Become a Partner
Add OffSec to your list of training providers
Partner with usOffSec’s Advanced macOS Control Bypasses (EXP-312) course provides a comprehensive understanding of macOS security and its inner workings. You’ll gain hands-on experience identifying and exploiting logic-based vulnerabilities within the operating system, learning to bypass security mechanisms and escalate privileges to ultimately gain root access on macOS systems.
Completion of the online training course and successfully passing the associated exam earns the OffSec macOS Researcher (OSMR) certification. This certification validates your expertise in macOS security and demonstrates your ability to analyze and exploit complex vulnerabilities, making you a highly sought-after professional in the field.
Introduction to macOS Internals
This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.
Debugging, Tracing & Hopper
Learn to utilize debugging and tracing tools like Hopper to analyze macOS applications and uncover security flaws.
Shellcoding in macOS
Master the art of writing shellcode for macOS, enabling you to execute custom code on compromised systems.
Dylib Injection
Explore techniques to inject dynamic libraries (dylibs) into macOS processes, allowing you to modify or extend their behavior.
Mach and Mach Injection
Understand the Mach microkernel, the core of macOS, and learn how to inject code into Mach tasks to bypass security restrictions.
Hooking
Learn how to intercept and modify function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes.
XPC Exploitation
Understand XPC, an interprocess communication mechanism in macOS, and learn how to exploit XPC vulnerabilities to escalate privileges and gain unauthorized access.
Sandbox Escape
Explore techniques to break out of macOS sandboxes, which are designed to restrict the actions of untrusted applications.
Attacking Privacy (TCC)
Learn how to bypass Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions.
Symlink Attacks
Discover how to exploit symbolic links (symlinks) in macOS to gain unauthorized access to files and directories or escalate privileges.
Most
popular
More information
# of Courses
1
Days of lab access
90
# of Exam attempts included
1
Best
value
All
access
More information
Recommended # of learners
2-9
# of Exam attempts included
Subscription Term
Annual
OffSec Learning Library Access
All access
Included
Included
Labs for every course
Included
# of Courses
All
Days of lab access
365
Fundamental content
Unlimited
PEN-103 & KLCP Exam
Included
PEN-210 & OWSP Exam
Included
# of Courses
1
1
All
Days of lab access
90
365
365
# of Exam attempts included
1
Fundamental content
N/A
Unlimited
Unlimited
PEN-103 & KLCP Exam
N/A
Included
Included
PEN-210 & OWSP Exam
N/A
Included
Included
N/A
Included
Included
Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. State exclusions may apply. Learn more.
Once started, 90 day lab access cannot be paused.
Buying for a team?Learn to identify and exploit vulnerabilities in the operating system’s protection mechanisms.
Practice bypassing security features on Mac computers and escalating privileges to achieve root access in a practical lab environment.
Learn about macOS internals, kernel programming, system programming, and exploit development techniques specific to the macOS platform.
Learn to identify and exploit logic-based vulnerabilities in macOS applications, including those related to XPC, sandboxing, and TCC (Transparency, Consent, and Control).
Develop a deep understanding of macOS security features and learn how to bypass them to effectively assess and improve the security of macOS systems.
Design and implement security solutions tailored for macOS environments, protecting systems and data from unauthorized access and malicious activities.
Provide expert guidance to organizations on securing their macOS infrastructure, identifying vulnerabilities, and implementing effective countermeasures.
Discover and analyze new vulnerabilities in macOS and its applications, contributing to the security community’s knowledge base and helping to build more secure software.
Emulate real-world attackers by targeting macOS systems, identifying weaknesses in security defenses, and providing actionable recommendations for improvement.
Investigate and respond to security incidents on macOS systems, analyzing compromised systems, identifying attack vectors, and implementing containment and remediation strategies.
What is the OSMR exam?
The OffSec macOS Researcher (OSMR) exam is a challenging, proctored 48-hour assessment that simulates a real-world macOS environment. You will be tasked with identifying and exploiting vulnerabilities in macOS systems and applications, escalating privileges, and ultimately gaining root access.
What format is the OSMR exam in?
The OSMR exam is entirely hands-on. You will be given access to a target macOS environment and tasked with compromising it using the techniques learned in the course.
Who is the EXP-312 course for?
The EXP-312 course is ideal for experienced penetration testers and security professionals with a strong foundation in macOS security who are seeking to master advanced exploitation techniques and achieve a recognized macOS security certification – the OSMR certification.
What are the prerequisites for EXP-312?
While there are no formal prerequisites; however, a solid understanding of macOS internals, programming concepts (C and Objective-C), and debugging tools (such as LLDB) is highly recommended.
What competencies will I gain?
Upon completing EXP-312 and passing the OSMR exam, you will have earned a recognized macOS security certification and mastered macOS security skills, including:
How does OffSec support my online journey?
Throughout the online training course, you’ll have access to:
What is the exam retake policy?
For details on exam retakes, please refer to OffSec’s official policies.
Can I extend my lab time?
For information on lab extensions, please refer to OffSec’s official policies.
OffSec’s Advanced macOS Control Bypasses (EXP-312) course provides a comprehensive understanding of macOS security and its inner workings. You’ll gain hands-on experience identifying and exploiting logic-based vulnerabilities within the operating system.
Learn to bypass security mechanisms, escalate privileges, and ultimately gain root access on macOS systems. Master reverse engineering, exploit development, and vulnerability analysis techniques specific to macOS.
OffSec’s additional Learning Paths and courses can further develop your exploit development security skill set. Explore Windows exploitation techniques, CI/CD attacks, and threat hunting with OffSec’s courses and Learning Paths.
macOS security experts are highly sought-after professionals who assess and secure macOS environments, protecting systems and data from unauthorized access and malicious activities.
Most
popular
$1649/once
The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.
Best
value
$2599/year*
One year of lab access alongside a single course plus two exam attempts.
All
access
$5799/year
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Large teams
Get a quote
Flexible terms and volume discounts available.
Learn One is an annual subscription for individuals and organizations who want to enroll in a single course and ultimately earn an OffSec certification. Learn One includes one course of your choice, two cert exam attempts, hands-on lab access, and all Learn Fundamentals content.
1 year of access to the course of your choice
2 exam attempts during your subscription
365 days of lab access
1 year of unlimited access to all fundamental content and OffSec curated Learning Paths
PEN-103 + 1 KLCP exam attempt
PEN-210 + 1 OSWP exam attempt
1 download of course material
Financing for Learn Fundamentals and Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.
State exclusions may apply. Learn more.
Check out Cyberversity - our free resource library covering essential cybersecurity topics.
Learn more