TECH TRAINING 1: iOS Exploitation Techniques


CAPACITY: 20 pax


PRICE:   MYR4999 / USD1499 (early bird)

MYR6199 / USD1899 (normal)

Early bird registration rate ends on the 1st of August


Arm yourself with the essential skills and knowledge to become the next iOS jailbreaker! This 2-day course will put you in the drivers seat as you learn everything from a basic introduction to iOS to the most advanced techniques used by the evad3rs team in their latest jailbreaks. Topics covered will span the A-Z of iOS exploitation including reverse engineering, debugging, fuzzing and next generation exploitation techniques. This course has been updated with iOS 7.x specificities


Who Should Attend


Penetration Testers, Security Auditors/Administrators/Managers, Forensic Scientists, (Wannabe-)Jailbreak developers, or anyone interested in jailbreaking or improving the general knowledge about how to play with and/or break the security features of iOS.


Key Learning Objectives

– Understanding iOS Security Features

– Understanding Buffer/Heap/Stack Overflows

– Exploiting iOS applications, services, and the kernel



Students should have a basic knowledge and understanding of writing code in python and C as well as familiarity with using the terminal to compile code with gcc. Knowledge of gdb and a basic understanding of ARM assembly is advantageous but not mandatory.


Hardware / Software Requirements

Students must bring their own laptops running OS X (10.9 preferred) with root access to install software and tools. The latest version of Xcode needs to be installed. For a better hands-on training experience, students are also strongly encouraged to bring an iOS device along with a USB cable – iPhone 4, iPod Touch 4th gen. or iPhone 3GS with either iOS 6.1.2 – iOS 7.0.6 installed or with VALID SHSH blobs to restore to 6.1.2-7.0.6. Students can also bring their already jailbroken iOS 6 or iOS 7 devices. Please keep in mind that the devices might lose all it’s data and we are not responsible for any data loss incurred.


Course Agenda – Day 1

Introduction to iOS security features :

*   mandatory code signing

*   sandbox

*   exploit mitigations at boot, user and kernel level

*   Reverse engineering and forensics :

*   passcode bruteforcing

*   raw partition access for offline analysis

*   online, usb file access

*   ramdisks and recovery

*   firmware, boot loaders, and kernel decryption

*   application decryption

*   IDA setup, tips and tricks

*   dynamic instrumentation at boot and user level

*   debuggers

*   Mach-O binary course: file format, entitlements, dynamic library loading

*   Return Oriented Programming and tips

*   Fuzzing apps and services (hands-on) :

*   fuzzing mobile services using python and C

*   how to recognize an interesting crash

Course Agenda – Day 2

*   In-depth userland and kernel security mechanisms and weaknesses

*    code signing, entitlements, and sandbox enforcement

Exploitation techniques

*    Integer overflows

         *    Stack based buffer overflows: how to get through stack canaries

*    Heap based buffer overflows: heap spraying, heap massage and how to get control

*    Write anywhere kind of vulnerabilities

Exploitation (hands-on) :

*    from user-land memory corruption to code execution

         *    we will provide examples of vulnerable programs and 0 days for the hands-on

Kernel Fuzzing (hands-on) :

*    writing a kernel fuzzer from scratch in C

         *    discussing the vulnerabilities found

Kernel exploitation techniques:

*    from kernel-land memory corruption to code execution

         *    from code execution to jailbreak

Location: InterContinental KL Date: October 13, 2014 Time: 9:00 am - 6:00 pm Cyril @pod2g Cattiaux Nikias @pimskeks Bassen