New subscription options!     Learn more


macOS Control Bypasses - New course for 2021

Earn your OSMR


About EXP-312 | Buying Options | Course info | Details | Pricing

macOS Control Bypasses (EXP-312) - earn your OSMR Certification

macOS Control Bypasses

What do a macOS security researcher and an octopus have in common? They both need skills and intelligence to adapt to any situation, and make use of tools found natively in the environment to hunt their prey.

macOS Control Bypasses (EXP-312) is Offensive-Security’s first macOS security course. It’s an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses.

EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.

Students who complete the course and pass the exam earn the Offensive Security macOS Researcher (OSMR) certification.

How to buy EXP-312

EXP-312 is available only through a Learn subscription

Individual Course


  • 90 days of lab access
  • One exam attempt
  • Self-guided

Learn One


  • One course
  • 365 days of lab access
  • Two exam attempts
  • Plus exclusive content

Learn Unlimited


  • All online courses*
  • 365 days of lab access
  • Unlimited exam attempts
  • Plus exclusive content
* You could qualify for a discount with Aspire and Achieve
* AWE (EXP-401) is only taught in live classes.
* Financing for Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.
Payment as low as $65.76 a month. Only available to US students. Learn More.

Course Info


  • Obtain a strong understanding of macOS Internals
  • Learn how to bypass security controls implemented by macOS
  • Exploit logic vulnerabilities to perform privilege escalation on macOS systems

About the exam

Who is the course for?

  • Anyone who is interested in learning about macOS exploitation
  • Pentesters looking to broaden their skill set to include macOS expertise
  • Anyone committed to the defense or security of macOS systems
  • Job roles like Penetration testers, Exploit developers, Security researcher, macOS defenders, and macOS application developers

Course prerequisites

All students are required to have:

  • C programming knowledge
  • Normal user experience with macOS
  • Basic familiarity with 64-bit assembly and debugging
  • Understanding of basic exploitation concepts

Course Details

Course Syllabus

View the full syllabus. Topics covered include:

  • Introduction to macOS internals
  • Debugging, Tracing   Hopper
  • Shellcoding in macOS
  • Dylib Injection
  • Mach and Mach injection
  • Hooking
  • XPC exploitation
  • Sandbox escape
  • Attacking privacy (TCC)
  • Symlink attacks
  • Kernel code execution
  • macOS Pentesting
What competencies will you gain?
  • Obtain a strong understanding of macOS internals
  • Learn the basics of Mach messaging
  • Learn how to bypass Transparency, Content and Control (TCC) protections
  • Learn how to escape the Sandbox
  • Perform symbolic link attacks
  • Leverage process injection techniques
  • Exploit XPC for privilege escalation
  • Perform hooking based attacks
  • Write Shellcode for macOS
  • Bypass kernel code-signing protection
Supporting your Online Journey
  • 7+ hours of video
  • 450 pages of online content
  • 4 lab machines
  • Closed Captioning is available for this course

Note: a mac computer is not required.

Course Pricing

All prices in US dollars. Subscribe to Learn One or contact our training consultants if you're purchasing Learn Unlimited.
Discounts may be available for Learn One subscription.

Are You Ready?

Subscribe Now