Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Mobile Penetration Testing - iOS Application (2020 Edition)
Rating: 4.0 out of 5(43 ratings)
834 students

Mobile Penetration Testing - iOS Application (2020 Edition)

Learn how to pentest iOS Applications using the latest tools,automated frameworks ,Kali Linux & customized mobile VM
Created byPentestSkills BE | CEH | OSCP
Last updated 9/2020
English

What you'll learn

  • Learn how to jailbreak an iphone (13.5-11)
  • Learn the fundamentals of iOS Application Penetration Testing without Macbook (Only Kali Linux,Mobile Specific VM with preinstalled tools & Windows Machine used)
  • Learn how to pentest iOS Applications built using Objective-C
  • Learn iOS Application Penetration Testing using the modern day tools and techniques - Good Bye to old school tools
  • Learn how to trace HTTP calls of an iOS app using Frida
  • Learn how to trace crypto calls made by an iOS app using Frida
  • Learn how to bypass Jailbreak detection in iOS Apps using objection
  • Learn how to install and execute MobSF framework
  • Learn how to Decrypt IPA files and reverse engineer using Hopper

Course content

1 section14 lectures2h 26m total length

  • About The Course3:36

    Explore iOS mobile penetration testing by understanding attack surfaces, setting up a dedicated VM with integrated tools, and performing dynamic and static analysis, traffic interception, and Holper-based reverse engineering.

  • Mobile Attack Surface5:53
  • Installation & Configuration of Mobile Pentest specific VM2:23
  • Latest Jialbreaking Techniques Iphone (13.5-11) - Using Uncover & Checkra1n5:34

    Jailbreak iOS devices from 11 to 13.5 using Uncover, with Windows-based setup, iCloud configuration, and sideloading the Uncover ipa for post-jailbreak testing of iOS apps.

  • Setting Up iOS Pentesting Environment - Installing Various Tools18:51

    Set up an iOS pentesting environment by installing tools on an iPhone, Windows, or customized VM, manage repositories, and analyze apps offline via local files.

  • Exploiting Insecure Data storage - Sqlite Data,Plist Files,KeyChain,NSUser31:27

    Identify and assess insecure data storage in iOS apps by examining SQLite data, plist files, NSUserDefaults, and the keychain, exposing sensitive information across app directories.

  • MobSF Installation & Execution8:23
  • Running MobSF for static analysis of IPA5:20

    Perform static analysis of an IPA with MobSF to generate a detailed report, then extract the IPA from a jailbroken iPhone using iPhone lockbox and upload it for automated assessment.

  • Running MobSF post extracting IPA for static Analysis6:52

    Run MobSF on an iOS IPA for static analysis by installing tools, transferring the IPA from the device to a workstation, and reviewing the resulting report.

  • Dynamic Assessment- Configuration of device & Burp Proxy10:15

    Configure your iOS device to route traffic through the Burp proxy by setting the correct IP and port, installing and trusting the certificate, to intercept app traffic for dynamic assessment.

  • Class-Dump using otool11:24
  • Runtime Analysis with Frida-Installation and Hooking into iOS Application7:47

    Install Frida on computer and iOS device, establish client-server setup, enumerate connected devices and running apps, and hook into an iOS app for dynamic runtime analysis and testing.

  • Runtime Manipulation Using Frida28:22

    Use Frida to perform runtime manipulation on an iOS app, identify the jailbreak detection class and methods, dump class data, and modify return values to bypass detection.

  • Reverse Engineering of IPA using Hopper0:01

Requirements

  • The course covers all the required basics

Description

This course is created to make iOS Pentesting simple,easy & smart using customized mobile specific VM & Kali Linux with leatest tools and technologies


This course introduces students to the security concepts associated with iOS Apps developed using Objective-C (Swift iOS Apps are not used in the course). This is an intermediate level course, which begins with beginner level concepts. This course covers a variety of concepts such as iOS Application structure, Reversing iOS Apps using Hopper, Bypassing client side restrictions such as Jailbreak detection, SSL Pinning etc. . This course teaches you how to identify a variety of iOS App vulnerabilities such as Insecure Data Storage, Insecure Logging, Weak Jailbreak detection, insecure end to end encryption, SQL Injection etc.


The best part of the course is that you will get a detailed understanding of how to trace an iOS app's runtime and write a bunch of Frida scripts to pentest the target applications.

Who this course is for:

  • Penetration Testers
  • Security professionals who are interested in Mobile App Security
  • Anyone who is interested in ethical hacking and penetration testing
  • Anyone who is interested in information security concepts

Report abuse