Cover Image for null Bangalore Humla: iOS Pentesting Workshop

Hosted By

null Bangalore Humla: iOS Pentesting Workshop

Name: null Bangalore Humla: iOS Pentesting Workshop
Start: 2025-04-19T09:00:00.000+05:30
End: 2025-04-19T17:00:00.000+05:30
Location: To be announced

Hosted by Null Bangalore

To be announced

Past Event

Welcome! To join the event, please register below.

You will be asked to verify token ownership with your wallet.

About Event

iOS Application Penetration Testing Guide

Pre-requisites

Jailbroken iPhone/iPad
- Participants can check out the links below for jailbreaking your iPhone/iPad devices as different devices require different steps:
- iOS CFW Guide: Get Started
- iDevice Central Jailbreak Tool Finder
Required Hardware/Software
- Windows machine, Kali Linux, or Macbook
For Already Jailbroken Devices
- Add repositories and respective tweaks using:
- Essential Tools Repository
Frida & Objection Installation
- Setup Guide
Other Required iOS Pentest Tools
- iOS Application Pentest Repository

iOS Application & Pentesting Background

iOS Architecture Overview
Understanding Jailbreak & Its Types
Rootless vs. RootFul Jailbreaks
Jailbreaking an iDevice (Multiple Methods)
- Unc0ver, Palera1n (Rootful & Rootless), Dopamine, Dopamine RootHide, Bootstrap RootHide etc.
Don't Get Jailbroken by a Jailbreak: Spot the Fakes!
Physical Device vs. Corellium for Testing
IPA File Structure Breakdown (Swift, Cordova, Flutter & XAMARIN)
Installing iOS Applications on Jailbroken & Non-Jailbroken Devices (Various Methods)
iOS Application Sandbox Structure
Necessary Tools Installation
Extracting & Dumping Decrypted IPA Files (Multiple Methods)
Static Analysis of Applications (Manual & Automated Approaches)

Exploring Some Basic Vulnerabilities

Testing Local Storage Security (Filza & Objection)
Assessing Application Binary Protection
Dumping & Analyzing Sensitive Data in Keychain
Performing Memory Dumps

Advanced Testing Techniques & Vulnerabilities

Bypassing Advanced Jailbreak Detection Using (Swift, Cordova, Flutter & XAMARIN):
- 14+ Tweaks
- Frida & Custom Script Creation
- Objection
- Custom Hooking
Traffic Interception & Certificate Pinning
- Intercepting iOS application traffic
- Understanding Certificate Pinning
- Bypassing Certificate Pinning Using:
- Tweaks
- Frida
- Objection
- Intercepting Traffic from Flutter Applications
- Bypassing Certificate Pinning on Flutter Apps (Multiple Methods)
- Bypassing Certificate Pinning on XAMARIN Apps
- Capturing HTTP/HTTPS Traffic Without Bypassing Certificate Pinning
Application Reversing & Exploitation
- Reversing iOS application (Swift, Cordova, Flutter & XAMARIN)
- DeepLink Exploitation: (Multiple Vulnerabilities)

Pentesting on Non-Jailbroken iDevices

Evaluating Local Storage Security Risks on Non-Jailbroken iOS Devices
Exploring Frida & Objection on Non-Jailbroken Devices:
- By Patching the Application
- Without Patching the Application

Location

To be announced

Hosted By

null Bangalore Humla: iOS Pentesting Workshop

​iOS Application Penetration Testing Guide

​Pre-requisites

​iOS Application & Pentesting Background

​Exploring Some Basic Vulnerabilities

​Advanced Testing Techniques & Vulnerabilities