TMG Security

TMG English Courses

IOS Penetration Testing (Bug Bounty)

Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

IOS Penetration Testing (Bug Bounty) Live Batch

 

  • Starting From: 24th May 2024
  • Duration: 1 Month (15+ Hours)

Description

This course introduces students to the IOS Pentesting & IOS Bug Bounty concepts associated with IOS application pentesting. We encourage you to take this course if you are a complete beginner in IOS bug bounty world. This course uses a custom-developed on Real World IOS application pentesting to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of IOS vulnerabilities lies in the Server-side, Client-side.

Requirements:

  • The course starts from basics, however, it is good to have basic knowledge of Web applications, API Pentesting & Android pen-testing.

Topics:

Introduction & Setting up your environment

  • Mobexler OS
  • Using MacOS on a Windows Machine
  • Simulators and Emulators
  • Jailbreaking and its Types
  • Jailbreak iOS 15,16,17 devices
  • Capturing HTTP Requests from an iOS device!

Introduction to iOS file Structure

  • Introduction to iOS Applications
  • All about Info .plist files
  • Discovering UDID
  • iPhone Shell
  • Transferring data between iPhones and PC
  • Extracting and Decrypting IPAs
  • Sideloading iOS Applications
  • iOS Data Protection
  • iOS Keychain
  • iOS App Capabilities and Purpose Strings

OWASP Mobile TOP 10 2024

  • What is OWASP?
  • M1: Improper Credential Usage
  • M2: Inadequate Supply Chain Security
  • M3: Insecure Authentication/Authorization
  • M4: Insufficient Input/Output Validation
  • M5: Insecure Communication
  • M6: Inadequate Privacy Controls
  • M7: Insufficient Binary Protections
  • M8: Security Misconfiguration
  • M9: Insecure Data Storage
  • M10: Insufficient Cryptography

Static Analysis

  • Automatic Static Analysis using MobSF
  • FileSystem Analysis
  • App Logs Analysis
  • Hardcoded Credentials
  • Database Analysis
  • Keychain Analysis
  • Pasteboard Analysis
  • WebViews Analysis
  • Applications Memory Analysis
  • Insecure APIs/Functions Analysis
  • Reverse Engineering using iRET
  • Reverse Engineering using Hopper

Dynamic Analysis

  • Tweaks, Cydia/Sileo, Substitute
  • Installing Tweaks
  • Installing Frida
  • Jailbreak Detection
  • Jailbreak Detection Bypass using Frida
  • Jailbreak Detection Bypass using Shadow
  • Jailbreak Detection Bypass using Liberty
  • Jailbreak Detection Bypass using A-Bypass
  • Jailbreak Detection Bypass using Objection
  • Jailbreak Detection other Utilites
  • SSL Pinning
  • SSL Pinning Bypass using Frida
  • SSL Pinning Bypass using SSL Kill Swtich
  • SSL Pinning Bypass using Objection
  • TouchID/FaceID Bypass
  • iOS Security Framework iNalyzer
  • Simple iOS app blackbox assessment tool – Passionfruit
  • Objection Framework and its commands!
  • Blackbox tool Introspy
  • Dump Keychain Values – keychaindumper
  • Read Cookies – BinaryCookieReader
  • Load desired View Controller – Scwapper
  • Solving Vulnerable Application – iGoat & DVIA

Multiple Live Attack PoCs

 

Learning from iOS Hacker one Reports

 

Tips & Tricks & Doubts

  • IOS Pentesting Checklist
  • Setting up your custom Methodology
  • How to create your own Nuclei templates for iOS Pentesting Nuclei
  • Using Objection and Frida without Jailbreaking the device
  • IOS Frida Scripts

IOS Bug Bounty Hunting on Real World Applications

  • Live IOS Bug Bounty Targets Hunting

Benefits :

  • Get ISO Certified Certification
Show More

What Will You Learn?

  • OWASP IOS Mobile PENTESTING
  • IOS-Pentesting using Bug Bounty Approach
  • Learn what are IOS Pentesting Methods
  • Learn how to pentest IOS Applications
  • Learn common vulnerabilities in IOS
  • Learn to exploit Static Analysis
  • Learn to exploit Dynamic Analysis
  • Learn automated tools for IOS Security Testing

Course Content

Introduction to IOS Penetration Testing / Bug Bounty
Join IOS Penetration Testing Community Group to Join Live Classes

  • Join IOS Penetration Testing Community Group to Join Live Classes
    00:00

Access Videos & Materials

Scroll to Top