iOS Runtime Hacking Crash Course
Michael Gianarakis is a Managing Consultant in Trustwave’s SpiderLabs team where he manages the delivery of technical security services in the APAC region. Michael has been working in the security industry for the better part of a decade, previously holding positions at Securus Global, Ernst & Young and Deloitte. Specialising in application security, his work has assisted developers and organisations across most industry sectors secure their applications and platforms. Michael has presented at numerous industry events and meetups including YOW! OWASP and Ruxmon in Australia. This talk will provide a crash course in exploiting iOS applications through the manipulation of the Objective-C runtime. The aim is to provide practical examples (live demos!) of how to observe and manipulate the inner workings of applications on iOS to defeat security protections including jailbreak prevention, anti-debugging and certificate pinning, obtain credentials and other sensitive information and subvert business logic. The presentation will also touch on how these techniques may potentially be applied to exploit iOS applications written in Swift.