DURATION: 2 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: 8
PRICE: EUR1499 (early bird)
EUR1999 (normal)
Early bird registration rate ends on the 1st of March
Overview
Arm yourself with the essential skills and knowledge to become the next iOS jailbreaker! This 2-day course will put you in the drivers seat as you learn everything from a basic introduction to iOS to the most advanced techniques used by the evad3rs team in their latest jailbreaks. Topics covered will span the A-Z of iOS exploitation including reverse engineering, debugging, fuzzing and next generation exploitation techniques. This course has been updated with iOS 8.x specificities
Who Should Attend
Penetration Testers, Security Auditors/Administrators/Managers, Forensic Scientists, (Wannabe-)Jailbreak developers, or anyone interested in jailbreaking or improving the general knowledge about how to play with and/or break the security features of iOS.
Key Learning Objectives
– Understanding iOS Security Features
– Understanding Buffer/Heap/Stack Overflows
– Exploiting iOS applications, services, and the kernel
Prerequisites
Students should have a basic knowledge and understanding of writing code in python and C as well as familiarity with using the terminal to compile code with gcc. Knowledge of gdb and a basic understanding of ARM assembly is advantageous but not mandatory.
Hardware / Software Requirements
Students must bring their own laptops running OS X (10.9 preferred) with root access to install software and tools. The latest version of Xcode needs to be installed. For a better hands-on training experience, students are also strongly encouraged to bring an iOS device along with a USB cable – iPhone 4, iPod Touch 4th gen. or iPhone 3GS with either iOS 6.1.2 – iOS 7.0.6 installed or with VALID SHSH blobs to restore to 6.1.2-7.0.6. Students can also bring their already jailbroken iOS 6 or iOS 7 devices. Please keep in mind that the devices might lose all it’s data and we are not responsible for any data loss incurred.
Course Agenda – Day 1
Introduction to iOS security features :
* mandatory code signing
* sandbox
* exploit mitigations at boot, user and kernel level
* Reverse engineering and forensics :
* passcode bruteforcing
* raw partition access for offline analysis
* online, usb file access
* ramdisks and recovery
* firmware, boot loaders, and kernel decryption
* application decryption
* IDA setup, tips and tricks
* dynamic instrumentation at boot and user level
* debuggers
* Mach-O binary course: file format, entitlements, dynamic library loading
* Return Oriented Programming and tips
* Fuzzing apps and services (hands-on) :
* fuzzing mobile services using python and C
* how to recognize an interesting crash
Course Agenda – Day 2
* In-depth userland and kernel security mechanisms and weaknesses
* code signing, entitlements, and sandbox enforcement
Exploitation techniques
* Integer overflows
* Stack based buffer overflows: how to get through stack canaries
* Heap based buffer overflows: heap spraying, heap massage and how to get control
* Write anywhere kind of vulnerabilities
Exploitation (hands-on) :
* from user-land memory corruption to code execution
* we will provide examples of vulnerable programs and 0 days for the hands-on
Kernel Fuzzing (hands-on) :
* writing a kernel fuzzer from scratch in C
* discussing the vulnerabilities found
Kernel exploitation techniques:
* from kernel-land memory corruption to code execution
* from code execution to jailbreak