Advanced macOS Control Bypasses OSMR Training (EXP-312)

 

Course Overview

EXP-312 (macOS Control Bypasses) is an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses. It’s an intermediate course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.

Who should attend

  • Anyone who is interested in learning about macOS exploitation
  • Pentesters looking to broaden their skill set to include macOS expertise
  • Anyone committed to the defense or security of macOS systems
  • Job roles like Penetration testers, Exploit developers, Security researcher, macOS defenders, and macOS application developers

Prerequisites

We strongly suggest that students taking PEN-300 have either taken PWK and passed the OSCP certification or have equivalent knowledge and skills in the following areas:

  • Working familiarity with Kali Linux command line
  • Solid ability run enumerating targets to identify vulnerabilities
  • Basic scripting abilities in Bash, Python and PowerShell
  • Identifying and exploiting vulnerabilities like SQL injection, file inclusion and local privilege escalation
  • Foundational understanding of Active Directory and knowledge of basic AD attacks
  • Familiarity with C# programming is a plus

Course Objectives

  • Obtain a strong understanding of macOS internals
  • Learn the basics of Mach messaging
  • Learn how to bypass Transparency, Content and Control (TCC) protections
  • Learn how to escape the Sandbox
  • Perform symbolic link attacks
  • Leverage process injection techniques
  • Exploit XPC for privilege escalation
  • Perform hooking based attacks
  • Write Shellcode for macOS
  • Bypass kernel code-signing protection
  • Course Materials
  • Active Student Forums
  • Access to Home Lab Setup

Outline: Advanced macOS Control Bypasses OSMR Training (EXP-312)

  • Lesson 1: macOS Control Bypasses: General Course Information
  • Lesson 2: Virtual Machine Setup Guide
  • Lesson 3: Introduction to macOS
  • Lesson 4: macOS Binary Analysis Tools
  • Lesson 5: The Art of Crafting Shellcodes
  • Lesson 6: Dylib Injection Egghunters
  • Lesson 7: The Mach Microkernel
  • Lesson 8: Function Hooking on macOS
  • Lesson 9: XPC Attacks
  • Lesson 10: The macOS Sandbox
  • Lesson 11: Bypassing Transparency, Consent, and Control (Privacy)
  • Lesson 12: GateKeeper Internals
  • Lesson 13: Bypassing GateKeeper
  • Lesson 14: Symlink and Hardlink Attacks
  • Lesson 15: Getting Kernel Code Execution
  • Lesson 16: Injecting Code into Electron Applications
  • Lesson 17: Mount(ain) of Bugs (Archived)
  • Lesson 18: The Art of Crafting Shellcodes (Apple Silicon Edition)
  • Lesson 19: Mach IPC Exploitation
  • Lesson 20: Chaining Exploits on macOS Ventura
  • Lesson 21: macOS Penetration Testing

Prices & Delivery methods

Online Training

Duration
5 days

Price
  • US $ 8,495
Enroll now
Request a date

Schedule

Currently there are no training dates scheduled for this course.