Offsec EXP-312: macOS Control Bypasses

  • CategoryOther
  • TypeTutorials
  • LanguageEnglish
  • Total size903.9 MB
  • Uploaded Byhazing4864
  • Downloads332
  • Last checkedJan. 02nd '26
  • Date uploadedJan. 02nd '26
  • Seeders 24
  • Leechers5

Infohash : A29EF40D9CB0D31907FEAA2DC1018202E5E624B6



Offsec has stopped issuing new certs for this course

Wayback URL - https://web.archive.org/web/20250913135159/https://www.offsec.com/courses/exp-312/


Gain a complete understanding of macOS security, including process injection, bypassing security controls, utilizing tools for binary analysis, shellcoding for macOS, and hooking

Files:

EXP-3012
  • OSMR_EXP312.pdf (18.2 MB)
    • Videos
    • 0.EXP312-COPY_00_00-Copyright.mp4 (908.8 KB)
    • 1.EXP312-Tools_00_00-macOS Binary Analysis Tools.mp4 (6.4 MB)
    • 10.EXP312-Tools_03_00-Dynamic Analysis.mp4 (880.2 KB)
    • 100.EXP312-TCC_03_00-Bypass TCC via Spotlight Importer Plugins.mp4 (536.8 KB)
    • 101.EXP312-TCC_03_01-The Spotlight Service.mp4 (6.4 MB)
    • 102.EXP312-TCC_03_02-Vulnerability Analysis.mp4 (933.7 KB)
    • 103.EXP312-TCC_03_03-Exploitation.mp4 (12.9 MB)
    • 104.EXP312-TCC_05_00-Gain Full Disk Access via Terminal.mp4 (7.1 MB)
    • 105.EXP312-Symlink_03_00-CVE-2020-3855 - macOS DiagnosticMessages File Overwrite Vulnerability.mp4 (23.4 MB)
    • 106.EXP312-Symlink_04_00-CVE-2020-3762 - Adobe Reader macOS Installer Local Privilege Escalation.mp4 (14.6 MB)
    • 107.EXP312-Symlink_05_00-CVE-2019-8802 - macOS Manpages Local Privilege Escalation.mp4 (15.4 MB)
    • 108.EXP312-Kernel_02_00-Sample KEXT.mp4 (9.3 MB)
    • 109.EXP312-Kernel_03_00-The KEXT Loading Process.mp4 (4.4 MB)
    • 11.EXP312-Tools_04_00-The LLDB Debugger.mp4 (1.3 MB)
    • 110.EXP312-Kernel_03_01-Initiating KEXT Load Requests.mp4 (4.9 MB)
    • 111.EXP312-Kernel_03_02-Entering kextd.mp4 (8.3 MB)
    • 112.EXP312-Kernel_03_03-KEXT Staging.mp4 (15.3 MB)
    • 113.EXP312-Kernel_03_04-KEXT Authentication and syspolicyd.mp4 (11.3 MB)
    • 114.EXP312-Kernel_03_05-Loading the KEXT Entering XNU.mp4 (5.7 MB)
    • 115.EXP312-Kernel_04_00-CVE-2020-9939 - Unsigned KEXT Load Vulnerability.mp4 (631.5 KB)
    • 116.EXP312-Kernel_04_01-The Vulnerability and the Exploit Plan.mp4 (3.9 MB)
    • 117.EXP312-Kernel_04_02-Staging a KEXT with Symlink.mp4 (5.2 MB)
    • 118.EXP312-Kernel_04_03-The Insecure Location Problem.mp4 (6.0 MB)
    • 119.EXP312-Kernel_04_04-The Race to the Kernel.mp4 (23.1 MB)
    • 12.EXP312-Tools_04_01-Setting Breakpoints.mp4 (8.0 MB)
    • 120.EXP312-Kernel_04_05-Disabling SIP.mp4 (2.9 MB)
    • 121.EXP312-Kernel_05_00-CVE-2021-1779 - Unsigned KEXT Load Vulnerability.mp4 (624.1 KB)
    • 122.EXP312-Kernel_05_01-The Patch.mp4 (4.4 MB)
    • 123.EXP312-Kernel_05_02-Bypassing Code Signing.mp4 (7.6 MB)
    • 124.EXP312-Kernel_05_03-Forget the Race Meet Interactive Mode.mp4 (10.5 MB)
    • 125.EXP312-PITA_00_00-macOS Penetration Testing.mp4 (1.3 MB)
    • 126.EXP312-PITA_01_00-Small Step For Man.mp4 (7.8 MB)
    • 127.EXP312-PITA_02_00-The Jail.mp4 (4.4 MB)
    • 128.EXP312-PITA_02_01-Prison Break.mp4 (10.6 MB)
    • 129.EXP312-PITA_02_02-Lets Persist.mp4 (5.5 MB)
    • 13.EXP312-Tools_04_02-Disassembling with LLDB.mp4 (3.6 MB)
    • 130.EXP312-PITA_03_00-I am (g)root.mp4 (426.9 KB)
    • 131.EXP312-PITA_03_01-Searching for Low-Hanging Fruit.mp4 (4.9 MB)
    • 132.EXP312-PITA_04_00-CVE-2020-26893 - I Like To Move It Move It.mp4 (14.2 MB)
    • 133.EXP312-PITA_04_01-Periodic Scripts.mp4 (1.9 MB)
    • 134.EXP312-PITA_04_02-PAM Modules.mp4 (5.6 MB)
    • 135.EXP312-PITA_04_03-This is the Way.mp4 (13.4 MB)
    • 136.EXP312-PITA_05_00-Private Documents - We Wants It We Needs It.mp4 (5.4 MB)
    • 137.EXP312-PITA_05_01-CVE-2020-9934 - HOME Relocation.mp4 (9.9 MB)
    • 138.EXP312-PITA_06_00-The Core.mp4 (2.2 MB)
    • 14.EXP312-Tools_04_03-Reading and Writing Memory and Registers.mp4 (4.0 MB)
    • 15.EXP312-Tools_04_04-Modifying Code During Debugging.mp4 (10.6 MB)
    • 16.EXP312-Tools_05_00-Debugging with Hopper.mp4 (1.7 MB)
    • 17.EXP312-Tools_05_02-Starting the Debugger.mp4 (3.4 MB)
    • 18.EXP312-Tools_05_03-Basic Controls and Functionality.mp4 (6.6 MB)
    • 19.EXP312-Tools_05_04-Inspecting External Function Resolution.mp4 (5.3 MB)
    • 2.EXP312-Tools_01_00-Command Line Static Analysis Tools.mp4 (624.5 KB)
    • 20.EXP312-Tools_06_00-Tracing Applications with DTrace.mp4 (1.3 MB)
    • 21.EXP312-Tools_06_02-DTrace Example - Monitoring System Calls.mp4 (5.5 MB)
    • 22.EXP312-Tools_06_03-DTrace Example - Monitoring Write Calls.mp4 (3.4 MB)
    • 23.EXP312-Tools_06_04-DTrace Example - Creating Aggregation Info.mp4 (2.2 MB)
    • 24.EXP312-Tools_06_05-DTrace Probes.mp4 (1.1 MB)
    • 25.EXP312-Tools_06_06-System DTrace Scripts.mp4 (5.7 MB)
    • 26.EXP312-Tools_07_00-Wrapping Up.mp4 (896.4 KB)
    • 27.EXP312-Shellcode_01_03-Making Syscalls from Shellcode.mp4 (6.8 MB)
    • 28.EXP312-Shellcode_02_00-Custom Shell Command Execution in Assembly.mp4 (4.2 MB)
    • 29.EXP312-Shellcode_02_01-Planned Memory Layout.mp4 (1.8 MB)
    • 3.EXP312-Tools_01_01-codesign.mp4 (4.8 MB)
    • 30.EXP312-Shellcode_02_02-Putting Arguments on the Stack.mp4 (11.4 MB)
    • 31.EXP312-Shellcode_02_03-Setting up the Syscall.mp4 (3.3 MB)
    • 32.EXP312-Shellcode_02_04-Putting it Together.mp4 (1.3 MB)
    • 33.EXP312-Shellcode_02_05-Analyzing the Shellcode with dtrace.mp4 (3.5 MB)
    • 34.EXP312-Shellcode_02_06-Analyzing the Shellcode in a Debugger.mp4 (5.4 MB)
    • 35.EXP312-Shellcode_03_00-Making a Bind Shell in Assembly.mp4 (2.2 MB)
    • 36.EXP312-Shellcode_03_01-Creating a Socket.mp4 (6.0 MB)
    • 37.EXP312-Shellcode_03_02-In the Darkness Bind Them.mp4 (10.3 MB)
    • 38.EXP312-Shellcode_03_03-Listening on the Socket.mp4 (3.6 MB)
    • 39.EXP312-Shellcode_03_04-Accepting Incoming Connections.mp4 (4.3 MB)
    • 4.EXP312-Tools_01_02-objdump.mp4 (8.7 MB)
    • 40.EXP312-Shellcode_03_05-Duplicating File Descriptors.mp4 (6.6 MB)
    • 41.EXP312-Shellcode_03_06-Executing binzsh.mp4 (2.9 MB)
    • 42.EXP312-Shellcode_03_07-Putting the Bind Shell Together.mp4 (11.1 MB)
    • 43.EXP312-Shellcode_04_00-Writing Shellcode in C.mp4 (2.2 MB)
    • 44.EXP312-Shellcode_04_01-Writing execv Shellcode in C.mp4 (3.4 MB)
    • 45.EXP312-Shellcode_04_02-Eliminating RIP Relative Addressing.mp4 (2.0 MB)
    • 46.EXP312-Shellcode_04_03-Eliminating Calls into the __stub Section.mp4 (2.8 MB)
    • 47.EXP312-Shellcode_04_04-Locating execv Pointer and Running the Code.mp4 (4.5 MB)
    • 48.EXP312-Shellcode_05_00-Wrapping Up.mp4 (795.1 KB)
    • 49.EXP312-Injection_01_01-Performing an Injection.mp4 (9.4 MB)
    • 5.EXP312-Tools_01_03-jtool2.mp4 (4.0 MB)
    • 50.EXP312-Injection_01_03-Verifying Restrictions.mp4 (18.7 MB)
    • 51.EXP312-Injection_02_02-Dylib Loading Process and Hijacking Scenarios.mp4 (18.2 MB)
    • 52.EXP312-Injection_02_03-Finding Vulnerable Applications.mp4 (7.8 MB)
    • 53.EXP312-Injection_02_04-Performing Dylib Hijacking.mp4 (7.8 MB)
    • 54.EXP312-Injection_02_05-Hijacking Dlopen.mp4 (4.8 MB)
    • 55.EXP312-Mach_01_00-Mach Inter Process Communication (IPC) Concepts.mp4 (7.7 MB)
    • 56.EXP312-Mach_03_00-Injection via Mach Task Ports.mp4 (1.1 MB)
    • 57.EXP312-Mach_03_01-Getting the SEN

Code:

  • udp://tracker.leechers-paradise.org:6969/announce
  • udp://tracker.coppersurfer.tk:6969/announce
  • udp://tracker.opentrackr.org:1337/announce
  • udp://tracker.zer0day.to:1337/announce
  • udp://eddie4.nl:6969/announce