
1. Lab Setup
1.1. Weak Cryptography
1.1.1. Data Protection API
1.1.2. Weak Hashing & Encryption
1.1.3. Poor key management process
1.1.4. Use of custom encryption protocols
1.2. JailBroken Device
1.3. Cydia
1.3.1. 1. MTerminal 2. Substrate Safe Mode 3. OpenSSH 4. IPA Installer 5. BigBoss Recommended Tools 6. Network Commands 7. Bootstrap commands 8. Developer -cmds 9. Filza 10. Make 11. Nano 12. Apple Find Conduct Tool 13. House Arrest Fix 14. PreferencesLoader
1.4. Class Dump
1.5. Frida-iOS-dump
2. Application Installation
2.1. Using IPA File
2.2. Using .app File
2.3. Decrypting App
3. iOS Security Model & Legacy Issue
3.1. JailBroken Detection & Sandboxing
3.2. SSL Unpinning
3.3. Use of Disabling certificate validation
3.4. ASLR/PIE Flag Check
3.5. Format Strings
3.6. Buffer Overflows & Stack
4. Unintended Data Leakage
4.1. NSLog / Apple System Log
4.1.1. Integer Overflow & Heap
4.2. Application Backgrounding / Snapshots
4.3. Cache Prediction
4.4. Clipboard
4.5. Pastebin
4.6. GitHub
4.7. Keylogging & AutoCorrection Database
4.8. State Preservation
5. Insecure Data Storage
5.1. iOS Directory Structure
5.2. In Sqlite Database
5.3. In Info.plist
5.4. Core Framework
5.5. Keychain
6. Reverse Engineering / Debugging
6.1. Unauthorized Code Modification
6.2. Insecure version of OS Installation Allowed
7. Interprocess Communication
7.1. Scheme
7.1.1. Custom Scheme
7.1.2. Universal Link
7.2. Sharing Data with UIActivity
7.3. Application Extension
7.3.1. Exploit of Pasteboard
7.3.2. Restricting and Validating Shareable Data
8. iOS Networking
8.1. iOS URL Loading System
8.2. NSURLSession
8.3. Proxy Configure/SSL Pinning
9. Web-Based Exploitation
9.1. Abuse UIWebView
9.2. Risk of Javascript Cocoa Bridge
10. Runtime / Dynamic Analysis
10.1. Using Hopper
10.2. Method Swizzling & Categories
10.3. Callback & Blocks
10.4. Client Side Attack
10.4.1. Sql Injection
10.4.2. Cross-site Scripting
10.4.3. Prediction Injection
10.4.4. XML Injection
10.4.5. Application Level DOS
10.5. Broken Authentication & Session Management
10.5.1. Session Terminating after Password Reset
10.5.2. Expired Token can be reused
10.5.3. Authentication Bypass using Success Response
10.5.4. OAuth Flow & 2FA Bypass
10.5.5. Cleartext Tranmission
10.6. Broken Access Control (BAC)
10.6.1. SSRF
10.6.2. Prev Escalation & IDOR
10.6.3. Unauthorized API Call