pre-Big Sur) and system extensions
  • Windows AMSI → macOS XProtect and Gatekeeper

The Study Plan That Actually Works

Here’s a simplified version of what Claude and I came up with:

Week Structure:

  • Monday-Thursday: Follow the daily structure below
  • Friday: Review, practice, and coding (practicing C and Go)
  • Weekend: One day for overflow/catching up, one day completely off

Daily Structure:

  • Morning: OffSec EXP-312 modules (fresh mind for heavy theory)
  • Afternoon: 8ksec practical labs (hands-on exploitation)
  • Late afternoon/Early evening: Reading

The key difference from my previous plans? This is actually sustainable. It’s about 3-4 hours per day, not the insane 8-10 hours I used to plan for. There’s buffer time built in. There’s a full day off. It’s designed for a human being with a life, health issues, and other responsibilities.

Why this feels different

For the first time, I have a plan that’s actually feasible. Every time I tried making study plans before, I’d get overwhelmed - wanting to do too much in unrealistically optimistic timeframes. I’d plan like I was a robot who didn’t need food, rest, or bathroom breaks. Now? I feel good about what I need to do, and so far, I haven’t hit that familiar wall of anxiety. When I sit down to study, I know exactly what I’m supposed to do. When I finish for the day, I feel accomplished instead of guilty about not doing “enough.”

Lessons Learned

  • Focus on your strengths: Stop forcing yourself to learn things just because “everyone else is doing it”
  • Use AI as a learning assistant: Claude helped me see connections I would have missed
  • Sustainable > Intensive: Better to study consistently than burn out after 2 weeks
  • Local resources matter: If you’re doing OffSec courses, having local VMs is worth the setup time

Final Thoughts

My ultimate goal? Become an expert security researcher for macOS and iOS. There’s a gap in the market here - lots of Windows experts, increasing Apple market share, but relatively few specialists who really understand these platforms deeply.

If you’re struggling with your cybersecurity learning path, maybe the problem isn’t you - maybe it’s the path. I spent months feeling guilty about not being excited about Windows exploitation, thinking something was wrong with me. Turns out, I just needed to align my learning with my interests and experience.

Your background is an asset, not a limitation. My 20 years of macOS usage isn’t “wasted time” - it’s the foundation that will make me a better macOS security researcher than someone starting from scratch.

I feel good, the content is exciting, so let’s hack!

What’s your experience with focusing on non-Windows platforms in cybersecurity? Are you also finding your own path outside the “traditional” route? Let me know.