Register Now
Register Now

Practical iOS App, User, Kernel-Space and Firmware Reverse-Engineering (Online)

Training Overview

Practical iOS App, User-, Kernel-Space & Firmware Reverse-Engineering is a rigorous, four-day deep-dive training at CSA XCON 2026, designed to equip participants with hands-on skills to reverse engineer iOS applications, operating system internals, kernel components, and firmware.

This training bridges the gap between mobile app security, OS internals, and hardware-adjacent firmware analysis, taking students from foundational reverse-engineering concepts to advanced vulnerability discovery workflows used by professional researchers.

Whether you are starting your journey into iOS reverse engineering or looking to push into kernel-space, fuzzing, and firmware analysis, this training delivers a complete, structured path.

About the Training at CSA XCON 2026

This is a tool-driven, lab-intensive training, not a theory lecture.

Key highlights include:

  • Static and dynamic iOS app reverse engineering
  • Deep exploration of Objective-C and Swift internals
  • Real-world fuzzing techniques using Frida
  • User-space to kernel-space interaction analysis
  • Firmware reverse engineering of Apple co-processors
  • Introduction to mobile forensics and compromise detection

Participants work with real iOS devices or controlled virtual environments, building skills progressively across four structured days.

What You Will Learn

iOS App Fundamentals

Learning Outcome: Perform static and dynamic reverse engineering of iOS apps and trace execution paths.

Topics include:

  • Apple’s security model: code signing, entitlements, sandboxing, TCC
  • iOS app internals: bundles, Mach-O binaries, DYLD shared cache, DRM
  • Static analysis using Ghidra
  • Objective-C & Swift calling conventions
  • Dynamic analysis using Frida (hooking, tracing, scripting)
User-Space Internals, Threads & Fuzzing

Learning Outcome: Write basic fuzzers, analyze crashes, and understand asynchronous execution.

Topics include:

  • Discovering runtime state and injecting data
  • Fuzzing fundamentals and harnessing with Frida
  • Coverage-guided fuzzing using Frida Stalker
  • Crash log interpretation
  • Asynchronous programming and GCD
  • Reverse engineering blocks in Objective-C and Swift
User-Space Meets Kernel-Space

Learning Outcome: Trace how apps interact with the kernel and drivers.

Topics include:

  • XPC communication and entitlement enforcement
  • iOS kernel overview and architecture
  • Mach messages and syscalls
  • IOKit internals and driver reverse engineering
  • Hardware-based protections (PAC, PPL, SPTM, TXM, etc.)
  • Reverse engineering blocks in Objective-C and Swift
Firmware & Mobile Forensics

Learning Outcome: Begin firmware reverse engineering and identify indicators of compromise.

Topics include:

  • Apple co-processors and system architecture
  • RTKit firmware formats and internals
  • Reverse engineering RTKit-based firmware
  • Forensic analysis of backups, sysdiagnoses, and crash logs
  • Applying course concepts to recent public iOS security research

Training Experience & Expectations

  • Deeply technical and hands-on
  • Progressive learning from app-level to firmware-level
  • Real tooling used by professional mobile security researchers
  • Exercises designed to build independent research capability

Participants leave with the confidence to reverse engineer unknown iOS components on their own.

Key Takeaways

  • Ability to reverse engineer iOS apps, OS internals, and firmware
  • Practical experience building custom fuzzers for iOS
  • Skills transferable to vulnerability research and mobile forensics
  • A research-driven mindset applicable beyond the training

Who Should Attend

This training is ideal for:

  • Mobile application penetration testers
  • Security and vulnerability researchers
  • Reverse engineers
  • iOS app developers interested in security
  • Advanced blue-team and DFIR professionals

Skill Level

Beginner to Intermediate

Participant Requirements

Participants should have:

  • Comfort with Linux or macOS command line
  • Familiarity with scripting concepts (JavaScript / Python helpful)
  • Access to either: A jailbroken iPhone (iPhone 6+, iOS 12+), or A supported virtual iOS environment

What Participants Will Receive

Each participant will receive:

  • Preconfigured virtual machine with required tooling
  • Access to physical jailbroken iPhones (on request)
  • Slides, exercises, and guided labs
  • Solutions, custom tooling, and cheat sheets
  • Continued access to training materials
Buy Ticket Now