iOS for Security Engineers
4200€ | 30th of September to the 3rd of October 2024 | Espace Cléry, 17 Rue de Cléry, Paris
During this training, participants will discover the ecosystem and the fundamental bricks of the iOS operating system. They will discover the macOS toolchain used to deploy applications, and the debugging and diagnostic tools.
Participants will be teached fundamentals to reverse-engineer applications and system services: Objective-C internals, IPC mechanisms (XPC, NSXPC) and kernel APIs.
Practical examples and exercices built on iOS 17 will guide them all along the training. Hardware and software security measures unique to iOS will be covered, from both userland and kernel perspectives.
Objectives of the training
Discover the iOS ecosystem
Deploy code using the macOS toolchain
Use debugging and diagnostic tools
Get a global overview of XNU
Explore Objective-C internals
Use IPC mechanisms (XPC, NSXPC) and kernel APIs
Study XNU & hardware security (PAC, SPTM, sandbox, heap protections and more)
Get ready to perform iOS security research on your own
The trainer
Who will run this training?
Quentin
Meffre
Synacktiv
@0xdagger
Quentin Meffre is a security researcher at Synacktiv.
His main interests are vulnerability research and exploit development. He especially likes iOS security.
He has spoken at international conferences including, Hexacon, BlackHat EU and SSTIC.
Syllabus
What will we do?
Content
Day 1: Introduction to reverse engineering on Apple platforms
- Setup of the working environment (pre-installed Debian laptop with macOS VM)
- Developing on Apple platforms (macOS and iOS)
- Using diagnostic tools
- Introduction to the Apple ecosystem
- Extraction of updates
- Important file formats and tools
Day 2: Mach mechanisms
- Introducing the XNU kernel
- Monitoring kernel functions with DTrace
- Explanations and exercices on inter-process communications in userland
- Understanding how userland interacts with the kernel
Day 3: Reverse engineering Mach services
- Discovering and experimenting with Objective-C internals
- Using Frida to instrument userland services
- Theory and practice on the XPC and NSXPC inter-process communications abstractions
Day 4: XNU security
- Overview of pointer authentication on Apple platforms
- Presentation of the MACF framework
- Overview of AMFI and sandbox policies
- Understanding defense in depth in the design of XNU
- Hardware-specific kernel security measures
- Interacting with Kernel extensions
- Kernel exploit mitigations
Audience and prerequisites
iOS for Security Engineers is an intermediate level course, designed for security engineers wishing to perform research on this system:
- Pentesters
- iOS developers
- Security engineers
Good knowledge of C development and basic knowledge in reverse engineering are recommended.
Software requirements
- Disassembler/Decompiler with ARM support is nice to have.
- 100GB of free disk space
- A Linux distribution (Debian is recommended) with admin privileges
- Latest VirtualBox
- Docker
- Your favorite code editor
- A PDF reader
- SSH client + sshfs