Course Introduction
Basics of iOS Apps
Setting up iOS Pentesting lab
-
Introduction (0:51)
-
Challenges with iOS lab setup (5:36)
-
Lab setup using a Jailbroken iDevice (9:57)
-
Installing Vulnerable Apps on a Jailbroken iDevice (13:51)
-
Lab setup using a Non Jailbroken iDevice - Part 1 (4:08)
-
Lab setup using a Non Jailbroken iDevice - Part 2 (6:28)
-
Signing and Installing a third party application (3:30)
iOS Applciation Penetration Testing - Basics
-
Introduction (0:59)
-
Introduction to iOS Application Pentesting (2:08)
-
Introduction to iOS traffic analysis (9:23)
-
Insecure Local Data Storage vulnerabilities (10:58)
-
Insecure Local Data Storage vulnerabilities - Non Jailbroken devices (5:48)
-
Dumping secrets from keychain (6:25)
-
Introduction to server side vulnerabilities - Part 1 (1:32)
-
Introduction to server side vulnerabilities - Part 2 (3:03)
-
Introduction to client side vulnerabilities (0:51)
-
Authorization Vulnerabilties (6:56)
-
Insecure Logging (2:17)
-
23.pasteboard (1:49)
-
WebView XSS (1:38)
iOS Application Penetration Testing - Advanced
-
Introduction (1:25)
-
Decrypting iOS Applications downloaded from App Store (6:34)
-
Introducing SecureStorev2 (7:01)
-
Dumping class information (5:37)
-
Jailbreak detection bypass using Objection (4:12)
-
Revisiting Insecure Local Data Storage (2:31)
-
Revisiting Traffic Analysis (3:16)
-
Introduction to Frida (1:08)
-
Introduction to Frida CLI (2:33)
-
Introduction to frida-trace (5:31)
-
Writing Frida scripts to trace http calls (14:15)
-
Introduction to end to end encryption (8:30)
-
Tracing crypto calls and dealing with end-to-end encryption (12:22)
-
Using objection to dump crypto keys (3:53)
-
Dumping heap using objection (3:06)
-
Introduction to Hopper (0:49)
-
Bypassing jailbreak detection using Hopper - iOS Application Patching (13:34)
-
Introduction to SSL Pinning (4:36)
-
iOS Application Patching - Bypassing SSL Pinning using Hopper (6:48)
Conclusion
