So Long OSMR

Created in December 13, 2025

2025   ·   notes   learning   apple

It’s been a while since I posted here. That was always going to be the plan. I had been keeping an eye on taking the OffSec OSMR (OffSec macOS Researcher) course for some time. There was always a good reason to not take the course. My primary reason for waiting was for the course to be updated from Intel chips to be ARM-based on Apple Silicon. Eventually that happened, and then I was waiting for the hopefully month-long November Black Friday sale to save 20% on the Year One subscription. This year was finally going to be the year I took this course, wrote blog posts as I dove into the internals of macOS, and eventually passed the exam.

In July, I started preparing my pre-reading for the course using various sources. However, I decided that any time I spent reading might be wasted when I could be using it on the course material. With that, I signed up and started on the course materials, spending time on the course where I could, around already planned trips and events. Unfortunately, at the end of September, Offensive Security announced that it would end new OSMR exams by November 2nd, leaving current students with a little more than 30 days to take the exam. This was not something I could accomplish in that short time frame. I was able to get a refund for my course, though I would have much rather taken the course and exam as I had initially planned.

A few thoughts on the course that I did work through. First, the entire lab environment is completely self-hosted. This is good in some ways and terrible in others. There is quite a bit of setup to get all the specific versions of macOS and Xcode needed to complete the exercises and labs. These all need to be done on an Apple Silicon chip, though some will also work on an Intel version of macOS. Regardless, you will need an Apple computer to do this.

Second, you can tell the course didn’t get much love from OffSec. The course videos still demonstrated everything on older Intel chips. This is not really a problem so much, but anything with assembly will be different and will have different instructions. The course text also needed an editor or at least someone to review it. Sentences were sometimes repeated or unclear because the content was assembled in a way from a previous version or had been moved around from another section. This is honestly not acceptable to me. Your core business is teaching, and someone didn’t sit down to read the text and make minor changes. Especially since this updated course was mostly going to be driven by that text.

Lastly, I understand the ‘try harder’ slogan that they use to say they are not going to spoon-feed you the answers, which is fine, but there should be an answer key of some sort to at least check your understanding of the concept and the exercise. The only help you receive is from Discord, which is staffed mainly by volunteers. I had questions, and I’ve seen other posts with questions that just went unanswered. This, to me, is also not acceptable for a paid course, especially at this cost. I’m paying you to teach me the course objectives. Some things I eventually figured out, some things I never did.

Overall, I understand OffSec’s predicament here. I’m sure out of their courses, this is probably one of the least popular. There is a cost to maintain and update the content, host the exam infrastructure, and then grade the exam. The Apple security space, especially for macOS, is much smaller than many other areas in infosec. Some of that is because there are just not a lot of Apple-specific information security courses, so the pool of people is not growing. But also because there are not many, they don’t sign up for these types of courses. Very much a chicken-and-egg problem.

I plan to continue self-studying and share what I learn. I have another SANS course kicking off as well. More hopefully in late January.