EXP-312: Advanced macOS Control Bypasses

Advanced macOS Control Bypasses Syllabus

• Introduction to macOS Internals

  This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.

• Debugging, Tracing & Hopper

  Learn to utilize debugging and tracing tools like Hopper to analyze macOS applications and uncover security flaws.

• Shellcoding in macOS

  Master the art of writing shellcode for macOS, enabling you to execute custom code on compromised systems.

• Dylib Injection

  Explore techniques to inject dynamic libraries (dylibs) into macOS processes, allowing you to modify or extend their behavior.

• Mach and Mach Injection

  Understand the Mach microkernel, the core of macOS, and learn how to inject code into Mach tasks to bypass security restrictions.

• Hooking

  Learn how to intercept and modify function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes.

• XPC Exploitation

  Understand XPC, an interprocess communication mechanism in macOS, and learn how to exploit XPC vulnerabilities to escalate privileges and gain unauthorized access.

• Sandbox Escape

  Explore techniques to break out of macOS sandboxes, which are designed to restrict the actions of untrusted applications.

• Attacking Privacy (TCC)

  Learn how to bypass Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions.

• Symlink Attacks

  Discover how to exploit symbolic links (symlinks) in macOS to gain unauthorized access to files and directories or escalate privileges.