About Course
Advanced MacOS Control Bypasses EXP 312 Course Training Certification
OffSec’s Advanced macOS Control Bypasses (EXP-312) course offers a thorough grasp of macOS security and internal workings. You will acquire hands-on experience discovering and exploiting logic-based vulnerabilities in the operating system, as well as learning how to circumvent security safeguards and escalate privileges in order to achieve root access on macOS computers.
Completing the online training course and passing the related test gives you the OffSec macOS Researcher (OSMR) certification. This certification verifies your knowledge of macOS security and proves your ability to analyse and exploit complex vulnerabilities, positioning you as a highly sought-after specialist in the industry.
Course Outline
- Introduction to macOS Internals
This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.
- Debugging, Tracing & Hopper
Learn to utilize debugging and tracing tools like Hopper to analyze macOS applications and uncover security flaws.
- Shellcoding in macOS
Master the art of writing shellcode for macOS, enabling you to execute custom code on compromised systems.
- Dylib Injection
Explore techniques to inject dynamic libraries (dylibs) into macOS processes, allowing you to modify or extend their behavior.
- Mach and Mach Injection
Understand the Mach microkernel, the core of macOS, and learn how to inject code into Mach tasks to bypass security restrictions.
- Hooking
Learn how to intercept and modify function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes.
- XPC Exploitation
Understand XPC, an interprocess communication mechanism in macOS, and learn how to exploit XPC vulnerabilities to escalate privileges and gain unauthorized access.
- Sandbox Escape
Explore techniques to break out of macOS sandboxes, which are designed to restrict the actions of untrusted applications.
- Attacking Privacy (TCC)
Learn how to bypass Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions.
- Symlink Attacks
Discover how to exploit symbolic links (symlinks) in macOS to gain unauthorized access to files and directories or escalate privileges.
Who is it for?
The EXP-312 course is suitable for experienced penetration testers and security professionals with a strong foundation in macOS security who want to learn advanced exploitation methods and acquire a recognised macOS security certification (the OSMR certification).
Exam Details
The OffSec macOS Researcher (OSMR) test is a rigorous 48-hour proctored assessment that replicates a real-world macOS environment. You will be responsible for discovering and exploiting vulnerabilities in macOS systems and apps, escalating privileges, and eventually getting root access.
Benefits of the course
- Introduction to macOS Internals
- Debugging, Tracing & Hopper
- Shellcoding in macOS
- Dylib Injection
- Mach and Mach Injection
- Hooking
- XPC Exploitation
- Sandbox Escape
- Attacking Privacy (TCC)
- Symlink Attacks
Course Content
-
This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.