EXP-312 - Advanced macOS Control Bypasses (OSMR) - Self-paced

Length 90 days access
Price NZD 2730 exc GST
Inclusions OSMR exam

Course overview

Book now

Why study this course

Advanced macOS Control Bypasses (EXP-312) is our first macOS security course. It's an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system's defences.

EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.

Learners who complete the course and pass the exam earn the OffSec macOS Researcher (OSMR) certification.

This self-paced course includes:

7+ hours of video
450 pages of online content
4 lab machines
OSMR exam voucher
Closed Captioning is available for this course
A mac computer is not required

About the OSMR exam:

The EXP-312 course and online lab prepares you for the OSMR certification
48-hour exam
Proctored

Learn more about the exam.

Following this course, the recommended next course is EXP-401 (OSEE).

Request Course Information

What you’ll learn

A strong understanding of macOS internals
Basics of Mach messaging
How to bypass Transparency, Content and Control (TCC) protections
How to escape the Sandbox
Perform symbolic link attacks
Leverage process injection techniques
Exploit XPC for privilege escalation
Perform hooking based attacks
Write Shellcode for macOS
Bypass kernel code-signing protection

OffSec at Lumify Work

Security professionals from top organisations rely on OffSec to train and certify their personnel. Lumify Work is an Official Training Partner for OffSec.

View all OffSec courses

Who is the course for?

Anyone who is interested in learning about macOS exploitation
Pentesters looking to broaden their skill set to include macOS expertise
Anyone committed to the defence or security of macOS systems
Job roles such as Penetration testers, Exploit developers, Security researcher, macOS defenders, and macOS application developers

Course subjects

The course covers the following topics:

Introduction to macOS internals
Debugging, Tracing, Hopper
Shellcoding in macOS
Dylib Injection
Mach and Mach injection
Hooking
XPC exploitation
Sandbox escape
Attacking privacy (TCC)
Symlink attacks
Kernel code execution
macOS Pentesting

View the full syllabus here.

Prerequisites

All students are required to have:

Knowledge of C programming
Normal user experience with macOS
Basic familiarity with 64-bit assembly and debugging
Understanding of basic exploitation concepts

EXP-301 Windows User Mode Exploit Development is a prerequisite for this course.

THIRD PARTY REGISTRATION

Lumify Work offers certification and training through our partnership with OffSec. This arrangement requires Lumify Work to provide your details to OffSec for course and/or exam registration purposes.

Downloads

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.