DUBLIN–(BUSINESS WIRE)–The “3-Day
Training: iOS 11/12 Userspace Exploitation Training” training
has been added to ResearchAndMarkets.com’s offering.

For years we have taught iOS Kernel Exploitation to a large crowd of
students. However more and more students have been asking for a similar
course targetted at iOS Userspace Exploitation. Therefore for 2019 we
have finally added this course to our syllabus.

In this 3-day training, participants will take a deep dive into topics
related to iOS 11/12 userpace level exploitation. This starts with a
short crash course in ARM64 followed by an introduction into the details
of iOS userspace from memory layout and its randomization over
sandboxing and IPC to the attack surface of applications, daemons and
browsers.

The following days will then concentrate on common vulnerabilities in
these areas and how they are usually exploited. The course will also
introduce the students to the heap implementations involved to fully
understand the heap exploitation examples.

All hands on exercises will be performed on iOS devices on iOS 11.x that
will be provided by the trainer for the duration of the course.

Key Learning Objectives

• Understanding iOS exploitation on ARM64
• Understanding the iOS sandboxing from userspace
• Understanding userspace exploit mitigations
• Common vulnerabilities in iOS applications and daemons and their
  exploitation
• Understanding iOS userpace heap implementations
• Basics of iOS browser exploitation

Prerequisite Knowledge

Basic knowledge of exploitation (preferably on ARM platform)

Hardware / Software Requirements

• MacBook with latest MacOS
• latest XCode with support for iOS 11/12
• IDA Pro 7.x or Hopper
• (optionally) iOS device on iOS 11

Agenda

Time: 9.00am – 6.00pm

Day 1

• ARM64 Architecture and Assembly for Userspace Exploitation
• iOS Userspace Memory Layout
• Dynamic Loading Frameworks, Libraries and ASLR
• Understanding Applications, Daemons and Browsers
• iOS Sandboxing and Inter Process Communication
• Userspace Exploit Mitigations
• Userspace Attack Surface

Day 2

• Debugging on iOS
• Working with or without Jailbreaks
• iOS Userland Heap Implementation
• Vulnerabilities and their Exploitation in Applications
• Vulnerabilities and their Exploitation in Daemons

Day 3

• ARMv8.3 Pointer Authentication
• WebKit Heap Implementation
• Exploitation of WebKit/JavaScriptCore based bugs

For more information about this training visit https://www.researchandmarkets.com/research/v2jkdp/3day_training?w=4

Contacts

ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For
E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call
1-800-526-8630
For GMT Office Hours Call +353-1-416-8900
Related
Topics: Professional
Development and Training, Operating
Systems