Null offensive hacking hands-on training.
Proposed sessions for this event:
- iOS Application & Pentesting Background by Akash Katare
- Advanced Testing Techniques & Vulnerabilities by Akash Katare
Register using LUMA app or website using the below link:
iOS Application Penetration Testing Guide
Pre-requisites
Jailbroken iPhone/iPad
- Participants can check out the links below for jailbreaking your iPhone/iPad devices as different devices require different steps:
- iOS CFW Guide: Get Started
- iDevice Central Jailbreak Tool Finder
Required Hardware/Software
- Windows machine, Kali Linux, or Macbook
For Already Jailbroken Devices
- Add repositories and respective tweaks using:
- Essential Tools Repository
Frida & Objection Installation
Other Required iOS Pentest Tools
iOS Application & Pentesting Background
- iOS Architecture Overview
- Understanding Jailbreak & Its Types
- Rootless vs. RootFul Jailbreaks
- Jailbreaking an iDevice (Multiple Methods)
- Unc0ver, Palera1n (Rootful & Rootless), Dopamine, Dopamine RootHide, Bootstrap RootHide etc.
- Don't Get Jailbroken by a Jailbreak: Spot the Fakes!
- Physical Device vs. Corellium for Testing
- IPA File Structure Breakdown (Swift, Cordova, Flutter & XAMARIN)
- Installing iOS Applications on Jailbroken & Non-Jailbroken Devices (Various Methods)
- iOS Application Sandbox Structure
- Necessary Tools Installation
- Extracting & Dumping Decrypted IPA Files (Multiple Methods)
- Static Analysis of Applications (Manual & Automated Approaches)
Exploring Some Basic Vulnerabilities
- Testing Local Storage Security (Filza & Objection)
- Assessing Application Binary Protection
- Dumping & Analyzing Sensitive Data in Keychain
- Performing Memory Dumps
Advanced Testing Techniques & Vulnerabilities
Bypassing Advanced Jailbreak Detection Using (Swift, Cordova, Flutter & XAMARIN):
- 14+ Tweaks
- Frida & Custom Script Creation
- Objection
- Custom Hooking
Traffic Interception & Certificate Pinning
- Intercepting iOS application traffic
- Understanding Certificate Pinning
- Bypassing Certificate Pinning Using:
- Tweaks
- Frida
- Objection
- Intercepting Traffic from Flutter Applications
- Bypassing Certificate Pinning on Flutter Apps (Multiple Methods)
- Bypassing Certificate Pinning on XAMARIN Apps
- Capturing HTTP/HTTPS Traffic Without Bypassing Certificate Pinning
Application Reversing & Exploitation
- Reversing iOS application (Swift, Cordova, Flutter & XAMARIN)
- DeepLink Exploitation: (Multiple Vulnerabilities)
Pentesting on Non-Jailbroken iDevices
- Evaluating Local Storage Security Risks on Non-Jailbroken iOS Devices
- Exploring Frida & Objection on Non-Jailbroken Devices:
- By Patching the Application
- Without Patching the Application
| Date | Saturday April 19 2025 |
|---|---|
| Chapter | Bangalore |
| Registrations | 20 |
| Max Registrations | 20 |
| Event Type | Invite Only |
| Start Time | 09:00 AM |
| End Time | 05:00 PM |
Session Schedule
| Name | Speaker | Start Time | End Time | Resources |
|---|---|---|---|---|
| iOS Application & Pentesting Background | Akash Katare | 09:00 AM | 01:00 PM | |
| Lunch | 01:00 PM | 01:45 PM | ||
| Advanced Testing Techniques & Vulnerabilities | Akash Katare | 01:45 PM | 05:00 PM | |
Venue
This is an invite only event. If you are selected you will receive further information via e-mail.