ios安全研究方向

Module 1: Introduction to iOS Security
  • iOS Platform Basics
    • iOS Application Development and Testing
    • Objective C and iOS Frameworks
    • Xcode, iPhone and iPad simulators
    • The ARM processor
    • MVC basics and a sample iOS application
    • Event Driven applications
  • iOS Platform Security
    • Secure Boot
    • Application Code Signing and Appstore restrictions
    • Application Sandboxing
    • Encryption and Data Security
    • Secure Network Access

 

Module 2: Creating an Application Pentest Platform
  • iOS – Platform Constraints and Limitations
  • Jailbreaking – Why and How?
  • History of Jailbreaking exploits
  • Cydia and other 3rd party repositories
  • Installing Assessment Tools on your iPhone
    • Filesystem analysis
    • Runtime analysis
    • Debugging and Dis-assembling
    • Network Monitoring – proxies, raw traffic dumps
  • Sqlite basics
  • Plist basics and Plutil
  • Class-Dump

 

Module 3: Advanced Application Runtime Analysis
  • Decrypting Applications
    • GDB
    • Clutch and other tools
  • Runtime Analysis with GDB
    • GDB basics – breakpoints, conditionals etc.
    • Debugging Objective-C and understanding objc_msgSend
    • Inspecting Objects in Memory
    • Calling Functions and Methods
    • Disassembling iOS Applications
      • ARM assembly basics
      • Registers and function/method calling
      • Modifying data and Changing Control
  • Runtime Analysis with Cycript
    • Cycript Basics
    • Using the JS – Objective-C bridge
    • Finding Variables and Methods in memory
    • Inspecting Variables and Calling Methods
    • Replacing Methods at runtime
    • Using 3rd party Cycript scripts
Module 4: Exploiting iOS Applications 
  • Examining Application Data Storage at Runtime
    • Plist and XML files
    • NSUserDefaults
    • Sqlite Data
    • Keychain
    • Core Data Services
    • Temporary files
    • Directory Structure and Snapshot Analysis
  • Insecure Local Data Storage
    • Plist, XML, Sqlite, Temp Files etc.
  • Information leakage using log files
  • Keychain Data Storage and Security
  • Data and File Security
  • Improper Encryption
  • Breaking Authentication and Authorization
  • Insecure Session Management
  • Cookies.binarycookies
  • Exploiting IPC / URL Schemas
  • Insecure Data Caching – keyboard, UI screenshots etc.
  • Improper use of UIPasteboard
  • Application Fuzzing
  • Attacking UIWebViews (XSS)
  • Attacking XML Parsing
  • Analyzing and attacking HTTP/HTTPS
    • Using self-signed certificates with proxies
    • Traffic interception and mangling
    • Security concerns with NSURLxxxx and CFNetwork
  • Security concerns with CFStream and NSStream
  • Directory Traversal attacks
  • Attacking Server side applications / Web services from the App
  • UDID privacy concerns and faking
  • Security concerns due to the C platform
    • Buffer overflows and memory corruption
    • Poison NULL byte attacks
    • Format string vulnerabilities
  • Understanding Anti-Piracy techniques
    • Plist, Bundled items, Signer Identity  etc. checks
    • Anti-Debugging techniques
    • File integrity / Hash  etc. checks
  • Anti Anti-Piracy techniques
    • Beating checks
    • Replacing check functions / methods
  • Mobile Substrate
    • Basics of Runtime Patching
    • Using Mobile Substrate
      • Hooking with MobileHooking
        • MSHookMessage
        • MSHookMessageEx
        • MSHookFunction
      •  MobileLoader
  • Code Injection with DYLD_INSERT_LIBRARIES
  • API Monitoring
  • Solving Application Challenges
Module 5: iOS Forensics and Data Recovery
  • Filesystem Organization in iOS
  • Understanding Disk and File Encrption
  • Forensics on non-Jailbroken devices
  • PIN brute-forcing on the device
  • Forensics on Jailbroken devices
  • Recovering and Analyzing Data
    • Plist, Keychain
    • Address book, Maps, Call History, SMS, Photos etc.
    • Safari, Chrome caches, saved data
  • iTune backups basics
  • File and Data recovery
Module 6: iOS Malware and Backdoors
  • History of iOS Malware
  • Background tasks, Daemons and launchd
  • Backdoors, Malware examples
  • Bind and Reverse Connect Shells on iOS
  • Interacting with the shells via Metasploit

你可能感兴趣的:(iOS)