training courses

Adversary Tactics:
Mac Tradecraft

  • Sign Up For Training Updates

  • This field is for validation purposes and should be left unchanged.


Bridge the Mac Gap

Red team operators have long enjoyed robust community and commercial tooling to simulate advanced adversary tradecraft in traditional enterprise environments. As organizations have increasingly moved to hybrid, or non-Windows, environments our red team community knowledge has not kept pace. This course focuses on bridging that gap to enable red teamers to operate in increasingly hybridized or macOS-focused environments.

course summary

Mac Tradecraft

In Adversary Tactics: Mac Tradecraft, we highlight the latest macOS security enhancements and arm participants with the foundational knowledge to operate against macOS endpoints and environments. The course then builds on that foundation through a deep dive into the concepts behind techniques to enable operational flexibility and prepare for future macOS enhancements, rather than simply training with specific available tooling.

  • Introduction & Course Overview
  • Lab and course range infrastructure
  • macOS Introduction
  • macOS Security
  • C2 Frameworks & Mythic Overview
  • JavaScript for Automation
  • Initial Access & Payload Development
  • Situational Awareness
  • Active Directory & Kerberos
  • Persistence
  • Entitlements, TCC, & System Integrity Protection
  • Privilege Escalation
  • Credential Access
  • Evasion


The Adversary Tactics: Mac Tradecraft course drops you into a modern macOS hybrid environment that mimics what SpecterOps operators encounter in real-world red team exercises. Participants will focus on macOS payloads for initial access, crafting custom techniques on the fly via JXA and Objective C, identifying persistence and privilege escalation opportunities, stealing credentials, and avoiding common EDR detections via XPC services and native APIs. The course aims to teach participants about the potential OPSEC consequences of their actions and the details behind their techniques rather than just how to run common tooling.

Training Participants

Who Should Take This Course
Participant Requirements
What Participants Should Bring
Participants Receive

Who Should Take This Course

This is an advanced course is intended for expert red team operators or those with previous macOS experience looking to learn more about how macOS controls and technology affects an adversary’s tradecraft or mindset. The course includes a team-based, hands-on lab requiring on-keyboard execution of complex red team tradecraft against macOS endpoints.

Training Solutions

Explore Other Training Options

Private Trainings

If a public offering of the training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.

Private Trainings