CoursesiOS Reversing & Exploitation ARM64

on-demand

offence

Reverse engineering, exploitation, and defense of iOS apps.

Enquire here
for Private Training

On-Demand

Live/Virtual

/Course Details

iOS Reversing & Exploitation ARM64

$1,950 USD

Buy Course

365 Day Access

89 Videos

18 Labs

40+ Hours of Content

/Course Trainer

Trainer

Lina Lau (@InverseCos)

Founder of XINTRA, Lina is a security researcher, Black Hat trainer, SANS advisory board member and has presented at several international conferences and authored a book on cybersecurity. She currently holds the following certifications: GXPN, GASF, GREM, GCFA and OSCP.

@inversecos

/Course Trainer

Guest Trainer

Billy Ellis

Billy Ellis is an iOS security researcher focusing on kernel & userland vulnerability discovery. His professional career has involved various reverse engineering, vulnerability discovery and exploit development related tasks on mobile platforms. He also has a history of providing training content in the form of YouTube videos and in-person trainings

@bellis1000

Fig. ACourse Syllabus

01.

Introduction to the Course

Introduction to the CoursePreview

02.

Course Labs and Downloads

iOS Exploitation Labs Files

03.

ARM64 Fundamentals

Video Links

Introduction to ARM64

ARM64 Registers

ARM64 Instructions

ARM64 Calling Conventions

iOS Syscalls

iOS Syscalls Demo

Memory Management (Load/Store)

04.

iOS Internals, Anti-Debug Bypasses & Patching Apps

Video Links

Jailbreaking iOS

iOS Jailbreak Using Unc0ver

Setting up LLDB, SSH & Debugserver

iOS Architecture Filesystem and Sandboxing

iOS Security Model

Static Analysis of IPAs

LAB: Static Analysis of IPAs

SOLUTION: Static Analysis of IPA

Loading IPAs Onto Jailbroken iOS [Demo]

Jailbreak Protections Methods

LAB: Bypassing Jailbreak Protections

SOLUTION: Bypassing Jailbreak Protections

Anti-Debugging Protections on iOS

LAB: Anti-Debugging Ptrace Bypass

SOLUTION: Anti-Debugging Ptrace Bypass

LAB: Anti-Debugging In-line ASM Ptrace Bypass

SOLUTION: Anti-Debugging In-line ASM Ptrace Bypass

LAB: Patching iOS Applications

SOLUTION: Patching iOS Applications

05.

Exploitation

Video Links

iOS Vulnerabilities Overview

Exploit Mitigations on iOS

Compiling Code for iOS Using Theos

Stack Overflows

Stack Overflow Calculating Runtime Address [Demo]

LAB: Stack Overflow

SOLUTION: Stack Overflow

Integer Overflow and Underflows

LAB: Integer Overflow

SOLUTION: Integer Overflow

LAB: Integer Underflow

SOLUTION: Integer Underflow

06.

iOS Heap Exploitation

Video Links

Heap Overflow

LAB: Simple Heap Overflow

SOLUTION: Simple Heap Overflow

Use-After and Free Heap Spraying

LAB: UAF Heap Spray

SOLUTION: UAF Heap Spray

iOS Kernel Heap

Heap Feng Shui / Grooming

LAB: Heap Feng Shui / Grooming

SOLUTION: Heap Feng Shui / Grooming

07.

Constructing Real World JOP/ROP on iOS

Video Links

ROP Chains

LAB: Simple ROP Chain

SOLUTION: Simple ROP Chain

Finding ROP Gadgets in iOS Dylibs

JOP Chains

LAB: JOP Challenge

SOLUTION: JOP Challenge [Part 1]

SOLUTION: JOP Challenge [Part 2] - PREVIEWPreview

SOLUTION: JOP Challenge [Part 3]

Stack Pivoting using ROP/JOP

LAB: Real World iOS JOP/ROP Stack Pivot

SOLUTION: Real World iOS JOPROP Stack Pivot

08.

CVE-2021-30807 - OUT OF BOUND READ/WRITE

Video Links

CVE-2021-30807 Vulnerability Overview

iOS Symbolicated Kernelcache

iOS External Methods

Accessing iOS External Methods - PREVIEWPreview

Out of Bounds Read/Write

Vulnerability Analysis

Kernelcache Source Code Analysis [Bug Demo]

LAB: PoC Trigger Construction

SOLUTION: PoC Trigger Construction

09.

CVE-2020-27950 - KERNEL MEMORY LEAK

Video Links

CVE-2020-27950 Vulnerability Overview

Extracting IPSW

IDA Bindiff Export

Ghidra Bindiff Export

Diffing the iOS Kernelcaches

XNU Source Code Analysis

Mach Messages [Part 1]Preview

Mach Messages [Part 2]

LAB: Mach Send & Receive

SOLUTION: Mach Send & Receive

Bug Analysis

LAB: Exploiting Kernel Leak

SOLUTION: Exploiting Kernel Leak

10.

CVE-2021-30860 - FORCEDENTRY (NSO Zero-Click)

Video Links

CVE-2021-30860 Vulnerability Analysis

Setting Up A Debug Environment

Interacting with JBIG2

LAB: Building a PoC

LAB: Triggering the Overflow

Exploitation

/Frequently Asked Questions

iOS Reversing & Exploitation ARM64

$1,950 USD

Buy Course

/More Courses

Attacking and Defending Azure & M365

on-demand

live

cloud

Advanced APT Threat Hunting & IR

on-demand

live

offence