macOS Architecture & Internals
15%
macOS kernel (XNU), SIP, Gatekeeper, AMFI, TCC, Sandbox, Mach-O binary format
macOS Enumeration
20%
Local recon with osquery, dscl, launchctl, process listing, network connections, keychain
Privilege Escalation
25%
Sudo misconfigs, SUID, dylib hijacking, Launch Agent abuse, environment injection
Persistence Mechanisms
20%
LaunchDaemons, LaunchAgents, login items, emond, periodic scripts, cron jobs
Security Controls Bypass
10%
SIP check/bypass, TCC database manipulation, Gatekeeper bypass, quarantine removal
macOS Exploitation
10%
Objective-C/Swift app exploitation, memory corruption basics, Frida instrumentation