DURATION: 2 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: REGISTRATION CLOSED
PRICE: MYR4999 / USD1499 (early bird)
MYR6199 / USD1899 (normal)
Early bird registration rate ends on the 1st of August
Overview
Arm yourself with the essential skills and knowledge to become the next iOS jailbreaker! This 2-day course will put you in the drivers seat as you learn everything from a basic introduction to iOS to the most advanced techniques used by the evad3rs team in their latest jailbreaks. Topics covered will span the A-Z of iOS exploitation including reverse engineering, debugging, fuzzing and next generation exploitation techniques. This course has been updated with iOS 7.x specificities
Who Should Attend
Penetration Testers, Security Auditors/Administrators/Managers, Forensic Scientists, (Wannabe-)Jailbreak developers, or anyone interested in jailbreaking or improving the general knowledge about how to play with and/or break the security features of iOS.
Key Learning Objectives
– Understanding iOS Security Features
– Understanding Buffer/Heap/Stack Overflows
– Exploiting iOS applications, services, and the kernel
Prerequisites
Students should have a basic knowledge and understanding of writing code in python and C as well as familiarity with using the terminal to compile code with gcc. Knowledge of gdb and a basic understanding of ARM assembly is advantageous but not mandatory.
Hardware / Software Requirements
Students must bring their own laptops running OS X (10.9 preferred) with root access to install software and tools. The latest version of Xcode needs to be installed. For a better hands-on training experience, students are also strongly encouraged to bring an iOS device along with a USB cable – iPhone 4, iPod Touch 4th gen. or iPhone 3GS with either iOS 6.1.2 – iOS 7.0.6 installed or with VALID SHSH blobs to restore to 6.1.2-7.0.6. Students can also bring their already jailbroken iOS 6 or iOS 7 devices. Please keep in mind that the devices might lose all it’s data and we are not responsible for any data loss incurred.
Course Agenda – Day 1
Introduction to iOS security features :
* mandatory code signing
* sandbox
* exploit mitigations at boot, user and kernel level
* Reverse engineering and forensics :
* passcode bruteforcing
* raw partition access for offline analysis
* online, usb file access
* ramdisks and recovery
* firmware, boot loaders, and kernel decryption
* application decryption
* IDA setup, tips and tricks
* dynamic instrumentation at boot and user level
* debuggers
* Mach-O binary course: file format, entitlements, dynamic library loading
* Return Oriented Programming and tips
* Fuzzing apps and services (hands-on) :
* fuzzing mobile services using python and C
* how to recognize an interesting crash
Course Agenda – Day 2
* In-depth userland and kernel security mechanisms and weaknesses
* code signing, entitlements, and sandbox enforcement
Exploitation techniques
* Integer overflows
* Stack based buffer overflows: how to get through stack canaries
* Heap based buffer overflows: heap spraying, heap massage and how to get control
* Write anywhere kind of vulnerabilities
Exploitation (hands-on) :
* from user-land memory corruption to code execution
* we will provide examples of vulnerable programs and 0 days for the hands-on
Kernel Fuzzing (hands-on) :
* writing a kernel fuzzer from scratch in C
* discussing the vulnerabilities found
Kernel exploitation techniques:
* from kernel-land memory corruption to code execution
* from code execution to jailbreak