一比一原版(Vancouver毕业证书)温哥华岛大学毕业证成绩单如何办理
oda35dsp
13 views
12 slides
Jun 02, 2024
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
原件一模一样【微信:6496090 】【(Vancouver毕业证书)温哥华岛大学毕业证成绩单】【微信:6496090 】学位证,留信认证(真实可查,永久存档)原件一模一样/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕�...
Slide Content
IOS PENTESTING: A BEGINNER'S PRACTICAL GUIDE By Abida Shariff Lead Security Engineer
WHOAMI I’m Abida Shariff Lead Security Engineer at Redsentry Web Application, iOS & Android Researcher OSCP, eJPT, CEH Certified Just a curious geek
Jailbroken Devices and iOS Versions Jailbreaking Software iOS Version Support Supported Devices Notes Checkra1n Up to iOS 14.8.1 Up to iPhone X (A11 chip and older) Uses checkm8 exploit Palera1n iOS 15.0 to iOS 17.4 A11 chips and older Based on checkm8 exploit Dopamine iOS 15.0 to iOS 16.6.1 A12 to A16 and M1 to M2 chips Focuses on newer devices, does not support latest versions beyond iOS 16.6.1 Emulators : Tools like Corellium offer cloud-based iOS environments for security testing without needing physical devices.
Tools: A Pentester’s Arsenal Frida : Objection : Otool : Dynamic instrumentation toolkit Allows injection of scripts into application Explore and modify runtime operations Package: build.frida.re Runtime mobile exploration toolkit Uses Frida Assesses security posture of mobile applications Inspecting the structure and contents of executable files and libraries Analyzing binary dependencies and linked frameworks Debugging and reverse engineering applications
IPA File Structure Payload Folder Main directory of the IPA file Contains all executable and non-executable files for the app app Folder Contains the actual iOS application folder (.app directory) Includes the executable file of the app (e.g., AppName.app) Contains resources like images, sounds, and other assets Info.plist Key file within the .app folder Contains metadata about the application Version Display name SDK version Other configuration details necessary for the iOS system
Extracting and Exploring IPA Files Leverage powerful tools like IMazing , AppIndex , IPAtool and via Filza to effectively extract IPA files from your iOS devices, opening the door to deeper security analysis and reverse engineering. S mall Demo….
Installing IPA Files on Jailbroken Devices To install IPA files on iOS devices, several tools can be used : 3uTools Windows and Mac users Manages iOS devices F eatures: IPA installation, jailbreaking, device management Sideloadly Compatible with Windows and Mac Sideloads IPA files using an Apple ID Facilitates installation of apps not available on the App Store TrollStore Install IPA’s directly from the device or via a computer No revokes or re-signing required Small Demo again..
Jailbreak Detection and SSL Pinning Bypass Bypass Jailbreak Detection Hook into app's code Disable or alter jailbreak detection mechanisms Bypass SSL Pinning Intercept and manipulate traffic Hook into app's SSL handling routines
Static Analysis of IPA Files 1 MobSF: Comprehensive App Scanning Leverage the Mobile Security Framework (MobSF) to perform in-depth static analysis on IPA files. Uncover code vulnerabilities, sensitive data leaks, and potential security weaknesses. 2 O tool: Examining Binary Structure Use the powerful otool utility to inspect the structure and contents of the IPA files compiled binary. Identify libraries, and other valuable information for security assessment. 3 Frida: Dynamic Instrumentation Integrate the Frida framework to dynamically hook into the running iOS app and observe its behavior, intercept function calls, and uncover hidden functionality. 4 Plist Editor Pro: View Plist Files Plist Editor Pro is a tool used for viewing plist files, to store settings and configuration information.
Local Storage L ocal storage refers to the various methods an application uses to store data directly on a device. Key local storage mechanisms include NSUserDefaults, used for storing user preferences and small pieces of data, and Keychain, designed for securely storing sensitive information such as passwords and tokens.
References https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting/frida-configuration-in-ios https://mas.owasp.org/MASTG/tools/ios/MASTG-TOOL-0074/ https://idevicecentral.com/ios-jailbreak-tool-finder/ https://redfoxsec.com/blog/sensitive-data-exposure-in-local-storage-ios/
THANK YOU Twitter https:// twitter.com/BawseOne Linkedin https://www.linkedin.com/in/abidashariff/
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 12
- Age 547 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views