Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Securitytube Ios Security Expert: Online Training

    Enviado por

    Ankush
    28 visualizações32 páginas
    IOS security

    Título original

    Module 1 Introduction

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    IOS security

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    28 visualizações32 páginas

    Securitytube Ios Security Expert: Online Training

    Enviado por

    Ankush
    IOS security

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 32

    SecurityTube

    iOS Security Expert

    Online Training: h6p://www.Securitytube-Training.com

    SecurityTube.net

    Introduc?on to iOS
    Vivek Ramachandran
    Founder, SecurityTube.net
    Training: h6p://securitytube-training.com

    SecurityTube.net

    Course Requirements
    Hardware
    Jailbroken iPhone / iPad
    Any version of iOS >= 5.1.1
    No Support for Jailbreaking (warranty void?)
    h6p://jailbreak-me.info/

    SoWware
    Windows / Linux / OS X
    SecurityTube.net

    Can I follow the course without a device?


    Absolutely!
    Will not be able to do the demos
    Concept Oriented and Prac?cal
    will not be boring to watch J

    SecurityTube.net

    iOS
    iPhone

    iOS Opera?ng System

    iPad

    iPod

    SecurityTube.net

    What is iOS really?

    h6p://en.wikipedia.org/wiki/IOS

    SecurityTube.net

    Is iOS Open Source?

    h6p://opensource.apple.com/
    SecurityTube.net

    Only Selected Components

    h6p://opensource.apple.com/release/ios-601/
    SecurityTube.net

    Does it look any dierent than Linux?


    Lets login to an Jailbroken iPhone

    SecurityTube.net

    SecurityTube iOS Security Expert

    Online Training: h6p://www.Securitytube-Training.com

    SecurityTube.net

    iOS Applica?on Basics


    Vivek Ramachandran
    Founder, SecurityTube.net
    Training: h6p://securitytube-training.com

    SecurityTube.net

    iXXX

    Applica?ons

    Opera?ng System (iOS)

    Hardware

    SecurityTube.net

    iOS Applica?ons

    SecurityTube.net

    How does one Develop iOS Applica?ons?


    Xcode using Objec?ve-C

    iPhone / iPad simulator

    Run on actual device to test


    SecurityTube.net

    HelloWorld
    Customary Hello World Program

    SecurityTube.net

    SecurityTube iOS Security Expert

    Online Training: h6p://www.Securitytube-Training.com

    SecurityTube.net

    MVC and Event Driven


    Architecture
    Vivek Ramachandran
    Founder, SecurityTube.net
    Training: h6p://securitytube-training.com

    SecurityTube.net

    SecurityTube iOS Security Expert

    SecurityTube.net

    ARM Processor


    SecurityTube.net

    iDevice Processors
    SoC System on a Chip
    iDevices
    License ARM cores (< iPhone 5)
    License ARM instruc?on set to build own code (>
    iPhone 5)

    h6p://www.anandtech.com/show/6292/
    iphone-5-a6-not-a15-custom-core
    SecurityTube.net

    ARM anyone?

    h6p://en.wikipedia.org/wiki/ARM_architecture

    SecurityTube.net

    Demo
    A6aching to a Running Program
    View disassembly

    SecurityTube.net

    SecurityTube iOS Security Expert

    Online Training: h6p://www.Securitytube-Training.com

    SecurityTube.net

    iOS Security Mechanisms


    Pre6y much shrouded in mystery
    First public disclosure:
    h6p://images.apple.com/ipad/business/docs/
    iOS_Security_May12.pdf
    Talk at Blackhat 2012
    Rehash of the PDF above
    SecurityTube.net

    Security Architecture

    SecurityTube.net

    Source: Apple Inc.

    Secure Boot Chain

    Boot ROM

    LLB

    iBoot

    iOS Kernel

    SecurityTube.net

    Loading Trusted Applica?ons


    Code Signing

    iOS Kernel

    iOS Applica?on

    SecurityTube.net

    Applica?on Isola?on
    Code Signing

    Code Signing

    Applica?on 1

    Applica?on 2

    Sandbox

    Sandbox
    SecurityTube.net

    Data Encryp?on
    Hardware Crypto
    UID and GID keys

    Data and File Protec?on


    Keychain
    Keybags
    File Encryp?on

    SecurityTube.net

    Network Security
    Built in support for:
    SSL and TLS
    VPN
    Wi
    Enterprise (EAP-TLS, TTLS, PEAP etc.)

    Bluetooth

    SecurityTube.net

    Why is this relevant to Applica?on


    Pentes?ng?
    How can you audit an applica?on if the plakorm
    has so many restric?ons?
    How do you gain access to the lesystem?
    How do decrypt data from keychain, le etc.?
    How do you monitor the applica?on while it is
    running?
    SecurityTube.net

    Você também pode gostar