Get your OSMR certification with EXP-312 | OffSec

Train to become OSMR certified

EXP-312: macOS Control Bypasses

Starting at $1,749

Level

300
|

1355h of content

  • Gain a complete understanding of macOS security, including process injection, bypassing security controls, utilizing tools for binary analysis, shellcoding for macOS, and hooking
  • Earn the OffSec macOS Researcher (OSMR) certification after passing the exam
Start training Request a demo

Overview

EXP-312 is an advanced, hands-on course for security professionals focused on local privilege escalation, defense bypasses, and vulnerability discovery in macOS, using in-depth system internals, real-world exploits, and reverse engineering techniques

EXP-312 (macOS Control Bypasses) is designed for security professionals looking to extend their knowledge of the macOS security ecosystem, focused on local privilege escalation and bypassing the operating system’s defenses. The course will dive into macOS system internals to gain a better understanding of how the operating system works, providing insights that will help us bypass or exploit it. We'll also exploit real-world vulnerabilities, both in macOS and third-party applications, and discuss the root cause of these issues, providing the skills needed to discover previously unknown vulnerabilities.

EXP-312 covers a broad range of security techniques related to macOS, including:

  • Introduction to and use of a wide array of tools, including MachOView, lipo, otool, codesign, jtool2, and dtrace
  • Intercepting and modifying function calls within macOS applications, enabling you to manipulate their behavior for offensive purposes
  • Exploring dylib hijacking techniques to achieve process injection
  • Using hook functions on macOS to subvert a function call, to inspect application behavior, help with reverse engineering, and enable easy access to data that is only present in-memory
  • Bypassing Transparency, Consent, and Control (TCC), a macOS security feature that protects user privacy by requiring explicit consent for certain actions
  • Completing a full penetration test of macOS using the command line and standard reverse shells

EXP-312 is organized into 15 modules, each building upon the previous to deepen your understanding of macOS exploitation. This program requires that learners have their own macOS ARM system with at least a 1TB SSD to run local virtual machines.

Students should understand the basics of macOS and be capable of carrying out fundamental administrative tasks. MacOS source code will also be reviewed, so learners must have a foundational knowledge of the C programming language, and a working knowledge of x64 assembly is essential for debugging and reverse engineering applications. No exploit development experience is required as we do not focus on memory corruption vulnerabilities.

Becoming OSMR certified

  • 48-hour proctored

    All exams are proctored by an OffSec employee in a private VPN

  • Hands-on labs

    Identify, exploit, and report real-world vulnerabilities in live lab systems

  • Exam consists of 4 tasks

    Testing topics include reverse engineering to discover vulnerabilities, crafting exploits that bypass security mitigations, and creating custom shellcode

  • Retrieve a proof.txt file

    Once you've developed a working exploit against a designated target machine, you will need to obtain a shell and retrieve a proof.txt file

OSMR certification

About the OSMR exam

The OffSec macOS Researcher certification validates your expertise in macOS security and demonstrates your ability to analyze and exploit complex vulnerabilities

Exam Guide Exam FAQ

Start learning with OffSec

$2,749/year*

Best value

Learn One

Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts

Buy now Learn more

$1,749/once

Most popular

Course + Cert Bundle

Includes 90 days of access to one 200 or 300-level course, the associated labs, and a single exam attempt

Buy now Learn more

Train your team with OffSec

$6,099/year*

All access

Learn Unlimited

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year

Contact sales Learn more

Get a quote

Large teams

Learn Enterprise

Unlimited OffSec Learning Library access with flexible terms and volume discounts available

Get quote Learn more

Validate your expertise.
Amplify your impact.

  • Mindset & work ethic

    Instill a relentless problem-solving mindset that employers value highly in security professionals

  • Globally recognized certification

    OffSec certs build elite, hands-on skills trusted by the world's top companies

  • Organization value & trust

    Trusted to train skilled, consistent, and reliable security teams

  • Certified candidates win

    91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)

View of the PEN-200 syllabus in the OffSec portal

Realistic lab environments

Built to sharpen skills through practical, immersive learning

Request a free trial
View of the PEN-200 syllabus in the OffSec portal

  • On-demand lab access

    Train anytime in up-to-date, practical, cutting-edge labs

  • Structured learning modules

    Progress through clear, goal-driven topics

  • Challenge-based learning

    Build skills through real-world, hands-on challenges

  • AI-powered learning assisstant

    Get instant, guided help with complex topics

EXP-312 FAQ