EXP-312: Advanced macOS Control Bypasses
Advanced macOS Control Bypasses (EXP-312) is our first macOS security course. It’s an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses. EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems. Learners who complete the course and pass the exam earn the OffSec macOS Researcher (OSMR) certification.
- Obtain a strong understanding of macOS Internals
- Learn how to bypass security controls implemented by macOS
- Exploit logic vulnerabilities to perform privilege escalation on macOS systems
- The EXP-312 course and online lab prepares you for
- the OSMR certification
- 48-hour exam
- Learn more about the exam
- Anyone who is interested in learning about macOS exploitation
- Pentesters looking to broaden their skill set to include macOS expertise
- Anyone committed to the defense or security of macOS systems
- Job roles like Penetration testers, Exploit developers, Security researcher, macOS defenders, and macOS application developers
All learners are required to have:
- C programming knowledge
- Normal user experience with macOS
- Basic familiarity with 64-bit assembly and debugging
- Understanding of basic exploitation concepts
How to Enroll
Course & Cert
Fast-track your learning journey and earn a certificate in just 90 days. Includes one exam attempt.
One year of lab access to one OffSec course plus two exam attempts.
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. Only available in the US, except IL. Learn more.
Once started, 90 day lab access cannot be paused
This course covers the following topics, View the full syllabus.
- Introduction to macOS internals
- Debugging, Tracing Hopper
- Shellcoding in macOS
- Dylib Injection
- Mach and Mach injection
- XPC exploitation
- Sandbox escape
- Attacking privacy (TCC)
- Symlink attacks
- Kernel code execution
- macOS Pentesting
- Obtain a strong understanding of macOS internals
- Learn the basics of Mach messaging
- Learn how to bypass Transparency, Content and Control (TCC) protections
- Learn how to escape the Sandbox
- Perform symbolic link attacks
- Leverage process injection techniques
- Exploit XPC for privilege escalation
- Perform hooking based attacks
- Write Shellcode for macOS
- Bypass kernel code-signing protection
- 7+ hours of video
- 450 pages of online content
- 4 lab machines
- Closed Captioning is available for this course
- A mac computer is not required.
If a learner needs more lab access time or needs to retake an exam, Exam Retakes & Lab Extensions can be purchased additionally through the OffSec Training Library.
- OSMR Certification Exam Retake Fee: $249
- EXP-312 lab access extension of 30 days: $359