Offensive iOS Internals (Live Training)

Live On-Site / Live Virtual

BECOME A CERTIFIED iOS SECURITY ENGINEER

Learn the essential skills and techniques necessary to conduct comprehensive security audits of iOS applications. Get an understanding of the Different Security Mitigations present in iOS operating system.

What You Will Learn

This course is designed to provide a comprehensive understanding of the internals of the iOS operating system and its security features. The course will cover topics such as the iOS operating system architecture, memory management, application sandboxing, code signing etc.

Students will learn the fundamental concepts and tools used in reverse engineering, and get a thorough introduction to the ARM64 architecture, including static and dynamic analysis techniques, as well as various debugging and disassembly tools. Exploit mitigations such as SPTM, TXM, PAC, PAN, PPL etc will also be discussed. Additionally, the course covers iOS application security, including topics such as encryption, and secure communication.

Students will learn how to use Frida, a dynamic instrumentation framework, for reverse engineering and dynamic analysis of mobile applications. We will also discuss advanced topics such as hooking,memory manipulation, and instrumenting network communication.

This course will also discuss the tools and techniques used for analyzing iOS malware. The course will also cover the different stages of iOS malware analysis, including static, dynamic, and behavioral analysis. Additionally, the course will walk the attendees through different methods of mitigating and preventing iOS malware.

This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with iOS internals and iOS application security. Students will gain the skills needed to reverse engineer, design, develop, and secure iOS applications.

On attending this course, you will get:

  • An attempt to CISE (Certificate iOS Security Engineer) certification exam
  • Certificate of completion for the Training program
  • Source code for vulnerable applications
  • Source code for Exploit PoCs’ that can be used for Bug Bounties
  • All Frida Scripts used during the course
  • Students will be provided with access to Corellium for for the duration of the course (Live On-site & Virtual Training only)
  • Students will be provided access to cloud instances for the duration of the course (Live On-site & Virtual Training only)
  • Slack access for the class and after for regular mobile security discussions (Live On-site & Virtual Training only)

Key Objectives

  • Introduction to ARM64 architecture
  • Understand iOS app lifecycle
  • Overview of the iOS Kernel and it’s Security Mitigations
  • Reverse engineering iOS binaries (Apps and system binaries)
  • Get an intro to common bug various bug categories on iOS
  • Learn to audit iOS apps for security vulnerabilities
  • Understand Memory allocation in Userland and Kernel
  • Understand and bypass anti-debugging and obfuscation techniques
  • Learn manual and automated ways of bypassing security mitigations
  • Learn Device Fingerprinting and Anti-Fraud techniques
  • Get a detailed walkthrough on using Ghidra, Hopper etc
  • Advanced Dynamic Instrumentation using Frida
  • Understanding how Rooting and Jailbreaks work
  • Case Study of some known vulnerabilities
  • Learn to identify vulnerabilities in native as well as Cross-platform apps
  • Learn to exploit different iPC mechanisms (mach_msg, XPC etc)
  • mach_msg2 , SAD_FENG_SHUI, PGZ
  • Get a detailed walkthrough on using IDA Pro, Hopper, Ghidra, etc
  • Secure Mobile apps by implementing custom solutions
  • Become a Certified iOS Security Engineer (CISE)

Duration

3 Days

Ways to Learn

Who Should Attend?

This course is specifically designed with the needs of modern iOS developers. This course will also be applicable for vulnerability researchers, penetration testers, mobile developers, or anyone keen to learn more about the iOS application security ecosystem.

laptop Requirements

  • Laptop with: 8+ GB RAM and 40 GB hard disk space
  • Students will be provided with access to Linux cloud instances (Live On-site & Virtual Training only)
  • Students will be provided with access to Corellium for iOS hands-on and as such do not need to carry iOS devices (Live On-site & Virtual Training only)
  • Administrative access on the system

Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class (Live On-site & Virtual Training only)

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

  • Overview of iOS architecture
  • iOS system libraries and frameworks
  • Setting up a testing environment for iOS research
  • Overview of the Mach-O Binary Format
  • iOS virtual memory management
  • Overview of application sandboxing and code signing in iOS
  • Key Concepts and Terminologies
  • Introduction to Hopper/Ghidra
  • Introduction to the ARM 64 instruction set
  • ARM64 security mitigations
  • ARM64 calling convention
  • Introduction to Objective-C and Swift
  • Reversing Objective-C and Swift Binaries
  • Disassembling methods
  • Modifying assembly instructions
  • Deciphering Mangled Swift Symbols
  • Identifying Native Code 
  • Understanding the Program flow
  • Identifying Cross-Platform mobile frameworks
  • iOS security model
  • App Signing, Sandboxing, and Provisioning
  • iOS App Groups
  • Primer to iOS 17-18 security
  • Xcode Primer 
  • Address Sanitizer
  • Exploring the iOS filesystem
  • What’s in a Code Signature ?
  • Entitlements explained
  • How Sandboxing works on iOS
  • Setting up lldb for Debugging
  • lldb basic and advanced usage
  • Setting up the testing environment
  • Jailbreaking your device
  • What’s in a Rootless Jailbreak ?
  • Jailbreak Bootstraps
  • Sideloading apps
  • Binary protection measures
  • Decrypting IPA files
  • Self-signing iOS binaries
  • Analyzing Proprietary security Mitigations
  • Overview of Past Vulnerabilities
  • Intro to dyld_shared_cache
  •  
  • Intro to XNU kernel
  • The Mach and BSD Layer
  • Overview of IOKit
  • Extracting the Kernelcache and Kexts
  • Analyzing specific kexts AMFI, CoreTrust, Sandbox
  • Sandbox Profiles
  • Symbolicating a Kernelcache
  • Overview of mach_msg2, SAD_FENG_SHUI, PGX
  • Entitlement validation in the Kernel
  • Analyzing Kernel Panic files
  • Walkthrough of PAC, SPTM, PAN, GXL, PPL etc
  • Patching Diffing XNU kernel
  • Overview of Frida and its capabilities
  • Setting up the Frida environment
  • Frida usage and commands
  • Frida-trace and handlers
  • Frida hooking techniques
  • Frida on Swift applications
  • Frida on native code
  • Frida memory manipulation techniques
  • Analyzing messaging apps using Frida
  • Invoking custom functions with Frida
  •  
  • Tracing Crypto operations
  • Side channel data leakage
  • Sensitive information disclosure
  • Bypassing Jailbreak Detection 
  • Bypassing SSL Pinning
  • Bypassing Certificate transparency checks
  • Exploiting iOS WebViews
  • Exploiting URL schemes and Universal LInks
  • Client-side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Identifying iOS malware
  •  
  • Case Study of Sandbox Escapes
  • Incorrect validation of Entitlements
  • XPC Related vulnerabilities
  • Case Study of a Kernel Vulnerability
  • Case Study of a PAC Bypass
  • Understanding different stages of a Malware
  • Device Acquisition techniques
  • Using Custom IOCs
  • Case Study of some Public Malware
  • AppAttest and Device Check frameworks
  • Device Fingerprinting
  • Detecting GPS Spoofing
  • Implementing Secure Webviews
  • Code Obfuscation techniques
  • Protecting the Transport Layer
  • Detecting Malicious Libraries
  • Implementing Anti-Debug Checks
  • Detecting Suspicious Device Reset
  • Detecting Patched Applications
  • Detecting Proxied Applications
  • Jailbreak Detection Techniques
  • Pasteboard Security Measures
  • Understanding the Lockdown Mode
  • Understanding Code Signature Checks

Prerequisites

To successfully participate in this course, attendees should possess the following:

  • Working knowledge of cybersecurity and pentesting fundamentals
  • Basic working knowledge of iOS platform
  • Basic Linux skills and command-line proficiency
  • Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Objective-C, Swift, C, C++, or similar)
  • Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required

CERTIFIED iOS SECURITY ENGINEER (CISE)

This course prepares you for the Certified iOS Security Engineer (CISE) certification exam, a hands-on assessment specifically designed to test your grasp of advanced iOS security domains including userland and kernel components.

Exam Duration : 24 hours

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

Take Your Skills To The Next Level

OUR MODES OF TRAINING

ON DEMAND

USD $899 onwards

Ideal for Individuals
 
  • Flexibility of self-paced learning
  • Instant access to course materials upon purchase
  • Extensive labs and self-assessments
  • Repeatability of Course Content
  • Certification exam 

LIVE VIRTUAL

GET IN TOUCH FOR PRICING

Perfect for Teams in Multiple Location
 
  • Real-time interaction with our expert trainers over Zoom
  • Customizable content tailored to your team’s needs
  • Continued support after the training
  • Certification exam

LIVE ON-SITE

GET IN TOUCH FOR PRICING

Perfect for Teams in One Location
 
  • Real-time interaction with our expert trainers at an onsite location
  • Customizable content tailored to your team’s needs
  • Continued support after the training
  • Certification exam

FAQ

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

While prior experience is helpful, the course is designed to accommodate various skill levels. It provides a structured learning path, starting from foundational concepts and progressing to advanced techniques.

The preparation time for the Certification varies based on your individual learning pace and level of engagement post-training. On average, participants spend a few days to several weeks preparing, which includes both theoretical learning and hands-on lab practice. It is recommended to spend at least 2-3 weeks practicing before attempting the Certification Exam after the training.

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

We provide Certification exams exclusively to registered training participants. The cost of the Certification exam is bundled into the pricing of every training package purchased.

 
 
 

For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

Once you submit your report, one of the members of our review board will review the report and provide with the results in 3 business days.

The fee to retake the certification exam is USD $119. To schedule your re-examination, simply email info@8ksec.io and our logistics team will be in touch.

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve,  and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY