Deep Dive into SPTM, TXM, SK and Exclaves
Advanced deep dive into Apple’s newest security components with research-grade workflows and tooling.
What you’ll be able to do
- Understand the roles, boundaries, and bootstrapping sequence of SPTM, TXM, SK and Exclaves, and how they integrate with XNU.
- Use GLx Research Platform to run SPTM/TXM/SK/Exclaves in a controlled hypervisor environment with debugger attachment and full introspection (state, memory, control flow).
- Perform practical security evaluation of component interfaces and data flows, including Tightbeam message formats, validation boundaries, and trust decisions.
- Apply coverage-guided analysis techniques to these components, including code coverage measurement and fuzzing approaches where applicable.
- Evaluate component-specific mitigations and security mechanisms (SPTM/TXM/SK/Exclaves), including analysis of TXM as the Code Signing Monitor implementation and controlled userland instrumentation runs for SPTM/TXM.
Overview
With the release of macOS Tahoe and iOS 26, Apple continues to expand platform security with ARM64 hardware-assisted mitigations and additional security boundaries. Components such as SPTM and TXM have been rolled out to more devices, and newer platforms also include the Secure Kernel (SK) and Exclaves, including recent macOS systems on the latest Apple Silicon generation. These components sit outside of the traditional XNU kernel world and introduce new trust boundaries, new interfaces, and new places where validation and enforcement decisions happen.
Unlike our Kernel Internals training, this course focuses on those newer non-kernel security components. The goal is a research-grade understanding of what each component is responsible for, how the bootstrapping sequence progresses, how data moves across boundaries, and where the interesting audit angles are. We cover Tightbeam transport concepts and message formats, how XNU communicates with these components, and how to reason about state transitions and failure modes.
Hands-on analysis is supported by the GLx Research Platform. We use it to run SPTM, TXM, SK and Exclaves inside a controlled hypervisor environment and to attach debuggers with full introspection of state, memory and control flow. Where applicable, we also cover running SPTM and TXM in userland using binary instrumentation so that specific hypotheses can be tested in a controlled way. We additionally cover practical techniques such as code coverage measurement and fuzzing approaches to evaluate interfaces and validation logic.
Syllabus (PDF)
Download the syllabus PDF: Syllabus (PDF)
Training format
Live online via Zoom
Around 5 hours of live lecture per day plus breaks
After each day: tasks/exercises to work on
Topics
The following topics are planned for the next session of the training course.
Introduction and foundations
ARM64 foundations relevant to SPTM/TXM/SK/Exclaves research (system registers, page tables, exception handling)
Apple proprietary ARM64 security mechanisms used in this space (e.g. SPRR, CTRR, and related features)
Bird’s-eye view: where SPTM, TXM, SK and Exclaves fit in the platform security architecture
Research environment and tooling
Using GLx Research Platform to run SPTM, TXM, SK and Exclaves inside a controlled hypervisor environment
Debugger attachment and full introspection across components (state, memory, control flow)
Code coverage analysis of components
Fuzzing of components
Practical data sources: logs, memory maps, kernel coredumps and correlation techniques
Tightbeam
Messages
Endpoints
Transports
Practical analysis of message formats and validation boundaries
XNU ↔ secure components integration
Communication between XNU and SPTM / TXM / Exclaves
Key interfaces and boundaries: what data crosses, where trust decisions happen
Typical audit angles (parsing, validation, state transitions, error handling)
SPTM
Reverse engineering SPTM
Internal structure and key data types
Bootstrapping and internal state transitions
Debugging and introspection in the hypervisor environment
Running SPTM in userland with binary instrumentation
Discussion of mitigations and security mechanisms used by SPTM
TXM
Reverse engineering TXM
Internal structure and key data types
Evaluation of the Code Signing Monitor implementation
Debugging and introspection in the hypervisor environment
Running TXM in userland with binary instrumentation
Discussion of mitigations and security mechanisms used by TXM
SK (Secure Kernel)
Reverse engineering SK
Internal structure and key data types
L4 system calls and L4 object types
Debugging and introspection in the hypervisor environment
Analyzing crashes and exception paths with full context (registers/state/memory)
Discussion of mitigations and security mechanisms used by SK (Secure Kernel)
Exclaves
Reverse engineering ExclaveOS, ExclaveKit, and related components
Internal structure and key data types
Debugging and introspection for Exclave apps in the hypervisor environment
Runtime enumeration of components/ASIDs/threads and correlating them with observed execution paths
Discussion of mitigations and security mechanisms used by Exclaves / ExclaveOS
Training takeaways
Training material (slides) is handed out digitally.
Recordings are available for a limited time after the training.
Trainees receive a license for the Antid0te software/scripts used during the training (usage allowed, redistribution not allowed).
Training requirements
Student requirements
Basic understanding of exploitation (note: not an exploitation training)
C and Python programming knowledge
Basic knowledge of ARM64 assembly
Hardware requirements
Apple Mac capable of running latest macOS within a virtual machine (need to boot in recovery mode)
Enough disk space to run VMs
Software requirements
Disassembler capable of understanding ARM64 macOS/iOS binaries (IDA, Ghidra, Binary Ninja)
macOS Tahoe with Xcode and iOS SDK (or newer)
VirtualBuddy (ARM64)
Additional software will be made available during the training
Virtual venue
The sessions are held via Zoom. Trainees also get access to a Discord server used for information and exercise discussions. Recordings are made available for a limited time after the training.
Timezones
We offer this training in an EU/North America edition and an APAC edition. Live lecture blocks are followed by hands-on exercises trainees complete before the next day.
| 17:00 – 22:00 | Berlin |
| 16:00 – 21:00 | London |
| 08:00 – 13:00 | Seattle / Vancouver |
| 11:00 – 16:00 | New York / Montreal |
| 23:00 – 04:00 (+1) | Singapore |
| 01:00 – 06:00 (+1) | Sydney |
| 10:00–12:30 / 13:30–16:00 | Singapore (SGT) |
| 09:00–11:30 / 12:30–15:00 | Bangkok / Jakarta |
| 11:00–13:30 / 14:30–17:00 | Tokyo / Seoul |
| 12:00–14:30 / 15:30–18:00 | Sydney / Melbourne |
| 07:30–10:00 / 11:00–13:30 | India |
| 14:00–16:30 / 17:30–20:00 | Auckland / Wellington |
Pricing
We offer the following prices for the training.
| EUR | 4500,- EUR |
| SGD | 6500,- SGD |
| USD | 5000,- USD |
Payment is possible via international bank transfer or via credit card (Stripe). We usually charge in SGD, but can charge in EUR and USD if requested.
Register
If you have questions or want to register for this training, email us. Signup, billing and execution of the training is handled by Antid0te SG Pte. Ltd.
Private / in-house sessions
If none of the scheduled dates fit your timezone, or you want a private company session (remote or on-site), email us with your preferred time window, headcount, and topic focus.