What do a macOS security researcher and an octopus have in common? They both need skills and intelligence to adapt to any situation, and make use of tools found natively in the environment to hunt their prey.
macOS Control Bypasses (EXP-312) is Offensive-Security’s first macOS security course. It’s an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses.
EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.
Students who complete the course and pass the exam earn the Offensive Security macOS Researcher (OSMR) certification.
View the full syllabus. Topics covered include:
- Introduction to macOS internals
- Debugging, Tracing Hopper
- Shellcoding in macOS
- Dylib Injection
- Mach and Mach injection
- XPC exploitation
- Sandbox escape
- Attacking privacy (TCC)
- Symlink attacks
- Kernel code execution
- macOS Pentesting
What competencies will you gain?
- Obtain a strong understanding of macOS internals
- Learn the basics of Mach messaging
- Learn how to bypass Transparency, Content and Control (TCC) protections
- Learn how to escape the Sandbox
- Perform symbolic link attacks
- Leverage process injection techniques
- Exploit XPC for privilege escalation
- Perform hooking based attacks
- Write Shellcode for macOS
- Bypass kernel code-signing protection
Supporting your Online Journey
- 7+ hours of video (coming soon)
- 450 pages of online content
- 4 lab machines
- Closed Captioning is available for this course
Note: a mac computer is not required.
EXP-312 + 365 days lab access + PEN-100 + KLCP + 2 exam attempts + PG Practice
All courses + 365 days lab access + PEN-100 + KLCP + unlimited exam attempts + PG Practice