• Goa 2020
  • Training
  • Hacking iOS Applications, Like A Pro

Hacking iOS Applications, Like A Pro

Abhinav Mishra

Sold Out
Abhinav Mishra

Trainer Name: Abhinav Mishra
Title: Hacking iOS Applications, Like A Pro
Duration: 3 Days
Dates: 3rd - 5th March 2020

Intro

Can you guess an attack surface, which is constantly moving, connecting to several different wifi, stores user critical information and is still highly insecure? Well the answer is, Mobile applications. With almost 15% market share, iOS devices and iOS applications handle huge amount of user data. This requires these apps to be very secure and strong in terms of security. Though, that's not the case often. This comprehensive training will talk about real world iOS application security issues, and will teach the delegates, how to find and exploit those vulnerabilities.

Overview

A training designed to teach the skills required to find and exploit vulnerabilities in real world iOS applications. The training includes exploits and vulnerabilities discovered on several penetration tests or in bug bounty programs. The target mobile apps used in this training are a state of art training apps, enabling attendees to change the security controls through a hidden menu. One app to understand both sides of the coin i.e. secure & insecure implementations, in action. The training application is also available in both formats, Objective C and Swift. As all topics are followed by challenges, to be first solved by the delegate, it teaches a hands on, real world approach.

Course outline

  • iOS security architecture
    • Understanding iOS security architecture
    • iOS Application signing
    • Understanding iOS sandboxing
    • Introduction to Objective-C & Swift
  • Application Structure and format
    • IPA format
    • Application components
  • Setting up a testing environment
    • iOS pentesting tools
    • Setting up Mobexler
    • Using Linux/Windows for pentesting iOS apps
    • Setting up frida with jailbroken iOS device
  • Jailbreaking
    • What is Jailbreaking??
    • How jailbreaking works!
    • Let's jailbreak your device
    • Finding a jailbreak app for every device
  • Analysing the app
    • Exploring the IPA
    • Encrypted and Unencrypted IPA
    • In & Out of an application package
  • Reverse engineering iOS app
    • Reversing the IPA
    • Finding hardcoded information inside the app
    • Reversing app with Hopper | IDA Pro
  • Traffic analysis
    • Capturing & analysing application traffic
    • Understanding need for SSL
    • SSL pinning implementation
    • Ways to bypass SSL pinning
      • SSL Kill Switch
      • Frida scripts
      • Objection
  • Jailbreak detection & Bypass (Using Frida & Objection)
  • Analysing & Exploring iOS local storage
    • Different ways of storing data inside iOS apps
    • Handling sensitive application data
    • Secure and Insecure storage
    • Unintentional data leakage
    • Dumping app storage
    • iOS pasteboard
    • Dumping keychain data
    • Dumping pasteboard
  • Logging in iOS applications
  • Deeplinking in iOS apps
    • URI schemes in iOS applications
    • Security issues with URI schemes
    • Webviews and vulnerabilities
    • Deeplink implementations and misconfigurations
    • Analyzing JavaScript injection vulnerabilities
  • Using Frida
    • Writing your first frida script
      • Finding classes
      • Finding methods
      • PIN code brute forcing using frida
    • Using frida to trace method calls during runtime
    • Extracting unencrypted IPA using frida
    • Using Frida to instrument an iOS application
    • Identifying cryptography API usage with Frida
    • Heap memory dump with frida
    • Doing more than just Class dump
  • Using Objection
    • Local storage exploration using objection
    • Finding and exploiting security controls using Objection
    • Hacking touch Id local authentication
  • Injecting frida inside an IPA
  • Penetration testing iOS applications on a non-jailbroken device
  • Logical vulnerabilities in iOS applications
  • Other common security issues in iOS applications
  • Challenges in real world penetration testing and bypassing the challenges

Who should take this course?

  • Penetration testers, Bug hunters, Security enthusiasts
  • Mobile application developers
  • Red team members
  • Anyone interested in Mobile application security

Pre-requisites

  • Basic knowledge of mobile application security
  • Basic knowledge of Linux OS
  • Basics of Burp suite

What attendees should bring?

  • Mac devices with 50GB SSD, 8 GB RAM is the preferred device. One can also bring Windows/Linux with same config.
  • Mobexler virtual machine to be installed if NOT working on Mac. Link Here: https://enciphers.github.io/Mobexler/
  • Laptops should have admin priviledge
  • Jailbroken iOS devices (iOS version 10+)
  • Virtualization software – Latest VirtualBox (including Virtualbox extension pack). Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work

What attendees will be provided with?

  • Training material / slides / PDFs
  • All training lab applications

What to Expect?

  • A training, fully hands-on, filled with exciting hacks
  • Reverse Engineering concepts (related to iOS applications)
  • Penetration testing knowledge for iOS applications

What not to expect?

  • Becoming a iOS hacker, as this training is about iOS apps, not iOS.
  • Ways to create jailbreak for iOS versions.
  • A theory based training

About the Trainer

Abhinav Mishra is founder of ENCIPHERS, a fast growing information security consulting and training firm. Abhinav a.k.a `0ctac0der` takes care of heading the penetration testing, training and other offensive security projects for ENCIPHERS. He has an experience of around 8+ years in penetration testing of web/mobile/infrastructure and training. He is an infosec enthusiast, hacker, travel & tech lover. Abhinav holds numerous accolades & rewards for finding security issues through responsible disclosure programs. Abhinav is a well known trainer/speaker in the information security community, where he majorly talks about the offensive security/penetration testing/responsible disclosures.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved