SlideShare a Scribd company logo

Testing iOS apps without jailbreak in 2018

SecuRing
SecuRing

Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources on the latest version of iOS.

1 of 73
Download to read offline
Testing iOS Apps without Jailbreak in 2018 Wojciech Reguła
Pwning WebView ⬇️ https://medium.com/securing
Testing iOS Apps without Jailbreak in 2018 > Whoami Wojciech Reguła • Pentester @ SecuRing • Creator of Ruby secure code examples for OWASP SKF • 🍎 products fan • Blogger – https://wojciechregula.blog wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Agenda 1. Introduction to iOS apps pentests 2. Current jailbreak situation 3. Pentesting without jailbreak • Setting environment 💻 📲 • Pentesting 👾 4. Summary wojciech.regula@securing.pl @_r3ggi wojciech-regula
Why should we care about iOS? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
❤️ SEXUAL ACTIVITY ❤️ BY SMART PHONE BRAND Men Women
Do we really need checking iOS apps security? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Selected problems with iOS apps Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Selected problems with iOS apps Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Selected problems with iOS apps Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
So what we have to check? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 OWASP MASVS V1: Architecture, Design and Threat Modelling V2: Data Storage and Privacy V3: Cryptography Verification V4: Authentication and Session Management V5: Network Communication V6: Platform Interaction V7: Code Quality and Build Settings V8: Resiliency Against Reverse Engineering wojciech.regula@securing.pl @_r3ggi wojciech-regula
Let's split the tests into two stages Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Static analysis Dynamic analysis wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Static analysis Examples: • Excessive data in application package • Binaries security • Obfuscation • ATS configuration, iTunes file sharing wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Examples: • Files saved by application • Data in Keychain • Vulnerable URL handlers (IPC) • Application logs • Certificate pinning • Cache • Confidential information in snapshot Dynamic analysis wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Examples: • Files saved by application • Data in Keychain • Vulnerable URL handlers (IPC) • Application logs • Certificate pinning • Cache • Confidential information in snapshot Dynamic analysis wojciech.regula@securing.pl @_r3ggi wojciech-regula
What do we need a Jailbreak for? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 1. Usually for dynamic analysis 2. For static analysis when we don’t have app package (*ipa) wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 #update – recently it gets better
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 But could have been even better
So, if you are a security guy, why can’t you just create your own jailbreak? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Alriiight, let’s start jailbreaking 😈 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Not so fast! 👿 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak on your iOS but for 32-bit devices wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak exploiting bug in iPhone 7 driver wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak from iOS x.3.0 but you have only iOS x.2.9 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak for your iOS in not public wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak up to iOS y.1.0 but you have only iOS y.1.2 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 SUCCESS: Congratz, you have working jailbreak! 👑 wojciech.regula@securing.pl @_r3ggi wojciech-regula
But there is a way! Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Injecting custom dylib 0*. Downloading application package 1. Setting up the environment 2. Injecting custom dylib & modification of executable file 3. Repacking and signing the package 4. Installing the app on device in debug mode wojciech.regula@securing.pl @_r3ggi wojciech-regula
0*. Downloading application package Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
1. Setting up the environment Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 embedded.mobileprovision Signing certificate wojciech.regula@securing.pl @_r3ggi wojciech-regula
embedded.mobileprovision
embedded.mobileprovision
Signing certificate
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 1. Setting up the environment wojciech.regula@securing.pl @_r3ggi wojciech-regula
Injecting custom dylib & modification of executable file Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
Installing the App in debug mode Link to demo: ➡️ https://vimeo.com/273879188 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Connecting to Frida dylib Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 • Objection (Leonjza, bernard-wagner) • Needle • Directly using Frida • Passionfruit (ChiChou, oleavr) wojciech.regula@securing.pl @_r3ggi wojciech-regula
Connecting with Passionfruit Link to demo: ➡️ https://vimeo.com/273879557 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Files saved by application Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Cookies 🍪 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
User defaults Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Application cache Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Accessing Keychain Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Sometimes it crashes Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
Keychain
Summary Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 1. Jailbreaking needs a lot of effort from us 2. Using ‘dylib injection’ makes it possible to perform pentests of iOS apps 3. This method sometimes causes problems: • SSL Pinning not so obvious like on jailbroken device • How to get the application package (*.ipa)
Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula Try it at home 😎 https://goo.gl/XDD53U
More general mobile sec guide ⬇️ https://www.securing.biz/en/secure-mobile- applications-key-issues/index.html
Question: How do you deal with this problem? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
SecuRing Kalwaryjska 65/6 30-504 Kraków, Poland info@securing.pl tel. +48 124252575 http://www.securing.biz/en Contact Wojciech Reguła wojciech.regula@securing.pl @_r3ggi wojciech-regula

Recommended

Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
SecuRing
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
SecuRing
 
Building&Hacking modern iOS apps
Building&Hacking modern iOS appsBuilding&Hacking modern iOS apps
Building&Hacking modern iOS apps
SecuRing
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
SecuRing
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
SecuRing
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
SecuRing
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
Frans Rosén
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
SecuRing
 

Recommended

Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
SecuRing
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
SecuRing
 
Building&Hacking modern iOS apps
Building&Hacking modern iOS appsBuilding&Hacking modern iOS apps
Building&Hacking modern iOS apps
SecuRing
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
SecuRing
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
SecuRing
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
SecuRing
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
Frans Rosén
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
SecuRing
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Nipun Jaswal
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
Nipun Jaswal
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive MontrealThe State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
Liran Tal
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
Akash Mahajan
 
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chainPLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PROIDEA
 
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
Product School
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
Greg Foss
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
 
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comOWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
SV Ruby on Rails Meetup
 
A bug's life - Decoupled Drupal Security and Vulnerability Management
A bug's life - Decoupled Drupal Security and Vulnerability ManagementA bug's life - Decoupled Drupal Security and Vulnerability Management
A bug's life - Decoupled Drupal Security and Vulnerability Management
Balázs Tatár
 
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)XSS (Cross Site Scripting)
XSS (Cross Site Scripting)
Shubham Gupta
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
Mobile security part 2
Mobile security part 2Mobile security part 2
Mobile security part 2
Romansh Yadav
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
Shakacon
 

More Related Content

What's hot

Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Nipun Jaswal
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
Nipun Jaswal
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive MontrealThe State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
Liran Tal
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
Akash Mahajan
 
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chainPLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PROIDEA
 
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
Product School
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
Greg Foss
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
 
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comOWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
SV Ruby on Rails Meetup
 
A bug's life - Decoupled Drupal Security and Vulnerability Management
A bug's life - Decoupled Drupal Security and Vulnerability ManagementA bug's life - Decoupled Drupal Security and Vulnerability Management
A bug's life - Decoupled Drupal Security and Vulnerability Management
Balázs Tatár
 
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)XSS (Cross Site Scripting)
XSS (Cross Site Scripting)
Shubham Gupta
 

What's hot (20)

Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive MontrealThe State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
 
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chainPLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
 
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
 
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comOWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
 
A bug's life - Decoupled Drupal Security and Vulnerability Management
A bug's life - Decoupled Drupal Security and Vulnerability ManagementA bug's life - Decoupled Drupal Security and Vulnerability Management
A bug's life - Decoupled Drupal Security and Vulnerability Management
 
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)XSS (Cross Site Scripting)
XSS (Cross Site Scripting)
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 

Similar to Testing iOS apps without jailbreak in 2018

Mobile security part 2
Mobile security part 2Mobile security part 2
Mobile security part 2
Romansh Yadav
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
Shakacon
 
Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312
wphillips114
 
Is my app secure?
Is my app secure?Is my app secure?
Is my app secure?
Cláudio André
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
Herman Duarte
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Advanced monitoring
 
iOS Application Security.pdf
iOS Application Security.pdfiOS Application Security.pdf
iOS Application Security.pdf
Ravi Aggarwal
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
 
Are You Ready for iOS 8?
Are You Ready for iOS 8?Are You Ready for iOS 8?
Are You Ready for iOS 8?
Keynote Mobile Testing
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
Licel
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
eightbit
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
eightbit
 
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
 
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
tdc-globalcode
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Márcio Rosa
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
Riddhi Shree
 
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfTop Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
ElanusTechnologies
 
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
Davide Cioccia
 

Similar to Testing iOS apps without jailbreak in 2018 (20)

Mobile security part 2
Mobile security part 2Mobile security part 2
Mobile security part 2
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312
 
Is my app secure?
Is my app secure?Is my app secure?
Is my app secure?
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
 
iOS Application Security.pdf
iOS Application Security.pdfiOS Application Security.pdf
iOS Application Security.pdf
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
Are You Ready for iOS 8?
Are You Ready for iOS 8?Are You Ready for iOS 8?
Are You Ready for iOS 8?
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
 
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
 
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfTop Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
 
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
 

More from SecuRing

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
SecuRing
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
SecuRing
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
SecuRing
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
SecuRing
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
SecuRing
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
SecuRing
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
SecuRing
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
SecuRing
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
SecuRing
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
SecuRing
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
SecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
SecuRing
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
SecuRing
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
SecuRing
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?
SecuRing
 
Czy S w PSD2 znaczy Secure?
Czy S w PSD2 znaczy Secure?Czy S w PSD2 znaczy Secure?
Czy S w PSD2 znaczy Secure?
SecuRing
 
Testowanie bezpieczeństwa chmury na przykładzie AWS.
Testowanie bezpieczeństwa chmury na przykładzie AWS.Testowanie bezpieczeństwa chmury na przykładzie AWS.
Testowanie bezpieczeństwa chmury na przykładzie AWS.
SecuRing
 

More from SecuRing (20)

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?
 
Czy S w PSD2 znaczy Secure?
Czy S w PSD2 znaczy Secure?Czy S w PSD2 znaczy Secure?
Czy S w PSD2 znaczy Secure?
 
Testowanie bezpieczeństwa chmury na przykładzie AWS.
Testowanie bezpieczeństwa chmury na przykładzie AWS.Testowanie bezpieczeństwa chmury na przykładzie AWS.
Testowanie bezpieczeństwa chmury na przykładzie AWS.
 

Recently uploaded

Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 

Recently uploaded (20)

Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 

Testing iOS apps without jailbreak in 2018

  • 1. Testing iOS Apps without Jailbreak in 2018 Wojciech Reguła
  • 3. Testing iOS Apps without Jailbreak in 2018 > Whoami Wojciech Reguła • Pentester @ SecuRing • Creator of Ruby secure code examples for OWASP SKF • 🍎 products fan • Blogger – https://wojciechregula.blog wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 4. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Agenda 1. Introduction to iOS apps pentests 2. Current jailbreak situation 3. Pentesting without jailbreak • Setting environment 💻 📲 • Pentesting 👾 4. Summary wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 5. Why should we care about iOS? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 6. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 7. ❤️ SEXUAL ACTIVITY ❤️ BY SMART PHONE BRAND Men Women
  • 8. Do we really need checking iOS apps security? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 9.
  • 10. Selected problems with iOS apps Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 11.
  • 12.
  • 13. Selected problems with iOS apps Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 14.
  • 15. Selected problems with iOS apps Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 16.
  • 17.
  • 18. So what we have to check? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 19. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 OWASP MASVS V1: Architecture, Design and Threat Modelling V2: Data Storage and Privacy V3: Cryptography Verification V4: Authentication and Session Management V5: Network Communication V6: Platform Interaction V7: Code Quality and Build Settings V8: Resiliency Against Reverse Engineering wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 20. Let's split the tests into two stages Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Static analysis Dynamic analysis wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 21. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Static analysis Examples: • Excessive data in application package • Binaries security • Obfuscation • ATS configuration, iTunes file sharing wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 22. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Examples: • Files saved by application • Data in Keychain • Vulnerable URL handlers (IPC) • Application logs • Certificate pinning • Cache • Confidential information in snapshot Dynamic analysis wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 23.
  • 24. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Examples: • Files saved by application • Data in Keychain • Vulnerable URL handlers (IPC) • Application logs • Certificate pinning • Cache • Confidential information in snapshot Dynamic analysis wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 25. What do we need a Jailbreak for? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 1. Usually for dynamic analysis 2. For static analysis when we don’t have app package (*ipa) wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 26.
  • 27. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 #update – recently it gets better
  • 28. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 But could have been even better
  • 29. So, if you are a security guy, why can’t you just create your own jailbreak? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 30.
  • 31. Alriiight, let’s start jailbreaking 😈 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 32. Not so fast! 👿 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 33. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 34. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak on your iOS but for 32-bit devices wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 35. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 36. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak exploiting bug in iPhone 7 driver wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 37. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 38. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak from iOS x.3.0 but you have only iOS x.2.9 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 39. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 40. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak for your iOS in not public wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 41. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 42. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 FAIL: Jailbreak up to iOS y.1.0 but you have only iOS y.1.2 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 43. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 44. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 SUCCESS: Congratz, you have working jailbreak! 👑 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 45. But there is a way! Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 46. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 Injecting custom dylib 0*. Downloading application package 1. Setting up the environment 2. Injecting custom dylib & modification of executable file 3. Repacking and signing the package 4. Installing the app on device in debug mode wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 47. 0*. Downloading application package Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 48. 1. Setting up the environment Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 embedded.mobileprovision Signing certificate wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 52.
  • 53.
  • 54. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 1. Setting up the environment wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 55. Injecting custom dylib & modification of executable file Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 56.
  • 57.
  • 58.
  • 59. Installing the App in debug mode Link to demo: ➡️ https://vimeo.com/273879188 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 60. Connecting to Frida dylib Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 • Objection (Leonjza, bernard-wagner) • Needle • Directly using Frida • Passionfruit (ChiChou, oleavr) wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 61. Connecting with Passionfruit Link to demo: ➡️ https://vimeo.com/273879557 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 62. Files saved by application Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 63. Cookies 🍪 Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 64. User defaults Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 65. Application cache Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 66. Accessing Keychain Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 67. Sometimes it crashes Wojciech Reguła Testing iOS Apps without Jailbreak in 2018
  • 69. Summary Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 1. Jailbreaking needs a lot of effort from us 2. Using ‘dylib injection’ makes it possible to perform pentests of iOS apps 3. This method sometimes causes problems: • SSL Pinning not so obvious like on jailbroken device • How to get the application package (*.ipa)
  • 70. Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula Try it at home 😎 https://goo.gl/XDD53U
  • 71. More general mobile sec guide ⬇️ https://www.securing.biz/en/secure-mobile- applications-key-issues/index.html
  • 72. Question: How do you deal with this problem? Wojciech Reguła Testing iOS Apps without Jailbreak in 2018 wojciech.regula@securing.pl @_r3ggi wojciech-regula
  • 73. SecuRing Kalwaryjska 65/6 30-504 Kraków, Poland info@securing.pl tel. +48 124252575 http://www.securing.biz/en Contact Wojciech Reguła wojciech.regula@securing.pl @_r3ggi wojciech-regula