Overview
Explore iOS application security vulnerabilities and attack techniques in this comprehensive conference talk from Louisville InfoSec 2013. Dive into topics such as intercepting traffic, exploiting IProducts, utilizing Burp Suite, and understanding Activesync. Learn about certificate pinning, iOS 7 vulnerabilities, and Game Center privacy concerns. Discover how to proxy traffic, add friends, and extract email addresses using PowerShell scripts and Hashcat. Examine Passport and Passbook files, and gain insights into the Apple Developer Program. Conclude with an overview of SSL traffic bypass techniques and real-world attack examples.
Syllabus
Introduction
About Karl
Presentation Overview
Intercepting Traffic
How I
Products
Burp Suite
Activesync
CertPinning
Cardboard Box
Post Request
iOS 7 Broken
Game Center Email Hashes
What is Game Center
Privacy
Email Hashes
Proxying Traffic
Adding Friends
Request Friends
List Friends
Hit Profile Info
Email Addresses
PowerShell Script
Hashcat
Final Numbers
Passport
Passbook
Passbook Files
Apple Developer Program
Deployment
Attack Overview
Bypass SSL Traffic
Example Time
Contact Info