3-Day Training: iOS 11/12 Userspace Exploitation Training (Amsterdam, Netherlands – May 6-8, 2019) – ResearchAndMarkets.com

Training: iOS 11/12 Userspace Exploitation Training”
has been added to ResearchAndMarkets.com’s offering.

For years we have taught iOS Kernel Exploitation to a large crowd of
students. However more and more students have been asking for a similar
course targetted at iOS Userspace Exploitation. Therefore for 2019 we
have finally added this course to our syllabus.

In this 3-day training, participants will take a deep dive into topics
related to iOS 11/12 userpace level exploitation. This starts with a
short crash course in ARM64 followed by an introduction into the details
of iOS userspace from memory layout and its randomization over
sandboxing and IPC to the attack surface of applications, daemons and

The following days will then concentrate on common vulnerabilities in
these areas and how they are usually exploited. The course will also
introduce the students to the heap implementations involved to fully
understand the heap exploitation examples.

All hands on exercises will be performed on iOS devices on iOS 11.x that
will be provided by the trainer for the duration of the course.

Key Learning Objectives

  • Understanding iOS exploitation on ARM64
  • Understanding the iOS sandboxing from userspace
  • Understanding userspace exploit mitigations
  • Common vulnerabilities in iOS applications and daemons and their
  • Understanding iOS userpace heap implementations
  • Basics of iOS browser exploitation

Prerequisite Knowledge

Basic knowledge of exploitation (preferably on ARM platform)

Hardware / Software Requirements

  • MacBook with latest MacOS
  • latest XCode with support for iOS 11/12
  • IDA Pro 7.x or Hopper
  • (optionally) iOS device on iOS 11


Time: 9.00am – 6.00pm

Day 1

  • ARM64 Architecture and Assembly for Userspace Exploitation
  • iOS Userspace Memory Layout
  • Dynamic Loading Frameworks, Libraries and ASLR
  • Understanding Applications, Daemons and Browsers
  • iOS Sandboxing and Inter Process Communication
  • Userspace Exploit Mitigations
  • Userspace Attack Surface

Day 2

  • Debugging on iOS
  • Working with or without Jailbreaks
  • iOS Userland Heap Implementation
  • Vulnerabilities and their Exploitation in Applications
  • Vulnerabilities and their Exploitation in Daemons

Day 3

  • ARMv8.3 Pointer Authentication
  • WebKit Heap Implementation
  • Exploitation of WebKit/JavaScriptCore based bugs

For more information about this training visit https://www.researchandmarkets.com/research/v2jkdp/3day_training?w=4


Laura Wood, Senior Press Manager
E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call
For GMT Office Hours Call +353-1-416-8900
Topics: Professional
Development and Training
, Operating

Thank you for donating to DutchNews.nl.

We could not provide the Dutch News service, and keep it free of charge, without the generous support of our readers. Your donations allow us to report on issues you tell us matter, and provide you with a summary of the most important Dutch news each day.

Make a donation