| PRESENTATION: | Beyond the ’Cript: Practical iOS Reverse Engineering |
| PRESENTER(S): |
Michael Allen, Security Consultant for IOActive
|
| CONFERENCE: | LASCON |
| LOCATION: | Norris Conference Center, Austin, TX |
| DATE & TIME: | November 4, 2016 at 1:00 PM |
Today there is an app for almost everything. But all apps come with security vulnerabilities, many of which have been relatively easy to find with the help of increasingly available frameworks. So developers are now generally better about hardening apps against the most common issues using jailbreak detection and best practices, and many of the known “low hanging” security issues are resident less frequently.
But there are still vulnerabilities not as well known that can only be found with a deeper knowledge of iOS and its underlying assembly code. The aim of this talk is to provide a bridge between the mundane methodologies and vulnerabilities that are easy to find, and a new approach for identifying vulnerabilities that require assembly knowledge to discover.
This talk will include fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and conclude with real-world examples involving bypassing jailbreak detection routines.
For more information on IOActive’s Security Services, please visit: http://www.ioactive.com/services/index.html
About Michael Allen
Michael E. Allen is a security consultant at IOActive with more than ten years of experience in the Information Security industry. His primary interests are in programming, exploit development, and reverse engineering. Mr. Allen has extensive skills in design, implementation, enhancement, testing, maintenance, and support of a myriad of software instances. He’s adept in both testing software, as well as assisting development teams with the implementation of software protection mechanisms.
About LASCON
The Lonestar Application Security Conference (LASCON) is an OWASP conference held annually in Austin, TX. It is a gathering of 400+ web app developers, security engineers, mobile developers and information security professionals. LASCON is held in Texas where more Fortune 500 companies call home than any other state and it is held in Austin which is a hub for startups in the state of Texas. At LASCON, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.