macOS Security Research: A Complete Framework

A complete six-phase methodology for macOS vulnerability research, distilled
from 35 years of practice. The book covers the full pipeline from target
selection (Scope) through coordinated disclosure with vendors (Submission)
and post-disclosure documentation (Archive).

Eleven chapters:
  1. Why PING Matters
  2. ICMP Crafting (2001): A SANS Foundation
  3. The Six-Phase Framework (Scope, Recon, Research Tracks, Red-Team,
     Submission, Archive)
  4. Evidence Capture & Proof of Concept
  5. Writing for Vendors
  6. The Red-Team Conversation
  7. Responsible Disclosure
  8. The macOS Security Landscape (the BSD-to-XNU CVE cross-reference
     technique)
  9. Building Your Defence
  10. Standards & Frameworks Referenced
  11. Twenty-Five Years Forward (epilogue)

Released as a free gift to the security research community under
CC BY-SA 4.0. Available in HTML, EPUB and PDF formats.

The author is neurodivergent (autism, ADHD). AI tools (Claude, Gemini, Grok)
were used as assistive technology under the principles of the Equality Act
2010 (Sections 6, 15, 20-21). The methodology, findings and writing are
the author's own work.

Mirror: https://github.com/jetnoir/macos-security-research-book
Canonical home: https://stuart-thomas.com/book/macos-security-research/