About The Training

Training Title:

Advanced iOS Application Pentesting & Reverse Engineering

Training Schedule:

Start Date: 10 September 2025

End Date: 11 September 2025

Training Objectives:

iOS apps are everywhere, in banking, healthcare, messaging, and beyond and they are a prime target for attackers. Today, mobile apps hold everything from passwords to payments, making their security more critical than ever. This is a fast-paced, hands-on training that takes you deep into the world of iOS application pentesting and reverse engineering.

Across 2 intensive days, you’ll go far beyond theory. You’ll learn how to break into real iOS apps, manipulate them at runtime, bypass security features, and uncover vulnerabilities using advanced tools and techniques used by professionals in the field.

You won’t just watch, you will attack, analyze, and exploit real-world apps in a lab environment that mirrors live targets. This training is built around practical, repeatable skills you can apply immediately in pentesting, bug bounty hunting, or red teaming.

Course Content:

A focused 2-day training to build real-world skills in iOS app exploitation, dynamic analysis, and reverse engineering featuring live demo’s and pentest reports.

Day 1 – Foundations & Dynamic Analysis

Set up your environment, understand the inner workings of iOS apps, and learn how to interact with them using powerful tools.

iOS Internals & App Structure

• • Explore the iOS architecture (Core OS to Cocoa Touch)
• • Understand app sandboxing and how data is isolated
• • Dissect IPA files: Payload/, .app folder, Info.plist, entitlements, and frameworks

Jailbreaking Deep Dive

• • Understand jailbreak types: untethered, tethered, semi-tethered, rootless
• • Rootful vs rootless: what it means for testing
• • Jailbreaking tools: Checkra1n, Palera1n, Dopamine, Unc0ver, Chimera
• • Physical Device vs emulator (Corellium)
• • Spot and avoid fake jailbreak tools

Essential Toolkit Setup

• • Master dynamic instrumentation with Frida and Objection
• • Perform static analysis with MobSF, Ghidra, Otool, Plist Editor
• • Debug apps in real-time using LLDB
• • Use tools like TrollStore, AltStore, Sideloadly, and 3uTools for installation and filesystem access

IPA Installation & Extraction

• • Install IPAs on jailbroken and non-jailbroken devices
• • Extract apps using tools like IMazing, IPAtool, AppIndex, and Filza

Advanced Pentesting Techniques

• • Write custom Frida scripts to hook and manipulate app behavior
• • Bypass jailbreak detection with Shadow, Liberty Lite, Choicy, vnodebypass, and Frida-based runtime tweaks (15+ Tweaks/Toolkit)
• • Break SSL pinning using SSLKillSwitch2/3, Frida scripts, and native method hooking (Flutter, React Native, Xamarin, etc.) (10+ Tweaks/Toolkit)

Day 2 – Exploitation & Reverse Engineering

Apply advanced exploitation methods, decrypt apps, reverse engineering, and analyze real-world case studies with demos and reports

Local Storage Attacks

• • Extract and analyze sensitive data from:
  • • NSUserDefaults, CoreData, Keychain, SQLite
• • Perform memory dumps to retrieve secure app data

Deep Link Exploitation

• • Understand Universal Links vs Custom URL Schemes
• • Fuzz inputs to bypass auth checks or invoke unintended actions

Authentication and Biometric Bypass

• • Hook biometric functions (Touch ID/Pin code) to return success
• • Bypass local authentication and access restricted app features

Runtime Manipulation

• • Modify return values and app logic on the fly using Frida
• • Skip login flows, unlock hidden/premium features
• • Test app behaviour without modifying binaries

Decryption & Reversing

• • Decrypt iOS apps using Frida-ios-dump, TrollDecrypt, CrackerXI+
• • Reverse engineer with Hopper, Ghidra, and IDA Free
• • Understand control flow, logic, and hidden functionality

LLDB Debugging

• • Use LLDB to set breakpoints, inspect memory, trace function calls
• • Patch running apps for live testing and bypassing protections

Real-World Case Studies

• • Walk through redacted responsible disclosure reports
• • Analyze real pentest findings from production iOS apps
• • Learn from common developer mistakes and misconfigurations

Key Takeaways:

• • Learn hands-on, how to test, analyze, and break iOS apps
• • Use professional tools like Frida, Objection, LLDB, and Ghidra effectively
• • Write custom Frida scripts to bypass
• • Decrypt, disassemble, and debug iOS binaries with confidence
• • Apply real techniques and tools immediately

Why should people attend your course?

Because iOS apps aren’t secure by default and attackers know it. But most security professionals don’t know how to properly test them.

This training teaches real-world iOS app exploitation, not just theory. Attendees will learn how to:

• • Break into iOS apps using Frida, LLDB, Objection, and other industry-grade tools
• • Bypass security controls like SSL pinning, jailbreak detection, and biometric locks
• • Reverse engineer and decrypt apps without source code
• • Analyze real vulnerabilities found in production apps and bug bounty reports

With focus on hands-on labs, custom scripting, and live debugging, this training gives participants the skills they need to assess iOS apps confidently and effectively, whether for iOS application pentesting, bug bounties or red teaming

Attendee Requirements:

To get the most out of this training, students should have:

• • Basic knowledge of web or mobile app security
• • Comfortable using the command line (Linux/macOS)
• • Interest in iOS security or reverse engineering
• • Motivation to learn and try hands-on tools

Optional but helpful:

• • Access to a jailbroken iPhone or a Corellium emulator
• • Some experience with tools like Frida, Objection MobSF, or Ghidra

Who Should Take This Course?

This course is built for security professionals who want to master iOS application exploitation. It’s a perfect fit for:

• • Pentesters expanding into mobile app assessments
• • Bug bounty hunters targeting iOS applications
• • Security researchers focused on reverse engineering and runtime attacks
• • Red teamers looking for stealthy mobile techniques
• • Mobile app developers who want to understand how attackers think

If you’re comfortable with basic vulnerabilities and ready to level up your skills with real-world tools and techniques, this course is for you.

Speaker Details:

Abida Shariff

Lead Security Engineer, RedSentry

Bio:

Abida Shariff is a cybersecurity professional with over 5 years of hands-on experience in cybersecurity and penetration testing. She holds both Bachelor's and Master's degree in Cybersecurity and has worked across a wide range of domains, from web applications, mobile app security (iOS & Android) to cloud, infrastructure, and red teaming. Abida is currently heading a talented team of security researchers at RedSentry, where she leads advanced testing engagements and helps organizations stay protected. She holds certifications including OSCP, eJPT, CEH, and CCNA, and has led numerous successful security assessments for organizations worldwide

Social Media Handles:

Email: abidashariff1@gmail.com

LinkedIn: https://www.linkedin.com/in/abidashariff/

Twitter/X: https://x.com/BawseOne