New subscription options! Learn more
What do a macOS security researcher and an octopus have in common? They both need skills and intelligence to adapt to any situation, and make use of tools found natively in the environment to hunt their prey.
macOS Control Bypasses (EXP-312) is Offensive-Security’s first macOS security course. It’s an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses.
EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.
Students who complete the course and pass the exam earn the Offensive Security macOS Researcher (OSMR) certification.
Learn One
$1999 *
- One course
- 365 days of lab access
- Two exam attempts
- Plus exclusive content
Learn Unlimited
$5499
- All online courses*
- 365 days of lab access
- Unlimited exam attempts
- Plus exclusive content
Benefits
- Obtain a strong understanding of macOS Internals
- Learn how to bypass security controls implemented by macOS
- Exploit logic vulnerabilities to perform privilege escalation on macOS systems
About the exam
- The EXP-312 course and online lab prepares you for
the OSMR certification - 48-hour exam
- Proctored
- Learn more about the exam
Who is the course for?
- Anyone who is interested in learning about macOS exploitation
- Pentesters looking to broaden their skill set to include macOS expertise
- Anyone committed to the defense or security of macOS systems
- Job roles like Penetration testers, Exploit developers, Security researcher, macOS defenders, and macOS application developers
Course prerequisites
All students are required to have:
- C programming knowledge
- Normal user experience with macOS
- Basic familiarity with 64-bit assembly and debugging
- Understanding of basic exploitation concepts
Course Syllabus
View the full syllabus. Topics covered include:
- Introduction to macOS internals
- Debugging, Tracing Hopper
- Shellcoding in macOS
- Dylib Injection
- Mach and Mach injection
- Hooking
- XPC exploitation
- Sandbox escape
- Attacking privacy (TCC)
- Symlink attacks
- Kernel code execution
- macOS Pentesting
What competencies will you gain?
- Obtain a strong understanding of macOS internals
- Learn the basics of Mach messaging
- Learn how to bypass Transparency, Content and Control (TCC) protections
- Learn how to escape the Sandbox
- Perform symbolic link attacks
- Leverage process injection techniques
- Exploit XPC for privilege escalation
- Perform hooking based attacks
- Write Shellcode for macOS
- Bypass kernel code-signing protection
Supporting your Online Journey
- 7+ hours of video
- 450 pages of online content
- 4 lab machines
- Closed Captioning is available for this course
Note: a mac computer is not required.
Course Pricing
All prices in US dollars. Subscribe to Learn One or contact our training consultants if you're purchasing Learn Unlimited.
Subscription |
|
|---|---|
| Learn One: EXP-312 + 365 days lab access + PEN-100 + KLCP + 2 exam attempts + PG Practice |
$1999 * |
| Learn Unlimited: All courses + 365 days lab access + PEN-100 + KLCP + unlimited exam attempts + PG Practice |
$5499 |