With the release of iOS 14 and 15 Apple has not only raised the bars in terms of kernel level security but they have also made improvements in regards to protecting userspace applications from being exploited and added mitigations that make post exploitation more difficult. This course will give trainees with an already existing background knowledge in exploitation a complete introduction into the specifics of targetting iOS applications or daemons. In particular popular targets like XPC services, WebKit/MobileSafari and iMessage will be covered.
This training will be held virtually in April 2022 via Zoom Sessions with support via a Discord server. It will be perfomed twice to allow trainees accross different timezones to attend the course. For 5 days there will be daily live training sessions around 5h in length. In addition to that all trainees will receive 1-2 weeks before the course a multi hour set of introduction videos they need to work through before the course. This course is targeted at security researchers that want to learn how to find and exploit userpace vulnerabilities in iOS 14 and 15.
The course will require trainees to have an own iOS device that is jailbroken on iOS 14 or iOS 15. A device compatible with the checkra1n iOS 14 jailbreak might be best. If checkra1n is available for iOS 15 devices until the course then this is also acceptable. Alternatively MacOS ARM64 devices can be used to perform hands on tasks.
The following list of topics shows what is usually covered by the course.
The training sessions will be held via Zoom video conferencing. Training sessions will be around 5 hours per training day. In addition to that trainees will get access to a few hours worth of introductory videos.
Furthermore trainees get access to a Discord server that will be used to post information regarding the training and will be used to discuss exercises and their solution, unless those will be covered via Zoom.
All training sessions will be recorded and made available as videos until 5 days after the training. During that time trainees can rewatch sessions as often as they want.
We offer this training in an EU/North America edition and in an APAC timezone edition. For other timezones please enquire. Unlike in person training courses when all attendees are present and share the same timezone the execution of online training courses requires some adjustments to be made to allow attendees accross different timezones to attent.
|17:00 - 22:00
|16:00 - 21:00
|08:00am - 01:00pm
|Seattle / Vancouver
|11:00am - 04:00pm
|New York / Montreal
|01:00pm - 06:00pm
|02:00pm - 07:00pm
|02:00pm - 07:00pm
|03:00pm - 08:00pm
|07:00 - 12:00
Please note that training times will be in afternoon for APAC edition because trainer might be in Germany during that time.
Payment will be possible via international bank transfer or via credit card featured by STRIPE. Please note that we will usually charge EU customers in EUR and the rest of the world in SGD. On request we can charge in USD.
If you have further questions or want to register for this training please contact us by e-mail firstname.lastname@example.org. Please notice that signup, billing and execution of the training is handled by Antid0te SG Pte. Ltd..
If you are interested in this training, but want us to perform the training for your people, want to feature our training at your online conference or would just like to know if we provide the training again at a later time please contact us by e-mail email@example.com.