Cyber Security Category Banner Image

OffSec EXP-312 - Advanced macOS Control Bypasses (OSMR) - Self-paced

  • Length 90 days access
  • Inclusions OSMR exam
Course overview
Book now

Why study this course

Advanced macOS Control Bypasses (EXP-312) is our first macOS security course. It's an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system's defences.

EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.

Learners who complete the course and pass the exam earn the OffSec macOS Researcher (OSMR) certification.

This self-paced course includes:

  • 7+ hours of video

  • 450 pages of online content

  • 4 lab machines

  • OSMR exam voucher

  • Closed Captioning is available for this course

  • A mac computer is not required

About the OSMR exam:

  • The EXP-312 course and online lab prepares you for the OSMR certification

  • 48-hour exam

  • Proctored

Learn more about the exam.

Following this course, the recommended next course is EXP-401 (OSEE).

Request Course Information

What you’ll learn

  • A strong understanding of macOS internals

  • Basics of Mach messaging

  • How to bypass Transparency, Content and Control (TCC) protections

  • How to escape the Sandbox

  • Perform symbolic link attacks

  • Leverage process injection techniques

  • Exploit XPC for privilege escalation

  • Perform hooking based attacks

  • Write Shellcode for macOS

  • Bypass kernel code-signing protection

OffSec Partner Logo - Gold Channel

OffSec at Lumify Work

Security professionals from top organisations rely on OffSec to train and certify their personnel. Lumify Work is an Official Training Partner for OffSec.

Who is the course for?

  • Anyone who is interested in learning about macOS exploitation

  • Pentesters looking to broaden their skill set to include macOS expertise

  • Anyone committed to the defence or security of macOS systems

  • Job roles such as Penetration testers, Exploit developers, Security researcher, macOS defenders, and macOS application developers

Course subjects

The course covers the following topics:

  • Introduction to macOS internals

  • Debugging, Tracing, Hopper

  • Shellcoding in macOS

  • Dylib Injection

  • Mach and Mach injection

  • Hooking

  • XPC exploitation

  • Sandbox escape

  • Attacking privacy (TCC)

  • Symlink attacks

  • Kernel code execution

  • macOS Pentesting

View the full syllabus here.


All students are required to have:

  • Knowledge of C programming

  • Normal user experience with macOS

  • Basic familiarity with 64-bit assembly and debugging

  • Understanding of basic exploitation concepts

EXP-301 Windows User Mode Exploit Development is a prerequisite for this course.


Lumify Work offers certification and training through our partnership with OffSec. This arrangement requires Lumify Work to provide your details to OffSec for course and/or exam registration purposes.

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

Select and book a course

Can't find a date you like?

Contact sales