Loading…
View analytic
Wednesday, November 20 • 12:00pm - 12:50pm
BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors

Sign up or log in to save this to your schedule and see who's attending!

Video of session:
https://www.youtube.com/watch?v=Ef_YeULnw1k&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=8

The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit toys, there can be stregnth in numbers. Join us as we explore what actually needs to be done in a mobile assessment and how we can do it right from our SSH prompt on our iOS device. Our tool is simple yet effective and as you learn to do mobile assessments you'll also teach yourself the fundamentals of the OWASP Mobile Top 10. Topics explored will be binary analysis, app decryption, data storage, endpoint parsing, class inspection, file monitoring, and more! Heck we might even release some sort of ghetto BASH Obj-c source parser!

Speakers
avatar for Jason Haddix

Jason Haddix

Head of Penetration Testing, Fortify
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website... Read More →
avatar for Dawn Isabel

Dawn Isabel

HP ShadowLabs
Dawn Isabel is currently a Mobile Security Consultant at HP ShadowLabs, where she tests iOS and Android applications and develops in-house tools for static and dynamic analysis of mobile apps. Prior to that, she designed and ran a penetration testing service at the University of Michigan... Read More →


Wednesday November 20, 2013 12:00pm - 12:50pm
Salon 1 (5th Floor Ballroom) NY Marriott Marquis

Attendees (0)