Our Trainings
Our Trainings
At itrainsec we select the most relevant topics in the field of IT Security.
In any of our courses, your team will learn techniques from top industry experts.
At itrainsec we select the most relevant topics in the field of IT Security.
In any of our courses, your team will learn techniques from top industry experts.
Trainer
8KSec
About the training:
8ksec was founded in 2022 by cybersecurity experts with over 10 years of experience in the field. The company was established with a focus on equipping businesses and individuals with the tools and knowledge necessary to address evolving cyber threats.
Our experts possess extensive experience in delivering specialized cybersecurity training and consulting to several commercial and defense organizations across the United States, Europe, and the Middle East and North Africa region. 8ksec is recognized by BlackHat as a trusted Cybersecurity Training Provider, underscoring its growing presence in the industry. To date, we’ve trained over 3,000 professionals across more than 20 countries.
While 8ksec offers a comprehensive range of cybersecurity services, our expertise in mobile security is
particularly distinguished. This specialization is showcased in our best-selling, in-depth courses on mobile OS and application security, covering topics not offered by any other training provider.
This course is designed to provide a comprehensive understanding of the internals of the iOS operating system and its security features. The course will cover topics such as the iOS operating system architecture, memory management, application sandboxing, code signing etc. Students will learn the fundamental concepts and tools used in reverse engineering, and get a thorough introduction to the ARM64 architecture, including static and dynamic analysis techniques, as well as various debugging and disassembly tools. Exploit mitigations such as SPTM, TXM, PAC, PAN, PPL etc will also be discussed.
Additionally, the course covers iOS application security, including topics such as encryption, and secure communication. Students will learn how to use Frida, a dynamic instrumentation framework, for reverse engineering and dynamic analysis of mobile applications. We will also discuss advanced topics such as hooking, memory manipulation, and instrumenting network communication. This course will also discuss the tools and techniques used for analyzing iOS malware. The course will also cover the different stages of iOS malware analysis, including static, dynamic, and behavioural analysis. Additionally, the course will walk the attendees through different methods of mitigating and preventing iOS malware.
This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with iOS internals and application security. Students will gain the skills needed to reverse engineer, design, develop, and secure iOS applications.
This course prepares you for the Certified iOS Security Engineer (CISE) certification exam, a hands-on assessment specifically designed to test your grasp of advanced iOS security domains including userland and kernel components.
Why should you take this course?
This is a completely hands-on course designed for beginners and intermediate students. Instead of just slides, attendees will get a chance to exploit all of the vulnerabilities taught by the instructors. For the Onsite and Virtual sessions, the attendees will be provided with Cloud-based Corellium labs for performing the hands-on iOS exercises without the need to carry physical phones. Slack channel is created before the course for the students so that they can be adequately prepared in terms of hardware and software before the class.
Recommended for:
Vulnerability researchers, Penetration testers, Mobile developers, Anyone keen to learn more about the iOS application security ecosystem.
Key takeaways:
-
Introduction to ARM64 architecture
-
Understand iOS app lifecycle
-
Overview of the iOS Kernel and it’s Security Mitigations Reverse engineering iOS binaries (Apps and system binaries) Get an intro to common bug various bug categories on iOS Learn to audit iOS apps for security vulnerabilities Understand Memory allocation in Userland and Kernel
-
Understand and bypass anti-debugging and obfuscation techniques Learn manual and automated ways of bypassing security mitigations
-
Learn Device Fingerprinting and Anti-Fraud techniques Get a detailed walkthrough on using Ghidra, Hopper etc Advanced Dynamic Instrumentation using Frida Understanding how Rooting and Jailbreaks work
-
Case Study of some known vulnerabilities
-
Learn to identify vulnerabilities in native as well as Cross-platform apps Learn to exploit different iPC mechanisms (mach_msg, XPC etc) mach_msg2 , SAD_FENG_SHUI, PGZ
-
Get a detailed walkthrough on using IDA Pro, Hopper, Ghidra, etc Secure Mobile apps by implementing custom solutions Become a Certified iOS Security Engineer (CISE)
Provided to students:
-
Access to Linux cloud instances
-
Access to Corellium for iOS hands-on and as such do not need to carry iOS devices
-
Administrative access on the system
What you get after the training:
-
An attempt to CISE (Certificate iOS Security Engineer) certification exam
-
Certificate of completion for the Training program
-
Source code for vulnerable applications
-
Source code for Exploit PoCs' that can be used for Bug Bounties
-
All Frida Scripts used during the course
-
Access to Corellium for for the duration of the course
-
Access to cloud instances for the duration of the course
-
Slack access for the class and after for regular mobile security discussions