null Global Committee elections are coming up! See the election repository for more information.

Null offensive hacking hands-on training.

Proposed sessions for this event:

  • iOS Application & Pentesting Background by Akash Katare
  • Advanced Testing Techniques & Vulnerabilities by Akash Katare
Note: The session details including schedule are available below.

Register using LUMA app or website using the below link:

iOS Application Penetration Testing Guide

Pre-requisites

iOS Application & Pentesting Background

  • iOS Architecture Overview
  • Understanding Jailbreak & Its Types
  • Rootless vs. RootFul Jailbreaks
  • Jailbreaking an iDevice (Multiple Methods)
    • Unc0ver, Palera1n (Rootful & Rootless), Dopamine, Dopamine RootHide, Bootstrap RootHide etc.
  • Don't Get Jailbroken by a Jailbreak: Spot the Fakes!
  • Physical Device vs. Corellium for Testing
  • IPA File Structure Breakdown (Swift, Cordova, Flutter & XAMARIN)
  • Installing iOS Applications on Jailbroken & Non-Jailbroken Devices (Various Methods)
  • iOS Application Sandbox Structure
  • Necessary Tools Installation
  • Extracting & Dumping Decrypted IPA Files (Multiple Methods)
  • Static Analysis of Applications (Manual & Automated Approaches)

Exploring Some Basic Vulnerabilities

  • Testing Local Storage Security (Filza & Objection)
  • Assessing Application Binary Protection
  • Dumping & Analyzing Sensitive Data in Keychain
  • Performing Memory Dumps

Advanced Testing Techniques & Vulnerabilities

  • Bypassing Advanced Jailbreak Detection Using (Swift, Cordova, Flutter & XAMARIN):

    • 14+ Tweaks
    • Frida & Custom Script Creation
    • Objection
    • Custom Hooking
  • Traffic Interception & Certificate Pinning

    • Intercepting iOS application traffic
    • Understanding Certificate Pinning
    • Bypassing Certificate Pinning Using:
    • Tweaks
    • Frida
    • Objection
    • Intercepting Traffic from Flutter Applications
    • Bypassing Certificate Pinning on Flutter Apps (Multiple Methods)
    • Bypassing Certificate Pinning on XAMARIN Apps
    • Capturing HTTP/HTTPS Traffic Without Bypassing Certificate Pinning
  • Application Reversing & Exploitation

    • Reversing iOS application (Swift, Cordova, Flutter & XAMARIN)
    • DeepLink Exploitation: (Multiple Vulnerabilities)

Pentesting on Non-Jailbroken iDevices

  • Evaluating Local Storage Security Risks on Non-Jailbroken iOS Devices
  • Exploring Frida & Objection on Non-Jailbroken Devices:
    • By Patching the Application
    • Without Patching the Application
Date Saturday April 19 2025
Chapter Bangalore
Registrations 20
Max Registrations 20
Event Type Invite Only
Start Time 09:00 AM
End Time 05:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
iOS Application & Pentesting Background Akash Katare 09:00 AM 01:00 PM
Lunch 01:00 PM 01:45 PM
Advanced Testing Techniques & Vulnerabilities Akash Katare 01:45 PM 05:00 PM

Venue


This is an invite only event. If you are selected you will receive further information via e-mail.