Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Offensive iOS Internals
This course is designed to provide a comprehensive understanding of the internals of the iOS operating system and its security features. The course will cover topics such as the iOS operating system architecture, memory management, application sandboxing, code signing etc.
Students will learn the fundamental concepts and tools used in reverse engineering, and get a thorough introduction to the ARM64 architecture, including static and dynamic analysis techniques, as well as various debugging and disassembly tools. Exploit mitigations such as SPTM, TXM, PAC, PAN, PPL etc. will also be discussed. Additionally, the course covers iOS application security, including topics such as encryption, and secure communication.
Students will learn how to use Frida, a dynamic instrumentation framework, for reverse engineering and dynamic analysis of mobile applications. We will also discuss advanced topics such as hooking, memory manipulation, and instrumenting network communication.
This course will also discuss the tools and techniques used for analyzing iOS malware. The course will also cover the different stages of iOS malware analysis, including static, dynamic, and behavioral analysis. Additionally, the course will walk the attendees through different methods of mitigating and preventing iOS malware.
This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with iOS internals and iOS application security. Students will gain the skills needed to reverse engineer, design, develop, and secure iOS applications.
Provider Information
8kSec LLC
51 Pleasant St # 843
Malden, MA 02148
Course Overview
To successfully participate in this course, attendees should possess the following:
Working knowledge of cybersecurity and pen testing fundamentals
Basic working knowledge of iOS platform
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Objective-C, Swift, C, C++, or similar)
Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required
Learning Objectives
Introduction to ARM64 architecture
Understand iOS app lifecycle
Overview of the iOS Kernel and it's Security Mitigations
Reverse engineering iOS binaries (Apps and system binaries)
Get an intro to common bug various bug categories on iOS
Learn to audit iOS apps for security vulnerabilities
Understand Memory allocation in Userland and Kernel
Understand and bypass anti-debugging and obfuscation techniques
Learn manual and automated ways of bypassing security mitigations
Learn Device Fingerprinting and Anti-Fraud techniques
Get a detailed walkthrough on using Ghidra, Hopper etc.
Advanced Dynamic Instrumentation using Frida
Understanding how Rooting and Jailbreaks work
Case Study of some known vulnerabilities
Learn to identify vulnerabilities in native as well as Cross-platform apps
Learn to exploit different iPC mechanisms (mach_msg, XPC etc.)
mach_msg2 , SAD_FENG_SHUI, PGZ
Get a detailed walkthrough on using IDA Pro, Hopper, Ghidra, etc.
Secure Mobile apps by implementing custom solutions
Become a Certified iOS Security Researcher (CISR)
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.