macOS architecture TL;DR: XNU = Mach + BSD; userland atop launchd; the layered access-control story (TCC, SIP, sandbox, gatekeeper). Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO