Overview
Explore a groundbreaking approach to iOS application security analysis in this conference talk from the Hack In The Box Security Conference. Delve into the challenges of iOS app testing, including the lack of source code and true emulation, as well as the limitations of standard tampering and injection attacks due to signed or encrypted communication. Learn about iNalyzer, a free open-source framework that revolutionizes iOS app security assessments by generating a Command & Control interface for Cycript. Discover how iNalyzer enables penetration testers to leverage the application itself as a testing tool against server-side functionality, eliminating the need for conventional proxies. Gain insights from Chilik Tamir, Chief Scientist at AppSec Labs, as he demonstrates how iNalyzer transforms the application into a spearhead for comprehensive server-side testing, offering a more efficient and effective method for iOS application security analysis.
Syllabus
#HITB2013AMS D2T2 Chilik Tamir - iNalyzer: No More Blackbox iOS Analysis
Taught by
Hack In The Box Security Conference