OffSec’s Advanced macOS Control Bypasses (EXP-312) course provides a comprehensive understanding of macOS security and its inner workings. You’ll gain hands-on experience identifying and exploiting logic-based vulnerabilities within the operating system, learning to bypass security mechanisms and escalate privileges to ultimately gain root access on macOS systems.
Topics covered in the EXP-312 course
Introduction to macOS Internals
This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.
Debugging, Tracing & Hopper
Learn to utilize debugging and tracing tools like Hopper to analyze macOS applications and uncover security flaws.
Shellcoding in macOS
Master the art of writing shellcode for macOS, enabling you to execute custom code on compromised systems.
Dylib Injection
Explore techniques to inject dynamic libraries (dylibs) into macOS processes, allowing you to modify or extend their behavior.
Mach and Mach Injection
Understand the Mach microkernel, the core of macOS, and learn how to inject code into Mach tasks to bypass security restrictions.
Hooking
Learn how to intercept and modify function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes.
XPC Exploitation
Understand XPC, an interprocess communication mechanism in macOS, and learn how to exploit XPC vulnerabilities to escalate privileges and gain unauthorized access.
Sandbox Escape
Explore techniques to break out of macOS sandboxes, which are designed to restrict the actions of untrusted applications.
Attacking Privacy (TCC)
Learn how to bypass Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions.
Symlink Attacks
Discover how to exploit symbolic links (symlinks) in macOS to gain unauthorized access to files and directories or escalate privileges.
The EXP-312 course is ideal for experienced penetration testers and security professionals with a strong foundation in macOS security who are seeking to master advanced exploitation techniques and achieve a recognized macOS security certification – the OSMR certification.
Benefits of the EXP-312 Course
Advanced Techniques
Learn about macOS internals, kernel programming, system programming, and exploit development techniques specific to the macOS platform.
Hands-on Experience
Practice bypassing security features on Mac computers and escalating privileges to achieve root access in a practical lab environment.
Analyze and Exploit
Learn to identify and exploit logic-based vulnerabilities in macOS applications, including those related to XPC, sandboxing, and TCC (Transparency, Consent, and Control).
Expand your Knowledge
Develop a deep understanding of macOS security features and learn how to bypass them to effectively assess and improve the security of macOS systems.
Certificate
The course ends with an exam, the successful completion of which results in awarding the OffSec macOS Researcher (OSMR) certificate.
Exam
- EXP-312 course and online labs will prepare you for OSMR certification - The exam lasts 47 hours 45 minutes - The exam is supervised
While there are no formal prerequisites; however, a solid understanding of macOS internals, programming concepts (C and Objective-C), and debugging tools (such as LLDB) is highly recommended.
All prices are given in USD (US dollars) net. We also allow payment in PLN (zloty) - in this case the final amount to be paid will be converted at the current NBP exchange rate on the day of the decision to purchase the product. 23% VAT should be added to the prices.
If the training and course are financed from public funds (applies to public sector entities), please contact us to agree on the price.
Note: A separate subscription is required for each course participant. Sharing a subscription between different individuals/companies is a violation of the Offensive Security course policy and may result in immediate termination of the course agreement.
Course + Cert Exam
1 749$
EXP-312 course + 90 days of lab access + 1 attempt at the OSMR exam.
Learn One
2 749$
EXP-312 Course (2 exam attempts) + Level 100 Courses + 365 days of lab access + PEN-103 Kali Linux Certified Professional (KLCP) Course (1 exam attempt) + PEN-210 Course (1 exam attempt) + Providing Grounds Practice Labs.
Learn Unlimited
6 099$
All courses (unlimited exam attempts) + 365 days of access to labs + Providing Grounds Practice Labs.
Exam
249$
Re-attempt of the OSMR exam.
Access
359$
Extension of access to the laboratory by another 30 days.
Order course or subscription
Are you interested in purchasing a course or subscription?
Do you have any questions?
Write to us through the contact form.
Do you want to maintain confidentiality?
Download our PGP/GPG key under the icon below and send an encrypted message to [email protected].
Cybersecurity and data protection. Penetration, social engineering and performance tests. Security audits and trainings. Authorized OffSec partner in Poland.
EN 
PL