Adversary Tactics:
Mac Tradecraft

The Adversary Tactics: Mac Tradecraft course drops you into a modern macOS hybrid environment that mimics what SpecterOps operators encounter in real-world red team exercises. Participants will focus on macOS payloads for initial access, crafting custom techniques on the fly via JXA and Objective C, identifying persistence and privilege escalation opportunities, stealing credentials, and avoiding common EDR detections via XPC services and native APIs. The course aims to teach participants about the potential OPSEC consequences of their actions and the details behind their techniques rather than just how to run common tooling.

This is an advanced course is intended for expert red team operators or those with previous macOS experience looking to learn more about how macOS controls and technology affects an adversary’s tradecraft or mindset. The course includes a team-based, hands-on lab requiring on-keyboard execution of complex red team tradecraft against macOS endpoints.

Participants should be familiar with penetration testing concepts and tools, Active Directory, and macOS internals.

Participants must provide their own computer with a modern web browser installed to access training materials and complete the course’s labs. The SpecterOps training platform URL (https://specterops.training) must be accessible from the participant’s computer throughout the duration of the course.

There are no local virtual machines or special software required to fully participate in the course or labs.

During the course, participants will be provided access to a comprehensive range to perform course labs and goals.

Upon completion of the course, participants are provided with a copy of course slides, copies of solution guides/videos, and a certificate of completion.