Successfully reported this slideshow.
Your SlideShare is downloading. ×

Introduction to IOS Application Penetration Testing

Oct. 29, 2013
6 likes 3,669 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
Loading in …3
×

Check these out next

Untitled 1
Sergey Kochergan
Owasp2013 johannesullrich
drewz lin
iOS Security: The Never-Ending Story of Malicious Profiles
Yair Amit
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
Code protection
whitecryption
20150616 NPO要知道的駭客攻擊手法
Net Tuesday Taiwan
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
Android Security
Arqum Ahmad
1 of 33 Ad

Introduction to IOS Application Penetration Testing

Oct. 29, 2013
6 likes 3,669 views

Download to read offline

Technology

Introduction to IOS Application Penetration Testing - Materi Seminar pada 1 Dekade Echo 1dekade.echo.or.id

Introduction to IOS Application Penetration Testing - Materi Seminar pada 1 Dekade Echo 1dekade.echo.or.id

Technology
License: CC Attribution-NonCommercial License
Advertisement

Recommended

Handout infosec defense-mechanism-y3dips
Ammar WK
1.7k views
37 slides
Mobile hacking, pentest, and malware
Ammar WK
2k views
32 slides
Challenges in Testing Mobile App Security
Cygnet Infotech
965 views
1 slide
Pentesting Android Apps
Abdelhamid Limami
843 views
30 slides
Owasp advanced mobile-application-code-review-techniques-v0.2
drewz lin
2.5k views
65 slides
Security researcher
NoumanShah20
19 views
10 slides
Secure SDLC in mobile software development.
Mykhailo Antonishyn
173 views
18 slides
Mobile Apps Security Testing -1
Krisshhna Daasaarii
1.1k views
29 slides
Advertisement

More Related Content

Slideshows for you (20)

Untitled 1
Sergey Kochergan
656 views
Owasp2013 johannesullrich
drewz lin
1.1k views
iOS Security: The Never-Ending Story of Malicious Profiles
Yair Amit
2k views
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
1.3k views
Code protection
whitecryption
51 views
20150616 NPO要知道的駭客攻擊手法
Net Tuesday Taiwan
11.3k views
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
2.8k views
Android Security
Arqum Ahmad
4.1k views
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
2.8k views
Web Application Security
sudip pudasaini
278 views
Android security
Mobile Rtpl
1.8k views
Android Device Hardening
anupriti
5.1k views
Invited Talk - Cyber Security and Open Source
hack33
900 views
t r
electronicmingle01
3.8k views
How To [relatively] Secure your Web Applications
Ammar WK
208 views
Pegasus Spyware - What You Need to Know
Skycure
7.7k views
Security threats in Android OS + App Permissions
Hariharan Ganesan
328 views
Covert compositional analysis of android inter app permission leakage
LeMeniz Infotech
201 views
YOW! Connected 2014 - Developing Secure iOS Applications
eightbit
564 views
Addressing the OWASP Mobile Security Threats using Xamarin
Alec Tucker
8k views
Untitled 1
Sergey Kochergan
656 views
27 slides
Owasp2013 johannesullrich
drewz lin
1.1k views
34 slides
iOS Security: The Never-Ending Story of Malicious Profiles
Yair Amit
2k views
26 slides
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
1.3k views
72 slides
Code protection
whitecryption
51 views
3 slides
20150616 NPO要知道的駭客攻擊手法
Net Tuesday Taiwan
11.3k views
43 slides

Similar to Introduction to IOS Application Penetration Testing (20)

IBM MobileFirst Reference Architecture 1512 v3 2015
Sreeni Pamidala
1.1k views
BYOM Build Your Own Methodology (in Mobile Forensics)
Reality Net System Solutions
214 views
(Pdf) yury chemerkin hackfest.ca_2013
STO STRATEGY
646 views
MobileIron Presentation
Wing Venture Capital
3.9k views
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
449 views
MobileIrn Presentation
Wing Venture Capital
501 views
(Pptx) yury chemerkin hacker_halted_2013
STO STRATEGY
581 views
Make Mobilization Work - Properly Implementing Mobile Security
Michael Davis
1.1k views
Mobile phone as Trusted identity assistant
Vladimir Jirasek
1.4k views
Mobile Security Training, Mobile Device Security Training
Tonex
70 views
Attack Vectors in Biometric Recognition Systems
Clare Nelson, CISSP, CIPP-E
2.6k views
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
DefCamp
746 views
The JavaScript Revue: Patterns & Frameworks
Adam Roderick
598 views
DSS ITSEC Conference 2012 - Radware WAF
Andris Soroka
432 views
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
25.6k views
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
IBM Danmark
1.4k views
Mobile Enterprise Application Platform
Nugroho Gito
1.5k views
Security testing of mobile applications
GTestClub
1.3k views
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
1.7k views
Building cross platform mobile web apps
James Pearce
1.3k views
IBM MobileFirst Reference Architecture 1512 v3 2015
Sreeni Pamidala
1.1k views
32 slides
BYOM Build Your Own Methodology (in Mobile Forensics)
Reality Net System Solutions
214 views
29 slides
(Pdf) yury chemerkin hackfest.ca_2013
STO STRATEGY
646 views
52 slides
MobileIron Presentation
Wing Venture Capital
3.9k views
26 slides
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
449 views
49 slides
MobileIrn Presentation
Wing Venture Capital
501 views
27 slides
Advertisement

More from Ammar WK (20)

Vvdp-fgd-bssn
Ammar WK
851 views
Pen-testing is Dead?
Ammar WK
692 views
A Journey Into Pen-tester land: Myths or Facts!
Ammar WK
1.1k views
Cybercrime: A threat to Financial industry
Ammar WK
885 views
Bugbounty vs-0day
Ammar WK
1.3k views
Advanced Persistent Threat
Ammar WK
3.3k views
Hacker? : it's not about Black or White
Ammar WK
1.7k views
Burp suite
Ammar WK
5.7k views
Web Hacking (basic)
Ammar WK
52.1k views
Network Packet Analysis
Ammar WK
2k views
Packet analysis (Basic)
Ammar WK
2.4k views
Network security
Ammar WK
946 views
Penetration testing
Ammar WK
2.6k views
Information Security Professional
Ammar WK
1.1k views
Layer 7 denial of services attack mitigation
Ammar WK
1.5k views
How To Become A Hacker
Ammar WK
776 views
y3dips - Who Own Your Sensitive Information?
Ammar WK
673 views
idsecconf2010-hacking priv8 network
Ammar WK
782 views
Mastering Network HackingFU - idsecconf2008
Ammar WK
703 views
Attacking Blackberry For Phun and Profit
Ammar WK
1.3k views
Vvdp-fgd-bssn
Ammar WK
851 views
85 slides
Pen-testing is Dead?
Ammar WK
692 views
19 slides
A Journey Into Pen-tester land: Myths or Facts!
Ammar WK
1.1k views
54 slides
Cybercrime: A threat to Financial industry
Ammar WK
885 views
81 slides
Bugbounty vs-0day
Ammar WK
1.3k views
49 slides
Advanced Persistent Threat
Ammar WK
3.3k views
77 slides

Recently uploaded (20)

Pharmacophore mapping and virtual screening(CADD) ppt.pptx
MZzaddy
0 views
Q4.pdf
Diego Armando Guzmán
0 views
TM Forum Open APIs: Enabling A Zero Intergration API economy.pdf
JuanLungA
0 views
Digital.docx
MuhammadKhalil502533
0 views
Transcript: New from BookNet Canada for 2022: Loan Stars - Tech Forum 2023
BookNet Canada
0 views
cellular 2.ppt
bappy17
0 views
CNE Microproject Report.pdf
Nehaam3
0 views
Q3.pdf
Diego Armando Guzmán
0 views
BA and data visualization.pdf
ssuser6aa125
0 views
Webinar: Digital Transformation For B2B Commerce Growth
APPSeCONNECT
0 views
Webinar: Silicon Carbide (SiC): A tecnologia do futuro para projetos de potência
Embarcados
0 views
PTZOptics - 2023 Presentation.pdf
Paul Richards
0 views
TADIOSG_DMZ.pptx
GodwinTadios
0 views
Make Your MANAGED IT SERVICES CONSULTING Reality With HEX64.docx
HEX64
0 views
SQL Server History.pptx
PraveenKumar354646
0 views
Medical Oxygen Plant.pdf
MedicalOxygenPlant
0 views
portfolio of Milkyas Abdulkerim .pdf
SamuelAssefa9
0 views
Augmented Reality for Learning and Accessibility
Shalin Hai-Jew
0 views
Learn How to Turbocharge Your AI/ML Data Workflows with Data Enrichment
Precisely
0 views
ChatGPT and Mulesoft.pptx
shiva310211
0 views
Pharmacophore mapping and virtual screening(CADD) ppt.pptx
MZzaddy
0 views
9 slides
Q4.pdf
Diego Armando Guzmán
0 views
8 slides
TM Forum Open APIs: Enabling A Zero Intergration API economy.pdf
JuanLungA
0 views
30 slides
Digital.docx
MuhammadKhalil502533
0 views
3 slides
Transcript: New from BookNet Canada for 2022: Loan Stars - Tech Forum 2023
BookNet Canada
0 views
2 slides
cellular 2.ppt
bappy17
0 views
27 slides
Advertisement

Introduction to IOS Application Penetration Testing

  1. 1. Introduction to iOS Mobile Application Penetration Testing 1 Dekade ECHO.OR.ID @y3dips
  2. 2. MobileSmartphone www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png
  3. 3. http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/
  4. 4. Mobile Infrastructure
  5. 5. http://mobile.infostretch.com/images/application-architecture.jpg
  6. 6. http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png
  7. 7. http://www.ipfaces.org/sites/default/files/images/schema.gif
  8. 8. Mobile Infrastructure Mobile Client/ Application Communication Channel Server Side Infrastructure
  9. 9. Mobile Infrastructure Mobile Client/ Application Communication Channel Server Side Infrastructure
  10. 10. Facteur d'attaque
  11. 11. Attack Vector Information Disclosure Insecure File Permission Authentication & Authorization Session Management Client Side Injection Logic (Business) Testing Data Protection Decompiling Etc.
  12. 12. ວiທ$ການ
  13. 13. Methodology Information Gathering Analysis Exploitation Report & QA
  14. 14. http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png
  15. 15. http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg
  16. 16. Inventory Jailbroken Device Decompiler Analysis Tools Hacker’s Mind Security Tools Proxy
  17. 17. Cheat Sheet Applica'on_home /var/mobile/Applica.ons/[folder]/app_name Config  files Applica.on_Home/Library/Preferences/app_name.plist Database .db,  .sqlite,  .sqlite3,  * Cache Applica.on_Home/Library/Caches Cookies cookies.binarycookies  |  copy  read  with  binarycookies.py Logs see  logs  via    iphone  configura.on  u.lity List  Running  Apps ps  -­‐axf Decompiler/Disassembler otool,  class-­‐dump-­‐o,  class-­‐dump-­‐z,  gdb Analysis  Tools/Framework snoop-­‐it  ,  cycript
  18. 18. Cycript Objective-Javascript www.cycript.org Hook into a running process of the application
  19. 19. Cycript
  20. 20. Snoop-it Dynamic Analysis Tools Runtime Tracing Capabilities Invoke Arbitrary methods at runtime Bypass basic Jailbreak detection
  21. 21. Snoop-it
  22. 22. Proof-Of-concept
  23. 23. Proof of concept
  24. 24. Proof of concept
  25. 25. Proof of concept
  26. 26. Proof of concept
  27. 27. Proof of concept
  28. 28. Snoop-it
  29. 29. Reference IOS Application Security Testing Cheat Sheet - http:// owasp.org Series of article "Penetration testing of iPhone applications" - http://securitylearn.net Snoop-it official page https://code.google.com/p/ snoop-it Cycript Tricks http://iphonedevwiki.net/index.php/ Cycript_Tricks
  30. 30. http://sciencetoybox.com/images/Procedures/Raising_hands.jpg

×