Advanced iOS Application Exploitation - SlashiOS

 



COURSE DESCRIPTION
Slash Advanced iOS Application Exploitation (SlashiOS) training includes
everything you need to know to perform a security analysis on iOS
applications. This training introduces newcomers as well as advanced
security enthusiasts to the world of mobile security using fast-paced
learning approach through intensive hands-on labs and live practicals.
This training includes the most advanced iOS application attacks,
exploitation and pentesting techniques. This training, although based
on the offensive approach, provides the most excellent exercises to
solve modern ios application security issues discovered during bug
bounty hunting and penetration testing.

 

 

WHO SHOULD TAKE THIS COURSE?
Slash Advanced iOS Application Exploitation (SlashiOS) training is beneficial for:
# Bug Bounty Hunters
# Penetration Testers
# Application Developers
# Mobile Security Enthusiasts
# IT Security professionals with a technical background
 

 

 

PRE-REQUISITES
SlashiOS is advanced training that requires the following pre-requisites:
# Basic knowledge of programming fundamentals.
# One year in an information security role or equivalent experience
is recommended.
# Ability to read and understand ios application code will help,
although it is not mandatory.

hackerSlash SlashiOS training provides most of the above pre-requisites.


 

 

DETAILED COURSE CONTENT

Module 1 : iOS Architecture Overview
Module 2 : iOS Application Security Testing Lab Environment
Module 3 : iOS Application Security Overview
Module 4 : Identifying the Security Flaws in Local Storage
Module 5 : Traffic Analysis for iOS Application
Module 6 : Sealing up Side Channel Data Leakage
Module 7 : iOS Binary Protections Analysis
Module 8 : Advanced Application Runtime Analysis
Module 9 : iOS Applications Exploitation
Module 10 : OWASP Security Assessments of iOSApp



MODULE 1 iOS Architecture Overview
# iOS Architecture
# iOS Components
# iOS Device Versions
# iOS Device Encryptions
# iOS Device File Systems
# iOS MVC design
# iOS security model
# iOS secure boot chain
# iOS application signing
# iOS application sandboxing
 

 MODULE 2 iOS Application Security Testing Lab Environment
# iOS Jailbreaking for Pentesting
# Installing required tools in iDevice
# iOS flashing lab tools & techniques
 

 MODULE 3 iOS Application Security Overview
# Active & Passive Reconnaissance
# Rules of Engagement limitations
# Intelligence Gathering/ Threat Modeling
# Recognizing application security challenges
# Exposing the threats faced by mobile devices
 

MODULE 4 Identifying the Security Flaws in Local Storage
# Introduction to insecure data storage
# Installing third-party applications
# Insecure data in the plist files
# Insecure storage in the NSUserDefaults class
# Insecure storage in SQLite database
# SQL injection in iOS applications
# Insecure storage in Core Data
# Insecure storage in keychain


MODULE 5 Traffic Analysis for iOS Application
# Bypassing Universal SSL pinning
# Intercepting traffic over HTTP
# Intercepting traffic over HTTPS
# Intercepting traffic of iOS Simulator
# Jailbreak Detection Bypass using Frida
 

MODULE 6 Sealing up Side Channel Data Leakage
# Data leakage via application screenshot
# Keyboard cache capturing sensitive data
# Pasteboard leaking sensitive information
# Device logs leaking application sensitive data
 

MODULE 7 iOS Binary Protections Analysis
# Decrypting unsigned iOS applications
# Decrypting signed iOS applications
# Analyzing code by reverse engineering
# Analyzing iOS applications binary
# Hardening binary against reverse engineering
 

MODULE 8 Advanced Application Runtime Analysis
# Understanding Objective-C runtime
# Dynamic analysis using Cycript
# Runtime analysis using Snoop-it
# Dynamic analysis on iOS Simulator
 

MODULE 9 iOS Applications Exploitation
# Setting up exploitation lab
# Shell bind TCP for iOS
# Shell reverse TCP for iOS
# Creating iOS backdoor
# Converting iDevice to a pentesting device


MODULE 10 OWASP Security Assessments of iOS Applications
# Insecure Data Storage
# Insufficient Transport layer protection
# Unintended Data Leakage: Logging
# Unintended Data Leakage: Clipboard
# Poor Improper Authorization
# Poor Improper Authentication
# Broken or Risky Cryptographic Algorithm
# Client Side Attack: SQL Injection
# Reliance on Untrusted Inputs
# Improper Session Management
# Lack of binary protection



Pricing

USD $100 Only.



Contact us:
Need Technical Assistance? Speak with a support representitive by 
Mailing -

hackerslash@icloud.com