Trainings

Next session on the 15th of January 2020

Synopsis

During this training, we will dispense all the knowledge needed to study iOS applications to perform either a security assessment, or a comprehensive reverse engineering. We will focus on the latest versions of iOS (starting from 11). The training heavily relies on practice therefore numerous labs exercises will be done.

Target audience

  • Reverse engineers interested in iOS
  • Security engineers with no prior experience in iOS but who needs to assess apps or start studying the system.

Duration

3 days (15-16-17 January 2020)

Prerequisites

  • Familiar with an assembly language
  • Familiar with operating system concepts
  • Basic knowledge of Python

Objectives

  • Being able to assess or study an iOS application
  • Being able to understand or explore most of iOS Userland components

Exercises

  • Binaries reversing
  • Small tools writing

Modules

Day 1

  • Introduction

    • Lab setup
  • Applications

    • Architecture
    • Mach-O
    • Shared Cache
    • App Life Cycle
    • Objective-C

Day 2

  • App Reverse Engineering & Security

    • Instruction Set Architecture
    • Static Analysis
    • Dynamic Analysis
    • Security

Day 3

  • Daemons & Communications

    • XPC
  • iOS Security Mechanisms

    • Code Signing
    • Entitlements
    • Jailbreaks