Books & Videos

Table of Contents

  1. Chapter 1 Everything You Know Is Wrong

    1. The Myth of a Monoculture

    2. The iOS Security Model

    3. Storing the Key with the Lock

    4. Passcodes Equate to Weak Security

    5. Forensic Data Trumps Encryption

    6. External Data Is at Risk, Too

    7. Hijacking Traffic

    8. Trust No One, Not Even Your Application

    9. Physical Access Is Optional

    10. Summary

  2. Hacking

    1. Chapter 2 The Basics of Compromising iOS

      1. Why It’s Important to Learn How to Break Into a Device
      2. Jailbreaking Explained
      3. End User Jailbreaks
      4. Compromising Devices and Injecting Code
      5. Exercises
      6. Summary
    2. Chapter 3 Stealing the Filesystem

      1. Full Disk Encryption
      2. Copying the Live Filesystem
      3. Copying the Raw Filesystem
      4. Exercises
      5. The Role of Social Engineering
      6. Summary
    3. Chapter 4 Forensic Trace and Data Leakage

      1. Extracting Image Geotags
      2. SQLite Databases
      3. Reverse Engineering Remnant Database Fields
      4. SMS Drafts
      5. Property Lists
      6. Other Important Files
      7. Summary
    4. Chapter 5 Defeating Encryption

      1. Sogeti’s Data Protection Tools
      2. Extracting Encryption Keys
      3. Decrypting the Keychain
      4. Decrypting Raw Disk
      5. Decrypting iTunes Backups
      6. Defeating Encryption Through Spyware
      7. Exercises
      8. Summary
    5. Chapter 6 Unobliterating Files

      1. Scraping the HFS Journal
      2. Carving Empty Space
      3. Commonly Recovered Data
      4. Summary
    6. Chapter 7 Manipulating the Runtime

      1. Analyzing Binaries
      2. Encrypted Binaries
      3. Abusing the Runtime with Cycript
      4. Exercises
      5. Summary
    7. Chapter 8 Abusing the Runtime Library

      1. Breaking Objective-C Down
      2. Disassembling and Debugging
      3. Malicious Code Injection
      4. Injection Using Dynamic Linker Attack
      5. Summary
    8. Chapter 9 Hijacking Traffic

      1. APN Hijacking
      2. Simple Proxy Setup
      3. Attacking SSL
      4. Attacking Application-Level SSL Validation
      5. Hijacking Foundation HTTP Classes
      6. Analyzing Data
      7. Driftnet
      8. Exercises
      9. Summary
  3. Securing

    1. Chapter 10 Implementing Encryption

      1. Password Strength
      2. Introduction to Common Crypto
      3. Master Key Encryption
      4. Geo-Encryption
      5. Split Server-Side Keys
      6. Securing Memory
      7. Public Key Cryptography
      8. Exercises
    2. Chapter 11 Counter Forensics

      1. Secure File Wiping
      2. Wiping SQLite Records
      3. Keyboard Cache
      4. Randomizing PIN Digits
      5. Application Screenshots
    3. Chapter 12 Securing the Runtime

      1. Tamper Response
      2. Process Trace Checking
      3. Blocking Debuggers
      4. Runtime Class Integrity Checks
      5. Inline Functions
      6. Complicating Disassembly
      7. Exercises
    4. Chapter 13 Jailbreak Detection

      1. Sandbox Integrity Check
      2. Filesystem Tests
      3. Page Execution Check
    5. Chapter 14 Next Steps

      1. Thinking Like an Attacker
      2. Other Reverse Engineering Tools
      3. Security Versus Code Management
      4. A Flexible Approach to Security
      5. Other Great Books