BASHing iOS Applications
Dawn Isabel, Jason Haddix at AppSec USA 2013
The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit toys, there can be stregnth in numbers. Join us as we explore what actually needs to be done in a mobile assessment and how we can do it right from our SSH prompt on our iOS device. Our tool is simple yet effective and as you learn to do mobile assessments you'll also teach yourself the fundamentals of the OWASP Mobile Top 10. Topics explored will be binary analysis, app decryption, data storage, endpoint parsing, class inspection, file monitoring, and more! Heck we might even release some sort of ghetto BASH Obj-c source parser!
Speakers
Jason Haddix
Head of Penetration Testing, Fortify
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security. I also write articles for security publications...
Dawn Isabel
HP ShadowLabs
Dawn Isabel is currently a Mobile Security Consultant at HP ShadowLabs, where she tests iOS and Android applications and develops in-house tools for static and dynamic analysis of mobile apps. Prior to that, she designed and ran a penetration testing service at the University of Michigan, and developed Python automation for vulnerability management with Nessus. Dawn was team lead of the Computer Incident Response Team (CIRT) at Ford Motor Company and developed global standards for incident...
Speakers
Jason Haddix
Head of Penetration Testing, Fortify
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security. I also write articles for security publications...
Dawn Isabel
HP ShadowLabs
Dawn Isabel is currently a Mobile Security Consultant at HP ShadowLabs, where she tests iOS and Android applications and develops in-house tools for static and dynamic analysis of mobile apps. Prior to that, she designed and ran a penetration testing service at the University of Michigan, and developed Python automation for vulnerability management with Nessus. Dawn was team lead of the Computer Incident Response Team (CIRT) at Ford Motor Company and developed global standards for incident...