SKILL: macOS Security Bypass — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert macOS security bypass techniques. Covers TCC bypass, Gatekeeper evasion, SIP restrictions, sandbox escape, and entitlement abuse. Base models miss version-specific bypass nuances and protection interaction effects.

0. RELATED ROUTING

Before going deep, consider loading:

• macos-process-injection when you need dylib injection, XPC exploitation, or Electron abuse after achieving initial access
• linux-privilege-escalation for Unix-layer privesc techniques that also apply to macOS (SUID, cron, writable paths)
• linux-security-bypass for shared Unix security bypass concepts

Advanced Reference

Also load TCC_BYPASS_MATRIX.md when you need:

• Per-macOS-version TCC bypass mapping
• Protection-type-specific techniques (Camera, Microphone, FDA, Automation)
• MDM/configuration profile abuse patterns