A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Beyond The Cript: Practical iOS Reverse Engineering - Michael Allen Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Beyond The Cript: Practical iOS Reverse Engineering
Michael Allen
Derbycon 2016

There is an app for everything these days. And if you are current on your Infosec news you know every new app comes with its own vulnerabilities. One class of bugs has been relatively easy to find, with frameworks becoming increasingly available to help. But more and more developers are hardening their apps against common issues using jailbreak detection and best practices, and some of the easy issues are starting to dry up. Luckily for the top testers, there is another class of bug that can still (and only) be found with deeper knowledge of iOS and its underlying assembly code. The aim of this talk is to build a bridge between the mundane methodologies and vulnerabilities that everyone can find (and that are now being defended against), and a new approach that finds additional bugs that require assembly knowledge to discover. The talk looks at the fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and ends with some real-world examples involving jailbreak detection. Attendees will leave with a better understanding of the reversing process as it applies to iOS, and each attendee will leave with a basic assembly-based iOS testing methodology.

Michael E. Allen is a security consultant at IOActive with an enthusiasm for programming, exploit development, and reverse engineering. Mr. Allen has more than 10 years? experience in the Information Security Industry. He has proven skills in design, implementation, enhancement, testing, maintenance, and support of myriad software instances; and can both test software as well as assist development teams with the implementation of software protection mechanisms.

@_dark_knight_

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast