Index
A
- Address Space Layout Randomization (ASLR)
- about / Analyzing iOS binary
- Address space layout randomization (ASLR)
- about / Lack of binary protections
- Aircrack-ng
- Apple Developer Program
- Apple File Conduit 2
- application development
- apps
- installing, on iDevice / Installing apps on iDevice
- appSearch
- about / Installing utilities on iDevice
- App Store
- AppSync
- installing / Installing utilities on iDevice
- APT 0.6 Transitional
- installing / Installing utilities on iDevice
B
- bind TCP shell
- creating / Shell bind TCP for iOS
- bubbsie application
- Burp Proxy / Intercepting traffic over HTTP
- Burp Suite
C
- class-dump-z
- installing / Installing utilities on iDevice
- URL / Installing utilities on iDevice
- about / Decrypting unsigned iOS applications
- Clutch
- code
- analyzing, with reverse engineering / Analyzing code by reverse engineering
- Core Data
- insecure storage / Insecure storage in Core Data
- Cycript
- installing / Installing utilities on iDevice
- URL / Pentesting using iOS Simulator
- used, for dynamic analysis / Dynamic analysis using Cycript
- reference link / Dynamic analysis using Cycript
- Cydia
- sources, adding to / Adding sources to Cydia
D
- data backup acquisition
- performing / Data backup acquisition
- data leakage
- demonstrating / Data leakage via application screenshot
- Device Firmware Upgrade (DFU) mode
- about / Physical acquisition
- device logs
- application sensitive data, leaking / Device logs leaking application sensitive data
- dynamic analysis
- with Cycript / Dynamic analysis using Cycript
- performing, on iOS simulator / Dynamic analysis on iOS Simulator
E
- Elcomsoft iOS Forensic Toolkit (EIFT)
- Elcomsoft Phone Breaker
- Erica Utilities
- installing / Installing utilities on iDevice
- exploitation lab
- setting up / Setting up exploitation lab
F
- FileZilla
- about / Transferring files to iDevice
- Fuxi Qin jailbreak utility
- about / Jailbreaking iDevice
H
- Health Insurance Portability and Accountability Act (HIPAA)
- about / Insecure data storage
- Hierarchical File System (HFS)
- about / The iOS filesystem
- Hopper Disassembler
- HSFX filesystem
- about / The iOS filesystem
- HTTP
- traffic interception / Intercepting traffic over HTTP
- HTTPS
- traffic interception / Intercepting traffic over HTTPS
I
- idb tool
- installing / Installing idb tool
- URL / Installing idb tool
- about / Data leakage via application screenshot
- using / Analyzing iOS binary
- iDevice
- about / Basics of iOS and application development
- iOS app, running / Running apps on iDevice
- jailbreaking / Jailbreaking iDevice
- sources, adding to Cydia / Adding sources to Cydia
- connecting with / Connecting with iDevice
- files, transferring to / Transferring files to iDevice
- connecting, VNC used / Connecting to iDevice using VNC
- utilities, installing / Installing utilities on iDevice
- apps, installing / Installing apps on iDevice
- converting, to pentesting device / Converting iDevice to a pentesting device
- iExplorer
- iFunbox
- iGoat app
- about / Installing apps on iDevice
- insecure data storage
- insecure storage
- in PLIST files / Insecure data in the plist files
- in NSUserDefaults / Insecure storage in the NSUserDefaults class
- in SQLite database / Insecure storage in SQLite database
- in Core Data / Insecure storage in Core Data
- in keychain / Insecure storage in keychain
- iOS
- basics / Basics of iOS and application development
- bind TCP shell, creating / Shell bind TCP for iOS
- reverse TCP shell, creating / Shell reverse TCP for iOS
- iOS app
- developing / Developing your first iOS app
- running, on iDevice / Running apps on iDevice
- MVC design / iOS MVC design
- application, signing / iOS application signing
- iOS applications
- SQL injection / SQL injection in iOS applications
- iOS application sandboxing
- about / iOS application sandboxing
- iOS backdoor
- creating / Creating iOS backdoor
- iOS binary
- analyzing / Analyzing iOS binary
- hardening, against reverse engineering / Hardening binary against reverse engineering
- iOS filesystem
- about / The iOS filesystem
- iOS forensics
- about / Basics of iOS forensics
- case study / Basics of iOS forensics
- iOS forensics tools
- about / iOS forensics tools walkthrough
- Elcomsoft iOS Forensic Toolkit (EIFT) / Elcomsoft iOS Forensic Toolkit (EIFT)
- open source / Open source and free tools
- free tools / Open source and free tools
- open source tools / Open source and free tools
- iOS secure boot chain
- about / iOS secure boot chain
- iOS security model
- about / iOS security model
- URL / iOS security model
- key features / iOS security model
- iOS Simulator
- traffic interception / Intercepting traffic of iOS Simulator
- iOS simulator
- used, for pentesting / Pentesting using iOS Simulator
- dynamic analysis, performing / Dynamic analysis on iOS Simulator
- IPA Installer
- installing / Installing utilities on iDevice
- iPhone
- hardware / The iPhone hardware
- iPhone Backup Extractor
- about / Open source and free tools
- iPhone Password Breaker
- about / Data backup acquisition
J
- jailbreak
- need for / Need for jailbreaking
- about / What is jailbreak?
- tethered jailbreak / Types of jailbreaks
- untethered jailbreak / Types of jailbreaks
- software requisites / Hardware and software requirements
- hardware requisites / Hardware and software requirements
- of iDevice / Jailbreaking iDevice
- URL / Jailbreaking iDevice
K
- keyboard cache
- sensitive data, capturing / Keyboard cache capturing sensitive data
- keychain
- insecure storage / Insecure storage in keychain
L
- ldid utility
- about / Shell bind TCP for iOS
- Low Level Bootloader (LLB)
- about / Physical acquisition
M
- man-in-the-middle (MITM) attacks
- method swizzling
- about / Dynamic analysis using Cycript
- Mobile Security Framework (MobSF)
- about / Analyzing iOS binary
- MobileTerminal
- installing / Installing utilities on iDevice
- Model-View-Controller (MVC)
- about / iOS MVC design
- Model / iOS MVC design
- View / iOS MVC design
- Controller / iOS MVC design
- msftguy
- about / Physical acquisition
N
- NSUserDefaults
- insecure storage / Insecure storage in the NSUserDefaults class
O
- object-relational mapping (ORM)
- about / Insecure storage in Core Data
- Objective-C
- operating modes
- normal mode / Physical acquisition
- Device Firmware Upgrade (DFU) mode / Physical acquisition
- recovery mode / Physical acquisition
- OS X operating system
- OWASP Mobile Top Ten
- about / OWASP Top 10 Mobile Risks
- reference link / OWASP Top 10 Mobile Risks
- weak server-side controls / Weak server-side controls
- insecure data storage / Insecure data storage
- insufficient transport layer protection / Insufficient transport layer protection
- side channel data leakage / Side channel data leakage
- poor authorization / Poor authorization and authentication
- poor authentication / Poor authorization and authentication
- broken cryptography / Broken cryptography
- client-side injection / Client-side injection
- security decisions, via untrusted input / Security decisions via untrusted input
- improper session handling / Improper session handling
- lack of binary protections / Lack of binary protections
P
- Pangu jailbreak
- pasteboard
- about / Pasteboard leaking sensitive information
- General pasteboard / Pasteboard leaking sensitive information
- Find pasteboard / Pasteboard leaking sensitive information
- Custom pasteboard / Pasteboard leaking sensitive information
- data leakage, demonstrating / Pasteboard leaking sensitive information
- Payment Card Industry Data Security Standard (PCI DSS)
- about / Insecure data storage
- penetration testing (pentesting)
- pentesting
- iOS simulator, using / Pentesting using iOS Simulator
- pentesting device
- iDevice, converting to / Converting iDevice to a pentesting device
- physical acquisition
- performing / Physical acquisition
- PLIST files
- insecure data / Insecure data in the plist files
- plutil
- about / Installing utilities on iDevice
- ptrace function
R
- reverse engineering
- used, for analyzing code / Analyzing code by reverse engineering
- iOS binary, hardening against / Hardening binary against reverse engineering
- reverse TCP shell
- creating / Shell reverse TCP for iOS
- runtime analysis
- with Snoop-it / Runtime analysis using Snoop-it
S
- signed iOS applications
- decrypting / Decrypting signed iOS applications
- Snoop-it
- used, for runtime analysis / Runtime analysis using Snoop-it
- SQLCipher
- SQL injection
- in iOS applications / SQL injection in iOS applications
- SQLite3
- installing / Installing utilities on iDevice
- SQLite database
- insecure storage / Insecure storage in SQLite database
- SSL Kill Switch
- about / Bypassing SSL pinning
- SSL pinning
- bypassing / Bypassing SSL pinning
- Swift
T
- tethered jailbreak
- about / Types of jailbreaks
- third-party applications
- installing / Installing third-party applications
- traffic interception
- over HTTP / Intercepting traffic over HTTP
- over HTTPS / Intercepting traffic over HTTPS
- of iOS Simulator / Intercepting traffic of iOS Simulator
U
- UIkit framework
- about / iOS MVC design
- Universal Forensic Extraction Device (UFED)
- about / iOS forensics tools walkthrough
- universally unique identifier (UUID)
- about / Installing apps on iDevice
- unsigned iOS applications
- decrypting / Decrypting unsigned iOS applications
- untethered jailbreak
- about / Types of jailbreaks
- Unzip
- installing / Installing utilities on iDevice
- utilities
- installing, on iDevice / Installing utilities on iDevice
- Erica Utilities / Installing utilities on iDevice
- class-dump-z / Installing utilities on iDevice
- AppSync / Installing utilities on iDevice
- IPA Installer / Installing utilities on iDevice
- MobileTerminal / Installing utilities on iDevice
- APT 0.6 Transitional / Installing utilities on iDevice
- Unzip / Installing utilities on iDevice
- SQLite3 / Installing utilities on iDevice
- Cycript / Installing utilities on iDevice
- idb tool, installing / Installing idb tool
V
- Veency
- about / Connecting to iDevice using VNC
- VNC
- used, for connecting iDevice / Connecting to iDevice using VNC
W
- Waze
- web API attack
- demonstrating / Web API attack demo
- WinSCP
- about / Transferring files to iDevice
- Wired Equivalent Privacy (WEP)
X
- Xcode