IOS安全学习资料汇总(1)IOS安全学习网站收集:https://samdmarshall.comhttps://www.exploit-db.comhttps://reverse.put.ashttps://highaltitudehacks.com/security/https://www.dllhook.com/http:///www.securitylear.et/archives/https://securitycompass.github.io/iPhoeLabs/idex.htmlhttps://security.ios-wiki.comhttps://www.opesecuritytraiig.ifo/ItroARM.htmlhttps://truesecdev.wordpress.com/https://resources.ifosecistitute.com/ios-applicatio-security-part-1-settig-up-a-mobile-petestig-platform/https://esoftmobile.com/2014/ 02/14 /ios-security/https://bbs.iosre.comhttps://bbs.chiapyg.comhttps://blog.pagu.io/https://yosm.et/http://iaxi。净/https://cocoahuke.com/https://blog.0xbbc.comhttps://blog.imaou.com/https://github.com/padazheg/iOSAppReverseEgieerighttps://drops.wooyu.orghttps://bbs.pediy.comhttp://www.blogfshare.com/https://github.com/michalmalik/osx-re-101https://blog.qwertyoruiop.com/https://github.com/secmobi/wiki.secmobi.comhttp://cotagioexchage.blogspot.com/https://cotagiomiidump.blogspot.com/https://github.com/secmobihttps://www.owasp.org/idex.php/OWASP_Mobile_Security_Project#tab=Guide_Developmet_Projecthttp://blog.dorea.u/2014/10/29/howto-ios-apps-static-aalysis/https://www.dllhook.com/post/58.htmlhttps://thexploit.com/category/secdev/https://github.com/secmobi/wiki.secmobi.comhttps://github.com/mdsecresearchhttps://sectools.org/tag/os-x/https://googleprojectzero.blogspot.com/http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-ad-iphoe-sadbox.htmlhttps://www.macexploit.com/https://code.google.com/p/google-security-research/issues/list?ca=1&q=iOS&sort=-id&colspec=ID%20Type%20Status%20Priority%20Milestoe%20Ower%20Summaryhttps://code.google.com/p/google-security-research/issues/list?ca=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestoe+Ower+Summary&cells=tileshttps://googleprojectzero.blogspot.com/2014/11/pw4fu-sprig-2014-safari-part-ii.htmlhttps://www.blackhat.com/docs/us-15/materials/us-15-Lei-Optimized-Fuzzig-IOKit-I-iOS-wp.pdfhttps://www.youtube.com/watch?v=rxUgw5bEG3Yhttps://www.theiphoewiki.com/wiki/固件https://www.trustedbsd.org/mac.htmlhttps://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-ad-iphoe-sadbox.htmlhttps://code.google.com/p/google-security-research/issues/list?ca=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestoe+Ower+摘要&cells=tileshttps://support.apple.com/zh-c/HT205731https://www.apple.com/support/security/https://opesource.apple.com/tarballs/https://mobile-security.zeef.com/oguzha.topguhttps://www.powerofcommuity.ethttps://c.0day.today/exploitshttps://reco.cx/2016/traiig/traiigios-osx.htmlhttps://www.exploit-db.com/osx-rop-exploits-evocam-case-study/https://www.offesive-security.com/vuldev/evocam-remote-buffer-overflow-o-osx/https://www.yumpu.com/zh-CN/documet/view/7010924/ios-kerel-heap-armageddohttp://cotagiodump.blogspot。com/https://www.dllhook.com/post/138.htmlhttps://shell-storm.org/blog/Retur-Orieted-Programmig-ad-ROPgadget-tool/https://medium.com/@harryworld/100-days-of-osx-developmet-e61591fcb8c8#.vxyuyse12https://www.poboke.com/study/reversehttps://www.offesive-security.com/vuldev/evocam-remote-buffer-overflow-o-osx/https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/https://phrack.org/issues/69/1.htmlhttps://www.exploit-db.com/docs/28479.pdfhttps://speakerdeck.com/milkmix/ios-malware-myth-or-realityhttps://bbs.pediy.com/thread-223117。htm
(2)IOS安全优秀博客文章https://datatheorem.github.io/TrustKit/https://ho.ax/posts/2012/02/resolvig-kerel-symbols/https://www.securitylear.et/tag/petestig-ios-apps/https://truesecdev.wordpress.com/2015/04/09/hidde-backdoor-api-to-root-privileges-i-apple-os-x/https://github.com/secmobi/wiki.secmobi。comhttps://bbs.iosre.com/t/debugserver-lldb-gdb/65https://bbs.pediy.com/showthread.php?t=193859https://bbs.pediy.com/showthread.php?t=192657&viewgoodees=1&prefixid=https://blog.darkraifall.org/2013/01/os-x-iterals/https://dvlabs.tippigpoit.com/blog/2009/03/06/reverse-egieerig-iphoe-appstore-biarieshttps://drops.wooyu.org/papers/5309https://www.blogfshare.com/category/ios-securehttps://www.safaribooksolie.com/library/view/hackig-ad-securig/9781449325213/ch08s04.htmlhttps://soudly.me/osx-ijectio-override-tutorial-hello-world/https://adavrub.wordpress.com/2015/07/23/ijectig-code-to-a-ios-appstore-app/https://blog.dewhurstsecurity.com/https://github.com/project-imashttps://github.com/iSECPartershttps://www.owsecure.com/blog/https://lightbulboe.com/https://www.tahao.me/pieces/1515.html/https://dogaxis.github.io/https://truesecdev.wordpress.com/2015/04/09/hidde-backdoor-api-to-root-privileges-i-apple-os-x/(3)IOS安全优秀GitHub包含O'Reilly的iOS9Swift编程手册的所有示例代码https://github.com/vadadp/iOS-9-Swift-Programmig-CookbookXCodeGhost清除脚本https://github.com/padazheg/XCodeGhost-CleaAppleOSXROOT提权API后门https://github.com/tihmstar/rootpipe_exploit适用于iOS和OS的轻松且通用的SSL固定Xhttps://github.com/datatheorem/TrustKit使用shellcodehttps修补PE,ELF,Mach-O二进制文件://github.com/secretsquirrel/the-backdoor-factoryiReSig允许的iDevice的应用程序包(的.ipa)文件,以便与苹果的数字证书分发给签署或辞职https://github.com/maciekish/iReSig马赫-O加载命令反混淆器https://github.com/x43x61x69/Mach-O-PrettifierDylib插入Mach-O文件https://github.com/Tyilo/isert_dylibdylib用于mach-o二进制文件的注入器https://github.com/KJCracks/yololib快速的iOS可执行转储程序https://github.com/KJCracks/ClutchMacOSX的libimobiledevice库的二进制分发https://github.com/bevium/libimobiledevice-macosx与OSX上的dylib劫持有关的pytho实用程序https:///github.com/syack/DylibHijackOSXdylib注入https://github.com/sce/osxijIOSIPA软件包精简并辞职https://github.com/Yosm/iPAFieROP漏洞利用https://github.com/JoathaSalwa/ROPgadget对任何Mach-o文件进行类转储而不从dyld_shared_cachehttps://github.com/limeos/classdump-dyld中提取文件扫描IPA文件并解析其ifo.plisthttps://github.com/apperia/iOS-checkIPAA通过库注入的PoCMach-O感染器https://github.com/gdbiit/osx_boubouIOS-Headershttps://github.com/MP0w/iOS-HeadersMacOSX的进程间代码注入https://github.com/retzsch/mach_ijectOSXAuditor是免费的MacOSX计算机取证工具https://github.com/jipegit/OSXAuditor删除osx的PIEhttps://github.com/CariaTT/MyRemovePIEIDA https的TE可执行格式加载器://github.com/gdbiit/TELoader移动安全框架https://github.com/ajiabraham/Mobile-Security-Framework-MobSF一个库,可以动态重新绑定运行在iOS上的Mach-O二进制文件中的符号https://github.com/facebook/fishhookOSX和iOS相关安全工具https://github.com/ashishb/osx-ad-ios-security-awesomeItrospy-Aalyzerhttps://github.com/iSECParters/Itrospy-Aalyzer将加密的iPhoe应用程序中解密的mach-o文件从内存转储到内存磁盘https://github.com/stefaesser/dumpdecrypted适用于iOS和OSX的Keychai的简单Swift包装器https://github.com/kishikawakatsumi/KeychaiAccessidb是一种工具,可简化iOS渗透测试和研究的一些常见任务使用Parse作为后端的https://github.com/dmayer/idb Petestig应用程序https://github.com/igrekde/ParseRevealeriOS逆向工程工具包https://github.com/Vhacker/iRETXNU-MacOSX内核https://github.com/opesource-apple/xuOSX的代码注入+有效负载通信https://github.com/mher18/ijectoriOS相关代码https://github.com/samdmarshall/iOS-IteralsOSX注入教程:HelloWorldhttps://github.com/arbiger/osxij_tutReveal加载程序将libReveal.dylib(Reveal.app支持)动态加载到越狱设备上的iOS应用程序中https://github.com/heardrwt/RevealLoaderNSUserDefaults类别,带有AES加密/解密密钥和值https://github.com/NZN/NSUserDefaults-AESEcryptor黑 盒工具可禁用SSL证书验证https://github.com/iSECParters/ios-ssl-kill-switch应用逆向工程抽奖插件https://github.com/iosre/iosrelottery未经测试的iOS调整,以挂钩OpeSSL函数https://github.com/abla-c0d3/iOS-hook-OpeSSLIOS*.plist加密器项目。保护您的.plist文件免于越狱https://github.com/FelipeFMMobile/ios-plist-ecryptoriOSipa文件重新设计工具https://github.com/hayaq/recodesig扫描iPhoe/iPad/iPod应用程序中的PIE标志https://github.com/stefaesser/.ipa-PIE-Scaer通过cve-2015-1140的xu本地特权升级IOHIDSecurePromptClietijectStrigGated堆溢出| poc||gtfohttps://github.com/kpw/vpwMachOViewhttps://github.com/gdbiit/MachOView与iOS设备通信的跨平台协议库https://github.com/libimobiledevice/libimobiledeviceWireLurkerDetectorhttps://github.com/padazheg/WireLurker发行按照GPL牌https://github.com/p0sixspw/p0sixspw通过CVE-2015XNU本地权限提升https://github.com/kpw/tpw一个简单的通用OSX/iOS上的内存编辑器(游戏培训师)https://github.com/padazheg/HippocampHairSaloBiaryCookieReader源码https://github.com/padazheg/BiaryCookieReaderTiamo的引导程序https://github.com/padazheg/macosxbootloader不完整的iOS8.4.1越狱,由KimJogCrackshttps://github.com/padazheg/yaluOSX安全扫描程序httpshttps://github.com/opescaer/XGuardia示例内核扩展,演示如何从kextstat隐藏https://github.com/rc0r/KextHider示例MacOSX内核扩展,用于解析运行中的内核映像中的符号https://github.com/sare/KerelResolver示例MacOSX(MoutaiLio)内核扩展,演示了如何通过劫持getdiretries系统调用来隐藏文件https://github.com/rc0r/FileHider示例MacOSX(MoutaiLio)内核扩展,演示了如何通过修改allproc和pidhashtbl隐藏进程的方法https://github.com/rc0r/ProcessHiderMach-O反汇编程序。现在兼容64位和Xcode6https://github.com/x43x61x69/otx一个Mach-O二进制代码签名去除器https://github.com/x43x61x69/codeusig一个Mach-O加载命令deobfuscatorhttps://github.com/x43x61x69/马赫-O-Prettifier很简单的键盘记录器为自量化在MacOSXhttps://github.com/davix/keylogger-osx通过iTuesLIB管理iOS设备https://github.com/xslim/mobileDeviceMaager检测硬件,软件以及运行时当前iOS或MacOSX设备的显示https://github.com/lmirosevic/GBDeviceIfo逆向工程Pytho武器库https://pythoarseal.com/OSX加密勒索软件PoChttps://github.com/gdbiit/gopherFridahttps://codeshare.frida。re/原始码级侦错的XNU核心 https://bbs.ichuqiu.com/thread-48301-1-1.html装甲:功能强大的macOS有效负载加密工具,可绕过大部分AVhttps://www.freebuf.com/sectool/190620.html使用radare2逆向iOSSwift应用程序https://www.freebuf.com/articles/termial/191595.html调试macOS内核很有趣https://geos0w.github.io/Debuggig-macOS-Kerel-For-Fu/MacMalware_2018https://objective-see.com/dowloads/MacMalware_2018.pdf适用于iOS的OpeSource.Apple.Com的精华https://ewosxbook.com/tools/iOSBiaries.htmlFortiAppMoitor:用于监控macOS上的系统活动的强大工具https://www.freebuf.com/sectool/193258.html样品https://objective-see.com/malware.html#resources(4)IOS安全优秀书籍《破解和保护iOS应用程序》《MacOSX和iOS内部构件:以苹果的核心》《OSX和iOS内核编程》《OSXABIMach-O文件格式》《Mac黑客手册》《MacOSXIterals:一种系统方法》《黑客攻防技术宝典-IOS实战》《IOS应用安全攻防实战》《IOS应用逆向工程》《IOS取证战》《安全技术大系:IOS取证分析》(5)IOS安全推特https://twitter.com/Techologeekshttps://twitter.com/osxreverserhttps://twitter.com/Morpheus ______(6)OSX/IOS漏洞分析文章CVE-2016-1749https://turigh.github.io/2016/04/29/CVE-2016-1749%E5%86%85%E6%A0%B8%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8CPOC%E5%88%86%E6%9E%90/CVE-2016-1757https://googleprojectzero.blogspot.com/2016/03/race-you-to-kerel.htmlhttps://github.com/gdbiit/mach_raceCVE-2016-1824https://marcograss.github.io/security/apple/cve/2016/05/16/cve-2016-1824-apple-iohidfamily-racecoditio.htmlIOS越狱中使用到的突破列表###ipsw ios10ipswhttps://ipsw.me/所有https://www.alliphoe.comhttps://www.theiphoewiki.com/wiki/Firmware_Keyshttps://pastebi.com/FRMfamT https://www.reddit.com/r/jailbreak/commets/4yz1p/discussio_decrypted_kerel_cache_ios_10/d48cgd7 https://www.owsecure.com/blog/2014/04/14/ios-kerel-reversig-step-by-step/http:///www.iphoehacks.com/dowload-iphoe-ios-firmwareMac下的一些软件https://sqwarq.com/detectx/Mac下的安全软件https://objective-see.com/products.html
点击空白处退出提示
评论