iOS Security Specialist Training

Currently, 75% of smartphone devices in the United States are running either iOS or Android. Training your personnel to keep smart phones and mobile devices secure is becoming more and more important. PaRaBaL’s experienced team of instructors are ready to provide the training your company needs to keep your facility and organization safe and secure.

Looking for Android Security Training?

Course Information:

Course Description

Our training provides an in depth into iPhone security: how to explore and address vulnerabilities throughout the device. Security professionals learn about device architecture, device forensics, application testing, device auditing, and most importantly, how to determine and mitigate vulnerabilities. Technical topics covered include specific hacker attacks, data transmission models, iOS directory structures, application code decompiling, and data protection. Participants will be part of a hands-on exercise involving an iPhone emulator and executing a penetration test where many of the course materials are used.

Prerequisite

A strong understanding of structured programming and data networking, including knowledge of security protocols.

Learning Outcomes:

• Knowledgeable in in HSPA, LTE, EV-DO, CDMA, and WiFi data transmissions.
• Create solid mobile data policies and procedures and prioritize missing polices that lead to vulnerabilities.
• Execute and quantify penetration testing on an iPhone using the emulator.
• Understand data harvesting techniques, and worms.
• iOS exploit prevention – Identify potential security deficiencies in network transmission models, and devices operating system and application software.
• Execute device forensics and understand where sensitive data is stored and accessed on the iPhone.
• Review third party software and apps that can comprise security and other software that enhances security.

Instructional Methods:

This course is taught using a variety of instructional tools including lecture, class discussions, printed material, and individual emulation projects.

Topics and Assignments

• Day 1. Policies and procedures, Securing the Wireless Network/ Vulnerabilities of the wireless network (part 1). Common policies and the impact to security; Data time slice stealing; Data handling differences between AT&T and Verizon; vulnerabilities with Proportional Fair
• Day 2. Securing the Wireless Network/Vulnerabilities of the wireless network (part 2). Securing the iPhone device (part 1). Understanding iPhone directory structure, iOS, log files, and other data housing directories; ActiveSync; Jailbreak and other development and security tools.
• Day 3. Securing the iPhone device (part 2). SSH; Installer.app; SMS; SQLite Database; iPhone emulator
• Day 4. Forensics – challenges with the iPhone, Auditing security and security products. Good Forensic Practices; Technical Processes; Disk Layout; Property Lists; Non-Apple hacking and security software
• Day 5. Emulator exercise (penetration test setup and execution), emulator test, and Q&A. Use an Emulator on a Mac bringing together instructional point covered throughout the week. Q&A on topics covered. One hour test to quantify the material retained.

Assessment Exercise: Penetration test setup and execution

This exercise will involve decompiling an iPhone app, examining the app for security holes, source code analysis, data protection, keyboard cache. The exercise will cover key iPhone components, SQLite, buffer overflows, directory management, cached files, property list files, and log files.

Training Resources

White paper:  PaRaBaL iOS vs Android White Paper

iPhone & iPad CyberSecurity Training Brochure (PDF)

iOS Exploitation & CyberSecurity Recorded Webinar

Save iOS 4.3b3 SHSH Blobs (taranfx.com)

launchd.plist OSX Manual Page (apple.com)