AppSec Labs Training Programs / Mobile Security

iOS Application Hacking 3-days

This course will focus on the techniques and tools for testing the security of iOS mobile applications. During this course the students will learn about important topics such as the iOS Security model, the emulator, how to perform static analysis, traffic manipulation, and dynamic analysis. By taking this course you will be able to perform penetration testing on iOS mobile applications and expose potential vulnerabilities in the tested application.

Download Syllabus (PDF)

Get Quote

Enroll

Description

The objectives of the course are:

Understand the iOS application threat landscape
Perform penetration testing on iOS mobile applications
Identify vulnerabilities and exploit them
Operate AppSec Labs’ unique iNalyzer customized VM for iOS pen-testing

Topics

Day 1

Introduction to iOS Security

Welcome to iOS

What makes mobile security so different?

OWASP Top 10 Mobile

What is iOS?

iOS Device Architecture

iOS Security Model

iOS File System isolation

Application Sandbox

The iOS Pen-Testing Environment

Lab Setup overview

Device Setup

Jailbreaking iOS

Cydia Installations

Laptop Installation

AppSec Labs iNalyzer

Application Static Analysis

The need for Static Analysis

Sources for Static Analysis

The IPA file package

IPA file deployment on device

IPA manual file installation

The CodeResources file

Anti tampering configuration

Tampering with IPA Content

Investigating the Application contents – View Controllers

Investigating Info.plist file

Listing all CFUR types on a device

Investigating Binary – URI Strings

Investigating Binary – Parameters usage

Investigating Binary – Encryption

iOS Binary Application Structure

Encryption

Decrypting Binary – concept

Static analysis of a decrypted Binary

Investigating binary content

Reversing Interfaces

Using iNalyzer for static analysis

Day 2

Application Storage Analysis

File System access security

File System Data Protection Class

File System access

Application storages

Property list files (.plist)

Tampering with Property list files (.plist)

Investigating Plist files – plutil.

Database files (.db/.sqlite)

Snapshots Storage

Persistent Cookies

Investigating Logs

Keyboard Cache

Cryptographic failures

Keychain access

iNalyzer Storage Snapshot

Traffic Manipulation

Traffic Analysis and Manipulation

Common architecture

Bad Session Management

Phone identifiers used in authentication

Credentials leakage

Client information sent to advertisement/analytics server

Server side vulnerabilities

Sniffing Traffic

Traffic interception

SSL obstacles

Importing SSL certificates & trusted CA’s

Bypassing server certificate validations

Day 3

Temporary Runtime Manipulation

Why do we need temporary runtime manipulation?

Temporary runtime manipulation tools

Objective C class interposing

Runtime manipulation with Cycript

Cycript: as a Tampering tool

Runtime manipulation with iNalyzer Dashboard

Persistent Runtime Manipulation

Means of persistent manipulation

Persistent runtime manipulation technique

Persistent runtime manipulation – backstage

Persistent runtime manipulation frameworks

Theos Injection Framework

iNalyzer header dump

iNalyzer class dump reference

Reversing iOS Binary

IDA Pro

Remote debugging with GDB

Target Audience

Prerequisites

Hardware & Software Requirements

Interested in this course? Have any questions?
Let us know and we’ll get back to you…

Days

Topics

100

% Pure Security knowledge!

AppSec Labs Training Programs / Mobile Security

iOS Application Hacking 3-days

Description

Topics

Day 1

Introduction to iOS Security

Application Static Analysis

Day 2

Application Storage Analysis

Traffic Manipulation

Day 3

Temporary Runtime Manipulation

Persistent Runtime Manipulation

Target Audience

Prerequisites

Hardware & Software Requirements

Interested in this course? Have any questions?
Let us know and we’ll get back to you…

Send us mail

Stay updated, follow us..

AppSec Labs

AppSec Labs Training Programs / Mobile Security

iOS Application Hacking 3-days

Description

Interested in this course? Have any questions? Let us know and we’ll get back to you…

Send us mail

Stay updated, follow us..

AppSec Labs

Interested in this course? Have any questions?
Let us know and we’ll get back to you…