Null offensive hacking hands-on training.
Proposed sessions for this event:
- Introduction to iOS Security and Pentesting Setup by abida shariff
- Practical iOS Pentesting Techniques and Analysis by abida shariff
```
Unlocking iOS Security: A Hacker's Guide to Application Testing
This hands-on iOS pentesting workshop will guide you through the practical steps of discovering and exploiting vulnerabilities in iOS applications.
Workshop Overview
iOS Security Architecture
- Overview of iOS versions, IPA file structure, and sandboxing.
- Overview of iOS versions, IPA file structure, and sandboxing.
Pentesting Environment Setup
- Jailbreaking devices using tools like Checkra1n or Palera1n.
- Working with emulators like Corellium.
- Jailbreaking devices using tools like Checkra1n or Palera1n.
Static Analysis
- Using Otool to dissect application binaries and gain insights into iOS apps.
Dynamic Analysis
- Tools like Frida and Objection to hook into running apps and manipulate behavior in real-time.
Key Security Topics
- Insecure data storage in NSUserDefaults and Keychain.
- Techniques like bypassing SSL pinning and defeating jailbreak detection.
- Insecure data storage in NSUserDefaults and Keychain.
By the end of this workshop, you'll be equipped with skills to perform in-depth security assessments of iOS applications.
Mandatory Prerequisites & Setup
To make the most of this workshop, please ensure all the prerequisites below are installed and configured at least 2 days before the session.
1. Jailbroken iPhone or Corellium Emulator
Jailbroken Device
Recommended jailbreaking tools:
- Checkra1n: Supports up to iOS 14.8.1 (A7-A11 devices).
- Palera1n: Supports iOS 15.0 to iOS 17.4 (A11 chips and older).
- Checkra1n: Supports up to iOS 14.8.1 (A7-A11 devices).
Jailbreak Compatibility Check:
Verify whether your device and iOS version can be jailbroken:
iOS Jailbreak Tool Finder
Corellium Emulator
- If you don't have a jailbroken device, you can use the Corellium Emulator.
- Free Trial: Sign up to create virtual iOS devices for testing.
- Corellium Setup Link
- Free Trial: Sign up to create virtual iOS devices for testing.
Note: Ensure your jailbroken phone or Corellium setup is operational before the workshop.
2. Installation of Frida and Objection
Frida
- A dynamic instrumentation toolkit for testing and manipulating running applications.
- Installation Guide: Frida Installation Instructions
Objection
- A runtime mobile exploration toolkit for bypassing SSL pinning, jailbreak detection, and more.
- Installation Guide: Objection GitHub
Important:
- Ensure Frida server and client versions match exactly.
- Test that Frida can connect to your device and perform basic commands.
3. Otool Setup for Static Analysis
Otool
- A command-line tool for analyzing object file information.
- Essential for static analysis of iOS application binaries.
Installation
- Mac: Install via Xcode Command Line Tools:
bash xcode-select --install - Windows/Linux: Search for “Darwin tools” on Cydia/Sileo and download the package.
Reminder: Ensure all tools are pre-configured to follow along with the session exercises smoothly.
| Date | Saturday February 01 2025 |
|---|---|
| Chapter | Bangalore |
| Registrations | 35 |
| Max Registrations | 40 |
| Event Type | Invite Only |
| Start Time | 09:00 AM |
| End Time | 05:00 PM |
Session Schedule
| Name | Speaker | Start Time | End Time | Resources |
|---|---|---|---|---|
| Introduction to iOS Security and Pentesting Setup | abida shariff | 09:00 AM | 01:00 PM | |
| Lunch | 01:00 PM | 01:45 PM | ||
| Practical iOS Pentesting Techniques and Analysis | abida shariff | 01:45 PM | 05:00 PM | |