macOS Security

macOS (built on a Unix foundation) offers a good balance of user-friendliness and security, but is not immune to attack.

Key macOS Security Features

1. Gatekeeper: Checks applications downloaded from the internet to ensure they have been signed by a recognized developer before allowing them to run.
2. XProtect: Built-in signature-based malware scanner that automatically checks for malicious code in applications.
3. FileVault: Full-disk encryption, similar to BitLocker, using XTS-AES 128 encryption.
4. System Integrity Protection (SIP): Restricts the root user's ability to modify system files and directories, preventing malware from deeply embedding itself (highly important).
5. Sandbox: Applications are isolated from the rest of the system, meaning if one app is compromised, the attacker cannot easily access other resources.

Note for Pen Testers: Because macOS is Unix-based, many Linux commands and tools (like netstat, grep, and curl) are available natively in the macOS Terminal.