While there has certainly been valuable interesting research of blackbox security assessments techniques presented on different conferences, it exclusively has almost focused on application layer of iOS. The recent disclosures on surveillance programs suggests that mobile users also being targeted not only by cyber criminals but also spy agencies. The level of skill and effort to prevent such an attack requires a reproducible threat model - a REDteam exercise. This talk appeals to hands-on iOS hackers looking to dive into iOS Security Architecture, Sandbox mechanism, ARM64 assembly and Security APIs while being firmly accompanied with always overlooked penetration testing techniques and the ways of how to automate them. The talk will cover dynamic memory reversing and how to tackle cryptography on an assessment so that participants will understand how to quantitatively and qualitatively carry an offensive penetration testing or forensic examination of an iOS environment.
Omer is working as an Ethical Hacker for KPN's (Royal Dutch Telecom) REDteam in Amsterdam, the Netherlands. He enjoys diving into lines of codes to spot bugs, tinkering in front of a debugger cluelessly and developing wise tactics/tools to break applications on his day to day work. He holds a Honour’s Engineering degree in Computer Science.
Mark is an Ethical Hacker at KPN's (Royal Dutch Telecom) REDteam in Amsterdam, the Netherlands. He has experiences in performing penetration tests and security assessments of complex technical environments and he is specialized in reverse engineering and coding of mobile applications.