Recently I presented some research at ShmooCon and OPCDE about auditing on macOS:
Sure, auditing might not seem like the sexiest of topics - but it is extremely useful for malware analysis, forensics/IR, and for creating security tools. Also if you're a hacker - you'll want to know about auditing to avoid detection ;)
Also covered in my talk are a handful of kernel bugs I discovered during a previous audit of the audit subsystem (yes, quite meta): a subtle off-by-one read error, a blotched patch that turned the off-by-one into a kernel info leak, and finally an exploitable heap overflow.
If you're interested in the slides from my talk, you can find them here ( https://objective-see.com/talks/Wardle_ShmooCon2018.pdf ) or watch a recording of the ShmooCon talk on YouTube.