Welcome to my 8th blog post on “iOS Application Security Testing Series”. You can find Part 7 here. In this article, we will look at analyzing the memory contents of an iOS application using Fridump which uses Frida framework, an excellent framework if you don’t know you should give it a… Read more »
Welcome to my 7th blog post on “iOS Application Security Testing Series”. You can find Part Six here. One of the most painstaking aspects of testing against an iOS Application is the efforts of decrypting the application. In this article, I would like to go over an easy way of turning a painful Black Box testing… Read more »
Welcome to my second article on “Mobile Forensics”. You can find the Part 1 here. The second step in the forensic process is Acquisition. This is referring to retrieval of data from the device, unlike the process of acquiring a forensic image of PC which is a well-documented and usually straightforward task for a forensic… Read more »
Welcome to my 6th blog post on “iOS Application Security Testing Series”. You can find Part five here. In this article, we will look at application Re-sign and patching. In a previous blog post, we have looked at how we can hijack method implementations during runtime using Cycript or Frida. The idea… Read more »
Welcome to my very first article on “ iOS Forensics Series” . In this series I will provide information on mobile forensics, starting from the three main categories: seizure, acquisition, examination, and all the way to analysis. In this part, we shall cover seizure, and in the future parts of this series… Read more »
Welcome to part five of “iOS Application Security Testing Series” You can find the Part 4 here. In this article, I like to go over App Transport Security (ATS) from pen tester’s perspective. What does that mean exactly? First, I like to walk you through basic testing-related archaeology and help you set up the… Read more »
Welcome to my 4th blog post on “iOS Application Security Testing Series”. You can find Part Three here. In this article, we will look at applications Runtime analysis using Objection runtime Mobile Exploration toolkit, powered by Frida. We will look at how we can obtain information about a class (methods, instance variables) and modify them… Read more »
Welcome to my third article on “iOS Application Security Testing Series”. You can find Part Two here. In this article, we will look at applications that use Jailbreak Detection and Certificate Pinning as defenses – and how they can be bypassed. Is it a good idea to block execution on jailbroken… Read more »
Welcome to my second article on “iOS Application Security Testing Series”. You can find Part 1 here. Imagine a scenario where you, as an iOS Application Security Tester, are tasked with auditing an application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a… Read more »
Welcome to my article on “iOS Application Security Testing Series” In this series, I will provide information on iOS Application Security testing, starting from the Setting Up a Testing Environment for iOS Platform, all the way to Testing Data Storage, Cryptography, Authentication, Network Communication, and Reverse Engineering. In this part,… Read more »