Mach-O
- [Jonathan Levin - DYLD DetaYLeD](http://www.newosxbook.com/articles/DYLD.html)
- [Jonathan Levin - Code Signing](http://www.newosxbook.com/articles/CodeSigning.pdf)
Sandbox
- Jonathan Levin - The Apple Sandbox ([Video](https://youtu.be/mG715HcDgO8) and [Slides](http://newosxbook.com/files/HITSB.pdf))
IPC
- Apple - Mach (Overview and API documentation (inside the XNU source in
osfkm/man/index.html)) - [nemo - Mach and MIG](https://www.exploit-db.com/papers/13176/) (examples are outdated and for PPC/Intel, but descriptions are still accurate)
- Ian Beer - Apple IPC ([Video](https://vimeo.com/127859750) and [Slides](https://thecyberwire.com/events/docs/IanBeer_JSS_Slides.pdf))
Kernel
- Apple - IOKit (Overview and Fundamentals)
- qwertyoruiopz - Attacking XNU (Part [One](http://blog.qwertyoruiop.com/?p=38) and [Two](http://blog.qwertyoruiop.com/?p=48))
- [Stefan Esser - Kernel Heap](http://gsec.hitb.org/materials/sg2016/D2%20-%20Stefan%20Esser%20-%20iOS%2010%20Kernel%20Heap%20Revisited.pdf) (I hope I don't get sued)
- geohot - evasi0n7
- Jonathan Levin - TaiG 8.0 - 8.1.2 (Part One and Two)
- Jonathan Levin - TaiG 8.1.3 - 8.4 (Part One and Two)
- Jonathan Levin - Who needs task_for_pid anyway?
- qwertyoruiopz - About the “tpwn” Local Privilege Escalation
- Ian Beer - task_t considered harmful
- Jonathan Levin - Pangu 9.2 - 9.3.3
- jndok - Exploiting Pegasus on OS X
- Siguza - Exploiting Pegasus on iOS
- Ian Beer - mach_portal
- qwertyoruiopz - iOS Reverse Engineering (Wiki and Papers)
- Ian Beer - All the bugs he has killed