Learning Solutions

Learning Library

Courses & Certifications

Industry-leading certifications and training for continuous learning
Learning Paths

Focused training to develop skills based on a specific area of interest
Job Roles

Rigorous training content and labs for the most critical and in-demand job roles
Skills Development

Focused training to develop critical cybersecurity skills
Industry Frameworks

MITRE ATT&CK- and D3FEND-aligned learning paths
Explore Learning Library

Cyber Ranges

Enterprise Cyber Range & Versus

Set up tournaments and test red and blue team skills in a live-fire cyber range
Offensive Cyber Range

Train on the latest attack vectors to address vulnerabilities
Defensive Cyber Range

Prepare for the next attack with simulated real-world training environments
Watch a demo
Why OffSec

Organizations

Teams & Enterprises

Continuous learning & hands-on skills development for cybersecurity teams
Public Sector

Unique training for government agencies and educational institutions
Use Cases

Meet critical cyber workforce needs with OffSec's learning platform
Contact sales

Individuals

Attain a Certification

Prove critical knowledge & skills with an industry-standard certification
Get Hands-on Practice

Challenge yourself in real-world lab environments
Increase Career Prospects

Ready yourself for the next step in your cybersecurity career
Buy now
Plans & Pricing

Organizations

Subscription Pricing

Provide continuous Learning Library access to build cyber workforce resilience
Cyber Ranges

Hands-on training in live-fire, simulation environments
Pentesting Services

Let OffSec conduct a comprehensive vulnerability assessment
Contact sales

Individuals

Pricing

Flexible options based on your learning goals
Learn One
Learn One

12-month access to a single course, related labs, and two exam attempts
Course & Certification Bundle
Course & Certification Bundle

90-day access to a single course, related labs, and one exam attempt
Learn Fundamentals
Learn Fundamentals

12-month access to introductory- and essential-level content
Proving Grounds Labs

OffSec-curated private labs to practice and perfect your pentesting skills
Buy now
Partners
Global Partner Program
Partner Portal Login
Find a Partner
Kali & Community
Join Our Community
Kali Linux
Community Projects
OffSec Discord
OffSec Live
Resources
EXP-312: Advanced macOS Control Bypasses

EXP-312: Advanced macOS Control Bypasses

OffSec’s Advanced macOS Control Bypasses (EXP-312) course provides a comprehensive understanding of macOS security and its inner workings. You’ll gain hands-on experience identifying and exploiting logic-based vulnerabilities within the operating system, learning to bypass security mechanisms and escalate privileges to ultimately gain root access on macOS systems.

Completion of the online training course and successfully passing the associated exam earns the OffSec macOS Researcher (OSMR) certification. This certification validates your expertise in macOS security and demonstrates your ability to analyze and exploit complex vulnerabilities, making you a highly sought-after professional in the field.

Buy now Get a quote
OSMR Certification Badge

Topics covered in the Advanced macOS Control Bypasses course (EXP-312)

  • Introduction to macOS Internals

    This module provides a foundation in macOS architecture, memory management, and system calls, essential knowledge for understanding macOS security and identifying potential vulnerabilities.

  • Debugging, Tracing & Hopper

    Learn to utilize debugging and tracing tools like Hopper to analyze macOS applications and uncover security flaws.

  • Shellcoding in macOS

    Master the art of writing shellcode for macOS, enabling you to execute custom code on compromised systems.

  • Dylib Injection

    Explore techniques to inject dynamic libraries (dylibs) into macOS processes, allowing you to modify or extend their behavior.

  • Mach and Mach Injection

    Understand the Mach microkernel, the core of macOS, and learn how to inject code into Mach tasks to bypass security restrictions.

  • Hooking

    Learn how to intercept and modify function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes.

  • XPC Exploitation

    Understand XPC, an interprocess communication mechanism in macOS, and learn how to exploit XPC vulnerabilities to escalate privileges and gain unauthorized access.

  • Sandbox Escape

    Explore techniques to break out of macOS sandboxes, which are designed to restrict the actions of untrusted applications.

  • Attacking Privacy (TCC)

    Learn how to bypass Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions.

  • Symlink Attacks

    Discover how to exploit symbolic links (symlinks) in macOS to gain unauthorized access to files and directories or escalate privileges.

See more in course syllabus

How to enroll today

Most
popular

Course + Certification Exam Bundle

Course + Cert
Exam Bundle

$1649

One-time payment

Buy now

More information

# of Courses

1

Days of lab access

90

# of Exam attempts included

1

Best
value

Learn One

Learn
One

$2599/year

Billed annually*

Buy now

More information

# of Courses

1

Days of lab access

365

# of Exam attempts included

2

Fundamental content

Unlimited

Fundamental learning paths and assessments

Included

PEN-103 & KLCP Exam

Included

PEN-210 & OWSP Exam

Included

Proving Grounds Practice

Included

All
access

Learn Unlimited

Learn
Unlimited

$5799/year

Billed annually*

Contact us

More information

Recommended # of learners

2-9

# of Exam attempts included

Unlimited

Subscription Term

Annual

OffSec Learning Library Access

All access

Proving Grounds Play

Included

Proving Grounds Practice

Included

Labs for every course

Included

# of Courses

All

Days of lab access

365

Fundamental content

Unlimited

PEN-103 & KLCP Exam

Included

PEN-210 & OWSP Exam

Included

*Subscription auto-renews unless cancelled

# of Courses

1

1

All

Days of lab access

90

365

365

# of Exam attempts included

1

2

Unlimited

Fundamental content

N/A

Unlimited

Unlimited

PEN-103 & KLCP Exam

N/A

Included

Included

PEN-210 & OWSP Exam

N/A

Included

Included

Proving Grounds Practice

N/A

Included

Included

Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. State exclusions may apply. Learn more.

Once started, 90 day lab access cannot be paused.

Buying for a team?

Advance your cybersecurity career with OffSec

Become an in-demand cybersecurity professional

  • Gain expertise in macOS control bypass techniques

    Learn to identify and exploit vulnerabilities in the operating system’s protection mechanisms.

  • Get hands-on experience with real-world macOS vulnerability scanning

    Practice bypassing security features on Mac computers and escalating privileges to achieve root access in a practical lab environment.

  • Understand macOS security concepts and methodologies

    Learn about macOS internals, kernel programming, system programming, and exploit development techniques specific to the macOS platform.

  • Analyze and exploit macOS applications

    Learn to identify and exploit logic-based vulnerabilities in macOS applications, including those related to XPC, sandboxing, and TCC (Transparency, Consent, and Control).

  • Harden your macOS security knowledge and skills

    Develop a deep understanding of macOS security features and learn how to bypass them to effectively assess and improve the security of macOS systems.

Open doors to exciting cybersecurity roles

  • macOS Security Engineer

    Design and implement security solutions tailored for macOS environments, protecting systems and data from unauthorized access and malicious activities.

  • macOS Security Consultant

    Provide expert guidance to organizations on securing their macOS infrastructure, identifying vulnerabilities, and implementing effective countermeasures.

  • macOS Vulnerability Researcher

    Discover and analyze new vulnerabilities in macOS and its applications, contributing to the security community’s knowledge base and helping to build more secure software.

  • Red Team Operator (macOS focus)

    Emulate real-world attackers by targeting macOS systems, identifying weaknesses in security defenses, and providing actionable recommendations for improvement.

  • Incident Responder (macOS focus)

    Investigate and respond to security incidents on macOS systems, analyzing compromised systems, identifying attack vectors, and implementing containment and remediation strategies.

FAQ

  • What is the OSMR exam?

    The OffSec macOS Researcher (OSMR) exam is a challenging, proctored 48-hour assessment that simulates a real-world macOS environment. You will be tasked with identifying and exploiting vulnerabilities in macOS systems and applications, escalating privileges, and ultimately gaining root access.

  • What format is the OSMR exam in?

    The OSMR exam is entirely hands-on. You will be given access to a target macOS environment and tasked with compromising it using the techniques learned in the course.

  • Who is the EXP-312 course for?

    The EXP-312 course is ideal for experienced penetration testers and security professionals with a strong foundation in macOS security who are seeking to master advanced exploitation techniques and achieve a recognized macOS security certification – the OSMR certification.

  • What are the prerequisites for EXP-312?

    While there are no formal prerequisites; however, a solid understanding of macOS internals, programming concepts (C and Objective-C), and debugging tools (such as LLDB) is highly recommended.

  • What competencies will I gain?

    Upon completing EXP-312 and passing the OSMR exam, you will have earned a recognized macOS security certification and mastered macOS security skills, including:

    • In-depth knowledge of macOS internals, security mechanisms, and attack surfaces
    • Ability to identify and exploit logic-based vulnerabilities in macOS applications and the operating system
    • Proficiency in bypassing macOS security mitigations, such as sandboxing and TCC
    • Understanding of kernel exploitation techniques and privilege escalation
    • Ability to analyze and reverse engineer macOS applications to identify vulnerabilities
    • Conducting comprehensive macOS penetration tests to assess security posture

  • How does OffSec support my online journey?

    Throughout the online training course, you’ll have access to:

    • A virtual lab environment for hands-on practice
    • Extensive course information and materials, including videos and exercises
    • A vibrant online community of students and OffSec professionals

  • What is the exam retake policy?

    For details on exam retakes, please refer to OffSec’s official policies.

  • Can I extend my lab time?

    For information on lab extensions, please refer to OffSec’s official policies.

OffSec Exploit Development Courses & Certifications

EXP-301

EXP-301: Windows User Mode Exploit Development

Windows User Mode Exploit Development (OSED)

EXP-312

EXP-312: Advanced macOS Control Bypasses

Advanced macOS Control Bypasses (OSMR)

Advance your cybersecurity career with OffSec

  • Start your journey into macOS security

    OffSec’s Advanced macOS Control Bypasses (EXP-312) course provides a comprehensive understanding of macOS security and its inner workings. You’ll gain hands-on experience identifying and exploiting logic-based vulnerabilities within the operating system.

  • Become a macOS security expert

    Learn to bypass security mechanisms, escalate privileges, and ultimately gain root access on macOS systems. Master reverse engineering, exploit development, and vulnerability analysis techniques specific to macOS.

  • Enhance your cybersecurity expertise

    OffSec’s additional Learning Paths and courses can further develop your exploit development security skill set. Explore Windows exploitation techniques, CI/CD attacks, and threat hunting with OffSec’s courses and Learning Paths.

  • Become an in demand cybersecurity professional

    macOS security experts are highly sought-after professionals who assess and secure macOS environments, protecting systems and data from unauthorized access and malicious activities.

Most
popular

Course & Cert <br /> Exam Bundle Course & Cert <br /> Exam Bundle

Course & Cert
Exam Bundle

$1649/once

The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.

Best
value

Learn <br/>One Learn <br/>One

Learn
One

$2599/year*

One year of lab access alongside a single course plus two exam attempts.

All
access

Learn <br/>Unlimited Learn <br/>Unlimited

Learn
Unlimited

$5799/year

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.

Large teams

Learn <br/>Enterprise Learn <br/>Enterprise

Learn
Enterprise

Get a quote

Flexible terms and volume discounts available.

*Subscription auto-renews unless canceled.
learn-one

Learn One is an annual subscription for individuals and organizations who want to enroll in a single course and ultimately earn an OffSec certification. Learn One includes one course of your choice, two cert exam attempts, hands-on lab access, and all Learn Fundamentals content.

Buy now Learn more
What’s included

1 year of access to the course of your choice

2 exam attempts during your subscription

365 days of lab access

1 year of unlimited access to all fundamental content and OffSec curated Learning Paths

PEN-103 + 1 KLCP exam attempt

PEN-210 + 1 OSWP exam attempt

Proving Grounds Practice labs

1 download of course material

Financing for Learn Fundamentals and Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.

State exclusions may apply. Learn more.
Graduation cap icon colored in with a gradient fading from purple to teal

New to cybersecurity want to get educated on fundamental content before signing up?

Check out Cyberversity - our free resource library covering essential cybersecurity topics.

Learn more