EXP-312 Course with OSMR Certificate

OffSec’s Advanced macOS Control Bypasses (EXP-312) course provides a comprehensive understanding of macOS security and its inner workings. You’ll gain hands-on experience identifying and exploiting logic-based vulnerabilities within the operating system, learning to bypass security mechanisms and escalate privileges to ultimately gain root access on macOS systems.
EXP-312 OSMR

Topics covered in the EXP-312 course

Introduction to macOS Internals

This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.

Debugging, Tracing & Hopper

Learn to utilize debugging and tracing tools like Hopper to analyze macOS applications and uncover security flaws.

Shellcoding in macOS

Master the art of writing shellcode for macOS, enabling you to execute custom code on compromised systems.

Dylib Injection

Explore techniques to inject dynamic libraries (dylibs) into macOS processes, allowing you to modify or extend their behavior.

Mach and Mach Injection

Understand the Mach microkernel, the core of macOS, and learn how to inject code into Mach tasks to bypass security restrictions.

Hooking

Learn how to intercept and modify function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes.

XPC Exploitation

Understand XPC, an interprocess communication mechanism in macOS, and learn how to exploit XPC vulnerabilities to escalate privileges and gain unauthorized access.

Sandbox Escape

Explore techniques to break out of macOS sandboxes, which are designed to restrict the actions of untrusted applications.

Attacking Privacy (TCC)

Learn how to bypass Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions.

Symlink Attacks

Discover how to exploit symbolic links (symlinks) in macOS to gain unauthorized access to files and directories or escalate privileges.
See full course syllabus

Who is this course for?

The EXP-312 course is ideal for experienced penetration testers and security professionals with a strong foundation in macOS security who are seeking to master advanced exploitation techniques and achieve a recognized macOS security certification – the OSMR certification.

Benefits of the EXP-312 Course

Advanced Techniques

Learn about macOS internals, kernel programming, system programming, and exploit development techniques specific to the macOS platform.

Hands-on Experience

Practice bypassing security features on Mac computers and escalating privileges to achieve root access in a practical lab environment.

Analyze and Exploit

Learn to identify and exploit logic-based vulnerabilities in macOS applications, including those related to XPC, sandboxing, and TCC (Transparency, Consent, and Control).

Expand your Knowledge

Develop a deep understanding of macOS security features and learn how to bypass them to effectively assess and improve the security of macOS systems.

Certificate

The course ends with an exam, the successful completion of which results in awarding the OffSec macOS Researcher (OSMR) certificate.

Exam

- EXP-312 course and online labs will prepare you for OSMR certification
- The exam lasts 47 hours 45 minutes
- The exam is supervised
Find out more about the exam

Prerequisites

While there are no formal prerequisites; however, a solid understanding of macOS internals, programming concepts (C and Objective-C), and debugging tools (such as LLDB) is highly recommended.

How to join the course?

course + cert exam

Course + Cert Exam
$1 749

90 days of access to labs
One attempt at the exam
Self-study
Buy now
learn one

Learn One
$2 749

1 course of your choice
365 days of lab access
2 exam attempts
Additional Content
Explore more
learn unlimited

Learn Unlimited
$6 099

Access to unlimited courses
365 days of lab access
Unlimited exam attempts
Additional Content
Explore more
learn enterprise

Learn Enterprise

Get Quotation
Access to unlimited courses
365 days of lab access
Flexible exam attempts
Additional Content
Explore more

Pricing

All prices are given in USD (US dollars) net. We also allow payment in PLN (zloty) - in this case the final amount to be paid will be converted at the current NBP exchange rate on the day of the decision to purchase the product. 23% VAT should be added to the prices.

If the training and course are financed from public funds (applies to public sector entities), please contact us to agree on the price.

Note: A separate subscription is required for each course participant. Sharing a subscription between different individuals/companies is a violation of the Offensive Security course policy and may result in immediate termination of the course agreement.

Course + Cert Exam

1 749$
EXP-312 course + 90 days of lab access + 1 attempt at the OSMR exam.

Learn One

2 749$
EXP-312 Course (2 exam attempts) + Level 100 Courses + 365 days of lab access + PEN-103 Kali Linux Certified Professional (KLCP) Course (1 exam attempt) + PEN-210 Course (1 exam attempt) + Providing Grounds Practice Labs.

Learn Unlimited

6 099$
All courses (unlimited exam attempts) + 365 days of access to labs + Providing Grounds Practice Labs.

Exam

249$
Re-attempt of the OSMR exam.

Access

359$
Extension of access to the laboratory by another 30 days.

Order course or subscription

Are you interested in purchasing a course or subscription?

Do you have any questions?

Write to us through the contact form.

Do you want to maintain confidentiality? 

Download our PGP/GPG key under the icon below and send an encrypted message to [email protected].
OffSec Training
Consent to data processing
Consent to commercial information
Cybersecurity and data protection.
Penetration, social engineering and performance tests. Security audits and trainings. 
Authorized OffSec partner in Poland.
© 2024 efigo.pl

Stay safe with us.
+48 570 450 695
+48 512 669 907
Efigo Sp. z o.o.
ul. Mikołaja Kopernika 8/6
40-064 Katowice
POLAND

VAT No: PL9542760427

New OffSec's course!
SJD-100: Secure Java Development Essentials
Explore more
en_GBEN
pl_PLPL en_GBEN