PRESENTATION:
|
Beyond the ’Cript: Practical iOS Reverse Engineering
|
PRESENTER(S):
|
Michael Allen, Security Consultant for IOActive
|
CONFERENCE:
|
|
LOCATION:
|
Washington D.C.
|
DATE & TIME:
|
October 13, 2016 at 10:45AM ET
|
Today there is an app for almost everything. But all apps come with security vulnerabilities, many of which have been relatively easy to find with the help of increasingly available frameworks. So developers are now generally better about hardening apps against the most common issues using jailbreak detection and best practices, and many of the known “low hanging” security issues are resident less frequently.
But there are still vulnerabilities not as well known that can only be found with a deeper knowledge of iOS and its underlying assembly code. The aim of this talk is to provide a bridge between the mundane methodologies and vulnerabilities that are easy to find, and a new approach for identifying vulnerabilities that require assembly knowledge to discover.
This talk, given by Michael Allen, will include fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and conclude with real-world examples involving bypassing jailbreak detection routines.
About Michael Allen
Michael E. Allen is a security consultant at IOActive with more than ten years of experience in the Information Security industry. His primary interests are in programming, exploit development, and reverse engineering. Mr. Allen has extensive skills in design, implementation, enhancement, testing, maintenance, and support of a myriad of software instances. He’s adept in both testing software, as well as assisting development teams with the implementation of software protection mechanisms.
About AppSecUSA 2016
OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. AppSec USA is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices. Attendees will be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle challenges in innovative ways.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###