Offsec EXP-312: macOS Control Bypasses

  • Category Other
  • Type Tutorials
  • Language English
  • Total size 903.9 MB
  • Uploaded By hazing4864
  • Downloads 47
  • Last checked 1 hour ago
  • Date uploaded 7 hours ago
  • Seeders 10
  • Leechers 7

Infohash : A29EF40D9CB0D31907FEAA2DC1018202E5E624B6





Offsec has stopped issuing new certs for this course

Wayback URL - https://web.archive.org/web/20250913135159/https://www.offsec.com/courses/exp-312/


Gain a complete understanding of macOS security, including process injection, bypassing security controls, utilizing tools for binary analysis, shellcoding for macOS, and hooking

Files:

EXP-3012
  • OSMR_EXP312.pdf (18.2 MB)
    • Videos
    • 0.EXP312-COPY_00_00-Copyright.mp4 (908.8 KB)
    • 1.EXP312-Tools_00_00-macOS Binary Analysis Tools.mp4 (6.4 MB)
    • 10.EXP312-Tools_03_00-Dynamic Analysis.mp4 (880.2 KB)
    • 100.EXP312-TCC_03_00-Bypass TCC via Spotlight Importer Plugins.mp4 (536.8 KB)
    • 101.EXP312-TCC_03_01-The Spotlight Service.mp4 (6.4 MB)
    • 102.EXP312-TCC_03_02-Vulnerability Analysis.mp4 (933.7 KB)
    • 103.EXP312-TCC_03_03-Exploitation.mp4 (12.9 MB)
    • 104.EXP312-TCC_05_00-Gain Full Disk Access via Terminal.mp4 (7.1 MB)
    • 105.EXP312-Symlink_03_00-CVE-2020-3855 - macOS DiagnosticMessages File Overwrite Vulnerability.mp4 (23.4 MB)
    • 106.EXP312-Symlink_04_00-CVE-2020-3762 - Adobe Reader macOS Installer Local Privilege Escalation.mp4 (14.6 MB)
    • 107.EXP312-Symlink_05_00-CVE-2019-8802 - macOS Manpages Local Privilege Escalation.mp4 (15.4 MB)
    • 108.EXP312-Kernel_02_00-Sample KEXT.mp4 (9.3 MB)
    • 109.EXP312-Kernel_03_00-The KEXT Loading Process.mp4 (4.4 MB)
    • 11.EXP312-Tools_04_00-The LLDB Debugger.mp4 (1.3 MB)
    • 110.EXP312-Kernel_03_01-Initiating KEXT Load Requests.mp4 (4.9 MB)
    • 111.EXP312-Kernel_03_02-Entering kextd.mp4 (8.3 MB)
    • 112.EXP312-Kernel_03_03-KEXT Staging.mp4 (15.3 MB)
    • 113.EXP312-Kernel_03_04-KEXT Authentication and syspolicyd.mp4 (11.3 MB)
    • 114.EXP312-Kernel_03_05-Loading the KEXT Entering XNU.mp4 (5.7 MB)
    • 115.EXP312-Kernel_04_00-CVE-2020-9939 - Unsigned KEXT Load Vulnerability.mp4 (631.5 KB)
    • 116.EXP312-Kernel_04_01-The Vulnerability and the Exploit Plan.mp4 (3.9 MB)
    • 117.EXP312-Kernel_04_02-Staging a KEXT with Symlink.mp4 (5.2 MB)
    • 118.EXP312-Kernel_04_03-The Insecure Location Problem.mp4 (6.0 MB)
    • 119.EXP312-Kernel_04_04-The Race to the Kernel.mp4 (23.1 MB)
    • 12.EXP312-Tools_04_01-Setting Breakpoints.mp4 (8.0 MB)
    • 120.EXP312-Kernel_04_05-Disabling SIP.mp4 (2.9 MB)
    • 121.EXP312-Kernel_05_00-CVE-2021-1779 - Unsigned KEXT Load Vulnerability.mp4 (624.1 KB)
    • 122.EXP312-Kernel_05_01-The Patch.mp4 (4.4 MB)
    • 123.EXP312-Kernel_05_02-Bypassing Code Signing.mp4 (7.6 MB)
    • 124.EXP312-Kernel_05_03-Forget the Race Meet Interactive Mode.mp4 (10.5 MB)
    • 125.EXP312-PITA_00_00-macOS Penetration Testing.mp4 (1.3 MB)
    • 126.EXP312-PITA_01_00-Small Step For Man.mp4 (7.8 MB)
    • 127.EXP312-PITA_02_00-The Jail.mp4 (4.4 MB)
    • 128.EXP312-PITA_02_01-Prison Break.mp4 (10.6 MB)
    • 129.EXP312-PITA_02_02-Lets Persist.mp4 (5.5 MB)
    • 13.EXP312-Tools_04_02-Disassembling with LLDB.mp4 (3.6 MB)
    • 130.EXP312-PITA_03_00-I am (g)root.mp4 (426.9 KB)
    • 131.EXP312-PITA_03_01-Searching for Low-Hanging Fruit.mp4 (4.9 MB)
    • 132.EXP312-PITA_04_00-CVE-2020-26893 - I Like To Move It Move It.mp4 (14.2 MB)
    • 133.EXP312-PITA_04_01-Periodic Scripts.mp4 (1.9 MB)
    • 134.EXP312-PITA_04_02-PAM Modules.mp4 (5.6 MB)
    • 135.EXP312-PITA_04_03-This is the Way.mp4 (13.4 MB)
    • 136.EXP312-PITA_05_00-Private Documents - We Wants It We Needs It.mp4 (5.4 MB)
    • 137.EXP312-PITA_05_01-CVE-2020-9934 - HOME Relocation.mp4 (9.9 MB)
    • 138.EXP312-PITA_06_00-The Core.mp4 (2.2 MB)
    • 14.EXP312-Tools_04_03-Reading and Writing Memory and Registers.mp4 (4.0 MB)
    • 15.EXP312-Tools_04_04-Modifying Code During Debugging.mp4 (10.6 MB)
    • 16.EXP312-Tools_05_00-Debugging with Hopper.mp4 (1.7 MB)
    • 17.EXP312-Tools_05_02-Starting the Debugger.mp4 (3.4 MB)
    • 18.EXP312-Tools_05_03-Basic Controls and Functionality.mp4 (6.6 MB)
    • 19.EXP312-Tools_05_04-Inspecting External Function Resolution.mp4 (5.3 MB)
    • 2.EXP312-Tools_01_00-Command Line Static Analysis Tools.mp4 (624.5 KB)
    • 20.EXP312-Tools_06_00-Tracing Applications with DTrace.mp4 (1.3 MB)
    • 21.EXP312-Tools_06_02-DTrace Example - Monitoring System Calls.mp4 (5.5 MB)
    • 22.EXP312-Tools_06_03-DTrace Example - Monitoring Write Calls.mp4 (3.4 MB)
    • 23.EXP312-Tools_06_04-DTrace Example - Creating Aggregation Info.mp4 (2.2 MB)
    • 24.EXP312-Tools_06_05-DTrace Probes.mp4 (1.1 MB)
    • 25.EXP312-Tools_06_06-System DTrace Scripts.mp4 (5.7 MB)
    • 26.EXP312-Tools_07_00-Wrapping Up.mp4 (896.4 KB)
    • 27.EXP312-Shellcode_01_03-Making Syscalls from Shellcode.mp4 (6.8 MB)
    • 28.EXP312-Shellcode_02_00-Custom Shell Command Execution in Assembly.mp4 (4.2 MB)
    • 29.EXP312-Shellcode_02_01-Planned Memory Layout.mp4 (1.8 MB)
    • 3.EXP312-Tools_01_01-codesign.mp4 (4.8 MB)
    • 30.EXP312-Shellcode_02_02-Putting Arguments on the Stack.mp4 (11.4 MB)
    • 31.EXP312-Shellcode_02_03-Setting up the Syscall.mp4 (3.3 MB)
    • 32.EXP312-Shellcode_02_04-Putting it Together.mp4 (1.3 MB)
    • 33.EXP312-Shellcode_02_05-Analyzing the Shellcode with dtrace.mp4 (3.5 MB)
    • 34.EXP312-Shellcode_02_06-Analyzing the Shellcode in a Debugger.mp4 (5.4 MB)
    • 35.EXP312-Shellcode_03_00-Making a Bind Shell in Assembly.mp4 (2.2 MB)
    • 36.EXP312-Shellcode_03_01-Creating a Socket.mp4 (6.0 MB)
    • 37.EXP312-Shellcode_03_02-In the Darkness Bind Them.mp4 (10.3 MB)
    • 38.EXP312-Shellcode_03_03-Listening on the Socket.mp4 (3.6 MB)
    • 39.EXP312-Shellcode_03_04-Accepting Incoming Connections.mp4 (4.3 MB)
    • 4.EXP312-Tools_01_02-objdump.mp4 (8.7 MB)
    • 40.EXP312-Shellcode_03_05-Duplicating File Descriptors.mp4 (6.6 MB)
    • 41.EXP312-Shellcode_03_06-Executing binzsh.mp4 (2.9 MB)
    • 42.EXP312-Shellcode_03_07-Putting the Bind Shell Together.mp4 (11.1 MB)
    • 43.EXP312-Shellcode_04_00-Writing Shellcode in C.mp4 (2.2 MB)
    • 44.EXP312-Shellcode_04_01-Writing execv Shellcode in C.mp4 (3.4 MB)
    • 45.EXP312-Shellcode_04_02-Eliminating RIP Relative Addressing.mp4 (2.0 MB)
    • 46.EXP312-Shellcode_04_03-Eliminating Calls into the __stub Section.mp4 (2.8 MB)
    • 47.EXP312-Shellcode_04_04-Locating execv Pointer and Running the Code.mp4 (4.5 MB)
    • 48.EXP312-Shellcode_05_00-Wrapping Up.mp4 (795.1 KB)
    • 49.EXP312-Injection_01_01-Performing an Injection.mp4 (9.4 MB)
    • 5.EXP312-Tools_01_03-jtool2.mp4 (4.0 MB)
    • 50.EXP312-Injection_01_03-Verifying Restrictions.mp4 (18.7 MB)
    • 51.EXP312-Injection_02_02-Dylib Loading Process and Hijacking Scenarios.mp4 (18.2 MB)
    • 52.EXP312-Injection_02_03-Finding Vulnerable Applications.mp4 (7.8 MB)
    • 53.EXP312-Injection_02_04-Performing Dylib Hijacking.mp4 (7.8 MB)
    • 54.EXP312-Injection_02_05-Hijacking Dlopen.mp4 (4.8 MB)
    • 55.EXP312-Mach_01_00-Mach Inter Process Communication (IPC) Concepts.mp4 (7.7 MB)
    • 56.EXP312-Mach_03_00-Injection via Mach Task Ports.mp4 (1.1 MB)
    • 57.EXP312-Mach_03_01-Getting the SEND Right.mp4 (2.6 MB)
    • 58.EXP312-Mach_03_02-Writing to Remote Process Memory.mp4 (8.7 MB)
    • 59.EXP312-Mach_03_03-Starting a Remote Thread.mp4 (2.8 MB)
    • 6.EXP312-Tools_02_00-Static Analysis with Hopper.mp4 (3.4 MB)
    • 60.EXP312-Mach_04_00-BlockBlock Case Study - Injecting execv Shellcode.mp4 (688.9 KB)
    • 61.EXP312-Mach_04_01-The Vulnerability.mp4 (2.0 MB)
    • 62.EXP312-Mach_04_02-The BlockBlock Shellcode.mp4 (2.6 MB)
    • 63.EXP312-Mach_04_03-Finding the Process ID.mp4 (7.2 MB)
    • 64.EXP312-Mach_04_04-Putting it Together.mp4 (4.0 MB)
    • 65.EXP312-Mach_05_00-Injecting a Dylib.mp4 (1.8 MB)
    • 66.EXP312-Mach_05_01-Promoting Mach Thread to POSIX Thread.mp4 (6.2 MB)
    • 67.EXP312-Mach_05_02-The Shellcode.mp4 (13.8 MB)
    • 68.EXP312-Hooking_01_01-Interposing printf.mp4 (4.8 MB)
    • 69.EXP312-Hooking_01_02-Interposing ioctl Calls.mp4 (10.1 MB)
    • 7.EXP312-Tools_02_01-Views in Hopper.mp4 (8.4 MB)
    • 70.EXP312-Hooking_02_04-Hooking Objective-C Methods.mp4 (9.9 MB)
    • 71.EXP312-Hooking_02_05-Sniffing a KeePass Master Password.mp4 (9.4 MB)
    • 72.EXP312-XPC_02_00-The Low Level C API XPC Services.mp4 (7.7 MB)
    • 73.EXP312-XPC_03_00-The Foundation Framework API.mp4 (7.9 MB)
    • 74.EXP312-XPC_06_00-CVE-2019-20057 - Proxyman Change Proxy Privileged Action Vulnerability.mp4 (1.4 MB)
    • 75.EXP312-XPC_06_02-CVE-2019-20057 - Exploitation.mp4 (18.5 MB)
    • 76.EXP312-XPC_07_00-CVE-2020-0984 - Microsoft Auto Update Privilege Escalation Vulnerability.mp4 (1.9 MB)
    • 77.EXP312-XPC_07_02-CVE-2020-0984 - Exploitation.mp4 (16.0 MB)
    • 78.EXP312-XPC_08_00-CVE-2019-8805 - Apple EndpointSecurity Framework Local Privilege Escalation.mp4 (1.3 MB)
    • 79.EXP312-XPC_08_01-CVE-2019-8805 - Root Cause Analysis.mp4 (18.7 MB)
    • 8.EXP312-Tools_02_02-Navigating the Code.mp4 (5.5 MB)
    • 80.EXP312-XPC_08_02-CVE-2019-8805 - Exploitation.mp4 (7.4 MB)
    • 81.EXP312-XPC_09_00-CVE-2020-9714 - Adobe Reader Update Local Privilege Escalation.mp4 (2.3 MB)
    • 82.EXP312-XPC_09_02-Analyzing the Patch.mp4 (13.2 MB)
    • 83.EXP312-XPC_09_03-CVE-2020-9714 - Exploitation.mp4 (10.8 MB)
    • 84.EXP312-Sandbox_01_02-Entering the Sandbox.mp4 (24.8 MB)
    • 85.EXP312-Sandbox_01_03-Disable Sandbox Through Interposing.mp4 (2.9 MB)
    • 86.EXP312-Sandbox_02_02-Writing Custom SBPL Profiles.mp4 (5.6 MB)
    • 87.EXP312-Sandbox_04_00-Case Study QuickLook Plugin SB Escape.mp4 (2.3 MB)
    • 88.EXP312-Sandbox_04_01-The QuickLook Vulnerability.mp4 (1.6 MB)
    • 89.EXP312-Sandbox_04_02-Creating QuickLook Plugins.mp4 (9.1 MB)
    • 9.EXP312-Tools_02_03-External C Function Resolution.mp4 (4.0 MB)
    • 90.EXP312-Sandbox_04_03-Escaping the Sandbox - QuickLook.mp4 (7.9 MB)
    • 91.EXP312-Sandbox_05_00-Case Study Microsoft Word Sandbox Escape.mp4 (660.4 KB)
    • 92.EXP312-Sandbox_05_01-The Word Vulnerability.mp4 (4.9 MB)
    • 93.EXP312-Sandbox_05_02-Escaping the Sandbox - Word.mp4 (9.1 MB)
    • 94.EXP312-TCC_01_01-The Consent Databases.mp4 (13.3 MB)
    • 95.EXP312-TCC_01_02-User Intent.mp4 (8.7 MB)
    • 96.EXP312-TCC_02_00-CVE-2020-29621 - Full TCC Bypass via coreaudiod.mp4 (815.2 KB)
    • 97.EXP312-TCC_02_01-CVE-2020-29621 Vulnerability Analysis.mp4 (2.6 MB)
    • 98.EXP312-TCC_02_02-The Private TCC API.mp4 (9.9 MB)
    • 99.EXP312-TCC_02_03-CVE-2020-29621 Exploitation.mp4 (7.2 MB)

There are currently no comments. Feel free to leave one :)

Code:

  • udp://tracker.leechers-paradise.org:6969/announce
  • udp://tracker.coppersurfer.tk:6969/announce
  • udp://tracker.opentrackr.org:1337/announce
  • udp://tracker.zer0day.to:1337/announce
  • udp://eddie4.nl:6969/announce
R2-CACHE ☁️ R2 (hit) | CDN: REVALIDATED (0s) 📄 torrent 🕐 29 Dec 2025, 07:28:15 am IST ⏰ 23 Jan 2026, 07:28:15 am IST ✅ Valid for 5d 23h 🔄 Refresh Cache