Module 1: Introduction to iOS Security
- iOS Platform Basics
- iOS Application Development and Testing
- Objective C and iOS Frameworks
- Xcode, iPhone and iPad simulators
- The ARM processor
- MVC basics and a sample iOS application
- Event Driven applications
- iOS Platform Security
- Secure Boot
- Application Code Signing and Appstore restrictions
- Application Sandboxing
- Encryption and Data Security
- Secure Network Access
Module 2: Creating an Application Pentest Platform
- iOS – Platform Constraints and Limitations
- Jailbreaking – Why and How?
- History of Jailbreaking exploits
- Cydia and other 3rd party repositories
- Installing Assessment Tools on your iPhone
- Filesystem analysis
- Runtime analysis
- Debugging and Dis-assembling
- Network Monitoring – proxies, raw traffic dumps
- Sqlite basics
- Plist basics and Plutil
- Class-Dump
Module 3: Advanced Application Runtime Analysis
- Decrypting Applications
- GDB
- Clutch and other tools
- Runtime Analysis with GDB
- GDB basics – breakpoints, conditionals etc.
- Debugging Objective-C and understanding objc_msgSend
- Inspecting Objects in Memory
- Calling Functions and Methods
- Disassembling iOS Applications
- ARM assembly basics
- Registers and function/method calling
- Modifying data and Changing Control
- Runtime Analysis with Cycript
- Cycript Basics
- Using the JS – Objective-C bridge
- Finding Variables and Methods in memory
- Inspecting Variables and Calling Methods
- Replacing Methods at runtime
- Using 3rd party Cycript scripts
Module 4: Exploiting iOS Applications
- Examining Application Data Storage at Runtime
- Plist and XML files
- NSUserDefaults
- Sqlite Data
- Keychain
- Core Data Services
- Temporary files
- Directory Structure and Snapshot Analysis
- Insecure Local Data Storage
- Plist, XML, Sqlite, Temp Files etc.
- Information leakage using log files
- Keychain Data Storage and Security
- Data and File Security
- Improper Encryption
- Breaking Authentication and Authorization
- Insecure Session Management
- Cookies.binarycookies
- Exploiting IPC / URL Schemas
- Insecure Data Caching – keyboard, UI screenshots etc.
- Improper use of UIPasteboard
- Application Fuzzing
- Attacking UIWebViews (XSS)
- Attacking XML Parsing
- Analyzing and attacking HTTP/HTTPS
- Using self-signed certificates with proxies
- Traffic interception and mangling
- Security concerns with NSURLxxxx and CFNetwork
- Security concerns with CFStream and NSStream
- Directory Traversal attacks
- Attacking Server side applications / Web services from the App
- UDID privacy concerns and faking
- Security concerns due to the C platform
- Buffer overflows and memory corruption
- Poison NULL byte attacks
- Format string vulnerabilities
- Understanding Anti-Piracy techniques
- Plist, Bundled items, Signer Identity etc. checks
- Anti-Debugging techniques
- File integrity / Hash etc. checks
- Anti Anti-Piracy techniques
- Beating checks
- Replacing check functions / methods
- Mobile Substrate
- Basics of Runtime Patching
- Using Mobile Substrate
- Hooking with MobileHooking
- MSHookMessage
- MSHookMessageEx
- MSHookFunction
- MobileLoader
- Hooking with MobileHooking
- Code Injection with DYLD_INSERT_LIBRARIES
- API Monitoring
- Solving Application Challenges
Module 5: iOS Forensics and Data Recovery
- Filesystem Organization in iOS
- Understanding Disk and File Encrption
- Forensics on non-Jailbroken devices
- PIN brute-forcing on the device
- Forensics on Jailbroken devices
- Recovering and Analyzing Data
- Plist, Keychain
- Address book, Maps, Call History, SMS, Photos etc.
- Safari, Chrome caches, saved data
- iTune backups basics
- File and Data recovery
Module 6: iOS Malware and Backdoors
- History of iOS Malware
- Background tasks, Daemons and launchd
- Backdoors, Malware examples
- Bind and Reverse Connect Shells on iOS
- Interacting with the shells via Metasploit