DeepSec2016 Workshop: Offensive iOS Exploitation – Marco Lancini
If an iPhone gets exploited in the forest and no one is around to 0wn it, does it worry you? This philosophical question has been answered sufficiently by the latest Pegasus incident. All smartphone should worry you. The iPhone and its operating system is no exception. Actually breaking a smartphone give an attacker a lot of advantages. Chances are that you carry the exploited device with you all the time. At last the Age of Mobility has reached information security!
In order to develop exploits you need a healthy dose of software development and a (deep) knowledge of the platform being attacked. For those of you who do a lot of penetratoion testing, security analysis, or plain software quality management, we have a shortcut for you: the iOS exploitation workshop.
This is an exercise-driven training course that uses detailed tutorials to guide the attendee through all the steps necessary to exploit a real iOS application, and, in the process, provide an understanding of the modern attacker’s mind-set and capabilities. This course will cover iOS hacking, from the basics of vulnerability hunting on the platform to advanced exploitation techniques. At its conclusion, the course will also have imparted the information necessary to develop secure and robust applications.
Since your adversaries have gone mobile, so should you. We recommend this workshop especially for anyone who needs to defend users and company networks. Don’t let yourself being fooled by the word offensive. Once you understand what the attack looks like, you can improve the defence. Drop by and drop some 0wnage on iPhones!
Marco Lancini is a Security Consultant at MWR InfoSecurity in the UK, specialising in mobile applications. He works assessing apps and device configurations for a number of large organisations including banking, financials, telco, and energy providers. He holds a Master’s Degree in Engineering of Computing Systems from the Politecnico di Milano University, and international certifications such as OSCP.
He has previously presented at Black Hat, DeepSec, Bsides, ACSAC, CCS, and NATO’s CYCON. He is a contributor of the OWASP Project and a Technical Reviewer of some IEEE Journals.