In this article, you will find relevant information and answers to questions related to EXP-312 Course Exam.
- Exam tour
- What is OSMR?
- Where can I find the exam guide?
- How do I know if I'm ready to take the exam?
- How do I schedule my certification exam?
- What is the exam retake policy?
- How do I know what the goals of the exam are?
- How do I get points on the exam?
- How many points do I need to pass the exam?
- Do I get points for partial solutions?
- Can I submit an exercise report for bonus points?
- Is reverse engineering part of the exam?
- Is fuzzing part of the exam?
- Do I need to include code and screenshots in the exam report?
- Do target machines contain a flag?
- What is required as documentation for flags?
- Are there assignment dependencies in the exam?
- Can I revert machines during the exam?
- If I get stuck on one assignment, can I still complete the exam?
- Do I need a local VM for development during the exam?
- In which languages can I write my exploits?
- Can I use a debugger that is not a Hopper or LLDB?
- Can I use a disassembler that is not a Hopper?
- Can I use plugins for Hopper?
- Can I download exam binaries to my local system?
- Can I use Discord during the exam?
- How do the labs and extra miles compare to the exam?
- If I failed and retake the exam, will I get the same exam machines?
- Can I appeal my exam result ?
- May I request feedback on the exam?
- What information is available about exam proctoring?
Exam tour
Watch this video for a quick overview on the exam process, from scheduling to submitting your exam report.
This video was current as of October 2022. As we continue to improve the Learning Library, slight modifications in the interface or functionality may appear.
Have more questions? Check the frequently asked questions below.
What is OSMR?
The OffSec macOS Researcher (OSMR) certification exam simulates a macOS system in which multiple vulnerabilities need to be exploited or security features bypassed in order to gain full system compromise. You will have 47 hours and 45 minutes to fully compromise the system, and a further 24 hours to submit your documentation. You'll need to provide proof of exploitation for each exploit.
Where can I find the exam guide?
The OSMR exam guide is available at the following link: OSMR Exam Guide
How do I know if I'm ready to take the exam?
Although this is a difficult question to answer, we recommend that at a minimum, you understand the majority of the concepts taught in the course and have completed the exercises and the extra miles.
How do I schedule my certification exam?
To learn how to schedule an exam, how to see the amount of time you have left before your exam attempt expires or understand how rescheduling an exam works, please visit our Managing OffSec Certification Exams article.
What is the exam retake policy?
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
How do I know what the goals of the exam are?
Once your exam starts, you will get access to the control panel. On the control panel, you will find four assignments with instructions on how to solve them.
How do I get points on the exam?
Points are awarded by solving exam assignments.
How many points do I need to pass the exam?
The total score on the exam is 80 points, with a passing score of 70. This equals to solving three of the four exercises, two of which are mandatory.
Do I get points for partial solutions?
No, only solutions that fully solve the assignment are rewarded exam points.
Can I submit an exercise report for bonus points?
No, it is not possible to obtain any bonus points on the OSMR exam from completing the course exercises.
Is reverse engineering part of the exam?
Yes, reverse engineering to locate vulnerabilities is part of the exam.
Is fuzzing part of the exam?
No, all vulnerabilities are meant to be located through the use of reverse engineering.
Do I need to include code and screenshots in the exam report?
You should include enough information in the exam report so our graders can replicate your steps. This includes explaining your code as well as all exploitation and reverse engineering steps.
Do target machines contain a flag?
Yes, for assignments that require you to write an exploit, you must obtain a proof.txt from a target machine through a remote shell. Some assignments will not require the collection of proof.txt.
What is required as documentation for flags?
In the exam report, you must include a screenshot of the flag in its original location by using the "cat" command. You must also include the output of "ifconfig | grep inet".
Are there assignment dependencies in the exam?
Yes, the two mandatory assignments are dependent upon each other.
Can I revert machines during the exam?
Yes, you can revert the exam machines through the control panel.
If I get stuck on one assignment, can I still complete the exam?
Yes, it is possible to pass the exam by solving three out of four assignments.
Do I need a local VM for development during the exam?
As part of the exam, learners will have to write exploits and perform parts of reverse engineering on their exam VMs. A development VM will be provided in our VPN network.
In which languages can I write my exploits?
All exploit code must be written in C, Objective-C, zsh or Python 3, depending on the situation. For example, dynamic libraries must be written in C or Objective-C, but scripts can be written in Python3 or zsh. This is to facilitate the grading process.
Can I use a debugger that is not a Hopper or LLDB?
No, you must use lldb or Hopper in the exam. This is to facilitate the grading process.
Can I use a disassembler that is not a Hopper?
No, you must use Hopper. IDA, Ghidra, and other disassemblers are not allowed.
Can I use plugins for Hopper?
Yes, you may use any custom or open source Hopper plugins, but you must be able to fully explain what the plugin does and how it works as part of your exam documentation. Note that the exam assignments can be fully solved using the tools and techniques taught through the course, so no additional plugins or extensions are required.
Can I download exam binaries to my local system?
No, you may not transfer or download any exam-related files from the development VM provided, unless specifically stated in the exam assignment. In such cases which allow this, the exam-related files must be deleted at the end of the exam.
Can I use Discord during the exam?
While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform. This includes but is not limited to, asking for help, sharing exam-related information, or discussing any aspect of the exam with others.
How do the labs and extra miles compare to the exam?
The challenges in the EXP-312 labs train learners for most of the concepts that are tested in the exam.
If I failed and retake the exam, will I get the same exam machines?
The OSMR exam consists of a pool of exam sets. The exam sets are assigned at random, so there is no guarantee you will receive the same exam set on a retake.
Can I appeal my exam result?
Learners who wish to address any concerns or seek clarification regarding their results can initiate an appeal through our Challenges Department. To initiate an appeal, please contact us via email at "challenges AT offsec DOT com"
Upon receiving your appeal, our team will conduct a diligent review of your results. We understand the significance of a timely response, and we commit to providing you with an update promptly after we have reached a final decision on the matter. Please note that we strive to complete the review process within a maximum of ten (10) business days.
May I request feedback on the exam?
Certainly! You can request an exam feedback should you have provided your exam report with us and have insufficient points. Please contact us via email at "challenges AT offsec DOT com" and we will provide you with feedback within 10 business days.
What information is available about exam proctoring?
All OSMR exams are proctored. Please make sure to read our online FAQ.