TMG Security

IOS Penetration Testing (Bug Bounty)

Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

IOS Penetration Testing (Bug Bounty) 

 

Description

This course introduces students to the IOS Pentesting & IOS Bug Bounty concepts associated with IOS application pentesting. We encourage you to take this course if you are a complete beginner in IOS bug bounty world. This course uses a custom-developed on Real World IOS application pentesting to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of IOS vulnerabilities lies in the Server-side, Client-side.

Requirements:

  • The course starts from basics, however, it is good to have basic knowledge of Web applications, API Pentesting & Android pen-testing.

Topics:

Introduction & Setting up your environment

  • Mobexler OS
  • Using MacOS on a Windows Machine
  • Simulators and Emulators
  • Jailbreaking and its Types
  • Jailbreak iOS 15,16,17 devices
  • Capturing HTTP Requests from an iOS device!

Introduction to iOS file Structure

  • Introduction to iOS Applications
  • All about Info .plist files
  • Discovering UDID
  • iPhone Shell
  • Transferring data between iPhones and PC
  • Extracting and Decrypting IPAs
  • Sideloading iOS Applications
  • iOS Data Protection
  • iOS Keychain
  • iOS App Capabilities and Purpose Strings

OWASP Mobile TOP 10 2024

  • What is OWASP?
  • M1: Improper Credential Usage
  • M2: Inadequate Supply Chain Security
  • M3: Insecure Authentication/Authorization
  • M4: Insufficient Input/Output Validation
  • M5: Insecure Communication
  • M6: Inadequate Privacy Controls
  • M7: Insufficient Binary Protections
  • M8: Security Misconfiguration
  • M9: Insecure Data Storage
  • M10: Insufficient Cryptography

Static Analysis

  • Automatic Static Analysis using MobSF
  • FileSystem Analysis
  • App Logs Analysis
  • Hardcoded Credentials
  • Database Analysis
  • Keychain Analysis
  • Pasteboard Analysis
  • WebViews Analysis
  • Applications Memory Analysis
  • Insecure APIs/Functions Analysis
  • Reverse Engineering using iRET
  • Reverse Engineering using Hopper

Dynamic Analysis

  • Tweaks, Cydia/Sileo, Substitute
  • Installing Tweaks
  • Installing Frida
  • Jailbreak Detection
  • Jailbreak Detection Bypass using Frida
  • Jailbreak Detection Bypass using Shadow
  • Jailbreak Detection Bypass using Liberty
  • Jailbreak Detection Bypass using A-Bypass
  • Jailbreak Detection Bypass using Objection
  • Jailbreak Detection other Utilites
  • SSL Pinning
  • SSL Pinning Bypass using Frida
  • SSL Pinning Bypass using SSL Kill Swtich
  • SSL Pinning Bypass using Objection
  • TouchID/FaceID Bypass
  • iOS Security Framework iNalyzer
  • Simple iOS app blackbox assessment tool – Passionfruit
  • Objection Framework and its commands!
  • Blackbox tool Introspy
  • Dump Keychain Values – keychaindumper
  • Read Cookies – BinaryCookieReader
  • Load desired View Controller – Scwapper
  • Solving Vulnerable Application – iGoat & DVIA

Multiple Live Attack PoCs

 

Learning from iOS Hacker one Reports

 

Tips & Tricks & Doubts

  • IOS Pentesting Checklist
  • Setting up your custom Methodology
  • How to create your own Nuclei templates for iOS Pentesting Nuclei
  • Using Objection and Frida without Jailbreaking the device
  • IOS Frida Scripts

IOS Bug Bounty Hunting on Real World Applications

  • Live IOS Bug Bounty Targets Hunting

Benefits :

  • Get ISO Certified Certification
Show More

What Will You Learn?

  • OWASP IOS Mobile PENTESTING
  • IOS-Pentesting using Bug Bounty Approach
  • Learn what are IOS Pentesting Methods
  • Learn how to pentest IOS Applications
  • Learn common vulnerabilities in IOS
  • Learn to exploit Static Analysis
  • Learn to exploit Dynamic Analysis
  • Learn automated tools for IOS Security Testing

Course Content

Introduction to IOS Penetration Testing / Bug Bounty
Join IOS Penetration Testing Community Group to Join Live Classes

  • Join IOS Penetration Testing Community Group to Join Live Classes
    00:00

Access Videos & Materials

Scroll to Top