Clone of . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

6.8 KiB

Attacking & Defending iOS

Link Title

Hacking Your Way Up The Mobile Stack


Cull Hardening Guides Techniques Training & Tutorials Security Testing Methodologies General Research Papers Reverse Engineering Jailbreaking


Title Link
iOS 678 Security - A Study in Fail
Jailbreak Stories - Cyril Cattiaux(pod2g) - WWJC 2014
Mobile self-defense - Karsten Nohl
Pentesting iOS Applications - Pentester Academy - Paid Course - This course focuses on the iOS platform and application security and is ideal for pentesters, researchers and the casual iOS enthusiast who would like to dive deep and understand how to analyze and systematically audit applications on this platform using a variety of bleeding edge tools and techniques.

List of Hardening Guides for iOS

Title Link
Excellent forum post detailing general security practices
Apple’s white paper on their security mechanisms built into iOS
University of Texas’s Checklist/Guide to securing iOS
Center for Internet Security Guide to securing iOS 7
Australian Signals Intel Guide to securing iOS 7
Excellent forum post detailing general security practices
Guide to hardening iOS with the goal of privacy


List of iOS Exploits


Title Link

Training & Tutorials

Title Link
Bypassing SSL Cert Pinning in iOS
Learning iOS Application Security - 34 part series - damnvulnerableiosapp
**iOS app designed to be vulnerable in specific ways to teach security testing of iOS applications.
Damn Vulnerable iOS App - Getting Started
OWASP iGOAT - “iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.”

iOS Security Testing Methodologies/Tools

Title Link
iPwn Apps: Pentesting iOS Applications - SANS

| iOS Application Security Testing Cheat Sheet | | idb - idb is a tool to simplify some common tasks for iOS pentesting and research. It is still a work in progress but already provides a bunch of (hopefully) useful commands. The goal was to provide all (or most) functionality for both, iDevices and the iOS simulator. For this, a lot is abstracted internally to make it work transparently for both environments. Although recently the focus has been more on supporting devices. | | idb project page | | idb - iOS Blackbox Pentesting - Daniel A Meyer | | **idb github page** |

General Research Papers

Title Link

Reverse Engineering

Title Link
IODIDE - The IOS Debugger and Integrated Disassembler Environment
Clutch - Fast iOS executable dumper
MEMSCAN - Dump iPhone app RAM - A Cigital consultant – Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to recover keys or secrets that are statically protected within the application but are less protected at runtime. Users can also use the utility to verify that keys and credentials are appropriately disposed of after use.
IOS Reverse Engineering toolkit


Title Link
Guide to hardening iOS with the goal of privacy
IPhoneDevWiki - “Our goal is to share the sum of all human[1] knowledge about jailbroken iOS development. In other words, this is a collection of documentation written by developers to help each other write extensions (tweaks) for jailbroken iOS, and you're invited to learn from it and contribute to it too.”
The iPhone Wiki** - The iPhone Wiki is an unofficial wiki dedicated to collecting, storing and providing information on the internals of Apple's amazing iDevices. We hope to pass this information on to the next generation of hackers so that they can go forth into their forebears' footsteps and break the ridiculous bonds Apple has put on their amazing mobile devices.
OWASP Jailbreaking Cheat Sheet

iOS Development

Title Link
imas - Defense for your iOS app - for developers