Agentic Deep Dive into SPTM, TXM, SK and Exclaves
Five-day in-person Singapore deep dive into SPTM, TXM, Secure Kernel and Exclaves, with agentic workflows used to accelerate diffing, reversing, validation, and guided exploitation labs.
What you’ll be able to do
- Analyze SPTM, TXM, Secure Kernel and Exclaves with a practical model of trust boundaries, validation choke points, attack surface, and XNU↔Exclave communication paths.
- Use agentic reverse engineering workflows to accelerate diffing, interface recovery, code navigation, and hypothesis generation without giving up researcher control.
- Use GLx Research Platform as the execution and validation environment for debugger attachment, state inspection, trace collection, controlled reruns, and exploit-path testing.
- Build and test demo proof-of-concept exploits for selected vulnerabilities in SPTM, TXM, SK and Exclaves, with and without a compromised kernel.
- Evaluate how MCP-style or equivalent tool bridges can expose selected GLx capabilities to an AI agent in a way that stays auditable and useful for real research.
Overview
This five-day in-person Singapore edition keeps the full technical scope of the Deep Dive training. The course still covers SPTM, TXM, Secure Kernel, and Exclaves in depth: how the components fit together, what their trust boundaries look like, where validation and ownership decisions happen, how XNU interacts with them, and which areas matter most from a security-research and exploitation perspective.
The agentic angle is the differentiator, not a replacement for the core content. We look at where AI agents can genuinely help with diffing new versions, exploring unfamiliar binaries, recovering interfaces, summarizing changes, generating helpers, and proposing hypotheses — while the human researcher remains responsible for direction, trust decisions, and validation.
A key part of the course is that the GLx Research Platform becomes part of the workflow. Selected GLx capabilities can be exposed to an AI agent via MCP-style interfaces or comparable tool bridges so the agent can help drive controlled runs, inspect state, query traces, and support iterative validation directly against the execution environment.
Because this is a five-day in-person format, we can spend more time on guided labs, live debugging, collaborative reversing, and exploitation exercises than in the standard online edition. That includes working through demo vulnerabilities and building proof-of-concept exploits for the targeted components in a controlled research setting.
Training format
In person in Singapore
24–28 August 2026
09:00–17:00 Singapore time (SGT)
Five full days with lecture blocks, guided labs, and daily discussion
Small-group format with direct instructor interaction
Topics
The following topics are planned for the first run of the training course.
Introduction and foundations
ARM64 foundations relevant to SPTM/TXM/SK/Exclaves research (system registers, page tables, exception handling)
Apple proprietary ARM64 security mechanisms used in this space (e.g. SPRR, CTRR, and related features)
Bird’s-eye view: where SPTM, TXM, SK and Exclaves fit in the platform security architecture
Where agentic workflows can accelerate initial orientation, diffing, note-taking, and hypothesis generation without replacing validation
Research environment and tooling
Using GLx Research Platform to run SPTM, TXM, SK and Exclaves inside a controlled hypervisor environment
Debugger attachment and full introspection across components (state, memory, control flow)
Code coverage analysis of components
Fuzzing of components
Practical data sources: logs, memory maps, kernel coredumps and correlation techniques
Using agentic workflows to correlate logs, crash context, diff results, and traces while keeping a reproducible audit trail
Structuring repeatable agent-assisted workflows for task decomposition, note capture, and hypothesis tracking
Tightbeam
Messages
Endpoints
Transports
Practical analysis of message formats and validation boundaries
Using agentic assistance to recover message schemas, cluster field changes across versions, and flag validation boundaries for manual review
XNU ↔ secure components integration
Communication between XNU and SPTM / TXM / Exclaves
Key interfaces and boundaries: what data crosses, where trust decisions happen
Typical audit angles (parsing, validation, state transitions, error handling)
Agent-assisted interface recovery, call-path tracing, and clustering of relevant entry points across versions
Agentic reverse engineering workflows
Using agents for version diffing, interface discovery, reversing-task decomposition, and navigation of unfamiliar binaries
Creating repeatable prompt/tool loops instead of one-shot guesses
Keeping an audit trail of what the agent produced and what was actually validated
Researcher-in-the-loop validation: deciding what should remain manual and what can be delegated
GLx integration for agents
Exposing selected GLx capabilities to the agent via MCP or comparable tool interfaces
Controlled code execution, debugger attachment, register/state inspection, and repeatable reruns
Letting the agent query traces, memory snapshots, crash context, and controlled reruns while keeping the researcher in control
Practical boundaries: what should be delegated, what should remain manual, and how to avoid self-deception
Exploitation module (NEW)
Exploitation paths for SPTM, TXM, SK and Exclaves with and without a compromised kernel
Building proof-of-concept exploits for demo vulnerabilities used in the training labs
Using GLx to observe state transitions, fault paths and exploit side effects during controlled runs
Reasoning about mitigation boundaries, preconditions, and realistic attacker constraints
Using agentic workflows to iterate on exploit hypotheses, triage failed attempts, and track assumptions against observed runtime behavior
SPTM
Reverse engineering SPTM
Internal structure and key data types
Bootstrapping and internal state transitions
Debugging and introspection in the hypervisor environment
Running SPTM in userland with binary instrumentation
Discussion of mitigations and security mechanisms used by SPTM
Using agentic assistance for version diffing, naming suggestions, cross-reference clustering, and instrumentation planning
TXM
Reverse engineering TXM
Internal structure and key data types
Evaluation of the Code Signing Monitor implementation
Debugging and introspection in the hypervisor environment
Running TXM in userland with binary instrumentation
Discussion of mitigations and security mechanisms used by TXM
Agent-assisted review of parser entry points, data-flow candidates, and code-signing related structures across versions
SK (Secure Kernel)
Reverse engineering SK
Internal structure and key data types
L4 system calls and L4 object types
Debugging and introspection in the hypervisor environment
Analyzing crashes and exception paths with full context (registers/state/memory)
Discussion of mitigations and security mechanisms used by SK (Secure Kernel)
Agent-supported crash triage, call-path summarization, and validation of hypotheses against live debugger state
Exclaves
Reverse engineering ExclaveOS, ExclaveKit, and related components
Internal structure and key data types
Debugging and introspection for Exclave apps in the hypervisor environment
Runtime enumeration of components/ASIDs/threads and correlating them with observed execution paths
Discussion of mitigations and security mechanisms used by Exclaves / ExclaveOS
Agentic support for enumerating components, correlating runtime behavior, and mapping execution paths back to code and data
Training takeaways
Training material (slides) is handed out digitally.
Lab material and helper tooling used during the class are made available to attendees.
A detailed syllabus PDF is available for download.
Syllabus (PDF)
Download the syllabus PDF: Syllabus (PDF)
Pricing
We offer the following prices for the first Singapore run of the training.
| EUR | 5200,- EUR |
| SGD | 7500,- SGD |
| USD | 5990,- USD |
Payment is possible via international bank transfer or via credit card (Stripe).
Training requirements
Student requirements
Solid interest in low-level macOS/iOS research and modern secure-component analysis
C and Python programming knowledge
Basic knowledge of ARM64 assembly
Prior AI-agent or MCP experience is helpful, but not required
Hardware requirements
Apple Mac suitable for bringing to an in-person lab environment
Enough local disk space for supplied material, traces, and VM-based work
Software requirements
Disassembler capable of understanding ARM64 macOS/iOS binaries (IDA, Ghidra, Binary Ninja)
Current macOS setup suitable for the research workflow discussed in class
Additional tooling details will be shared with registered attendees
Venue
The training will take place at a venue in the Singapore CBD area. Final venue details will be shared with registered participants.
Final venue details shared with registered participants.
Registration and execution note
This training is run by Antid0te SG Pte. Ltd.. The first in-person session is scheduled for 24–28 August 2026.
Register
If you have questions or want to register for this training, email us. Signup, billing and execution of the training is handled by Antid0te SG Pte. Ltd.
Private / in-house sessions
If none of the scheduled dates fit your timezone, or you want a private company session (remote or on-site), email us with your preferred time window, headcount, and topic focus.