2023 archived version go to current version

iOS for Security Engineers

4200€ | 9th to the 12th of October 2023 | Espace Vinci, Rue des Jeuneurs, Paris, France

During this training, participants will discover the ecosystem and the fundamental bricks of the iOS operating system. They will discover the macOS toolchain used to deploy applications, and the debugging and diagnostic tools.

Participants will be teached fundamentals to reverse-engineer applications and system services: Objective-C internals, IPC mechanisms (XPC, NSXPC) and kernel APIs.
Practical examples and exercices will guide them all along the training. Hardware and software security measures unique to iOS will be covered, from both userland and kernel perspectives.


Objectives of the training

Discover the iOS ecosystem

Deploy code using the macOS toolchain

Use debugging and diagnostic tools

Get a global overview of XNU

Explore Objective-C internals

Use IPC mechanisms (XPC, NSXPC) and kernel APIs

Study XNU & hardware security (PAC, PPL, sandbox, heap protections and more)

Get ready to perform iOS security research on your own

The trainer

Who will run this training?

Victor
Cutillas

Synacktiv
@v1csec

Victor Cutillas is a computer security researcher working at Synacktiv.

His main interests are reverse engineering and exploit development with a focus on iOS and Linux.

Almond-based food recipes also make him happy.

Etienne
Helluy-Lafont

Synacktiv

Etienne Helluy-Lafont is a security researcher working at Synacktiv.

His main research topics are kernels and wireless stacks.

He likes reading XNU's code, but his laptop is running Linux🐧.

Syllabus

What will we do?

Content

Day 1

Introduction to reverse engineering on Apple platforms:

  • Setup of the working environment (pre-installed Debian laptop with macOS VM)
  • Experimenting with Correlium virtual devices
  • Developing on Apple platforms (macOS and iOS)
  • Using diagnostic tools
  • Introduction to the Apple ecosystem
  • Extraction of updates
  • Important file formats and tools
  • Discovering and experimenting with Objective-C internals
Day 2

Mach mechanisms:

  • Introducing the XNU kernel
  • Explanations and exercices on inter-process communication in userland
  • Understanding how userland interacts with the kernel
Day 3

Reverse engineering Mach services:

  • Using Frida to instrument userland services
  • Theory and practice on the XPC and NSXPC inter-process communications abstractions
Day 4

XNU security:

  • Overview of pointer authentication on Apple platforms
  • Presentation of the MACF framework
  • Overview of AMFI and sandbox policies
  • Understanding defense in depth in the design of XNU
  • Hardware-specific kernel security measures
  • Kernel exploit mitigations.

Audience and prerequisites

iOS for Security Engineers is an intermediate level course, designed for security engineers wishing to perform research on this system :

  • Pentesters
  • iOS developers
  • Security engineers

Good knowledge of C development and basic knowledge in reverse engineering are recommended. IDA Pro with the Hex-Rays ARM decompiler is nice to have.

Other trainings

What else might interest you?

Attacking Instant Messaging Applications

Vectorize (Nitay Artenstein & Iddo Eldor & Jacob Bech)

Attacking the Linux Kernel

Andrey Konovalov

Binary Literacy 2: Static Analysis of C++ with Hex-Rays

Rolf Rolles

Offensive Azure AD and hybrid AD security

Dirk-jan Mollema

Practical Baseband Exploitation

Vectorize (Pedro Ribeiro & Seamus Burke)

Software Deobfuscation Techniques

Tim Blazytko

Windows Internals for Security Engineers

Yarden Shafir