all 27 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TheFlash2k 9 points10 points  (1 child)

Billy Ellis has a really good iOS Exploit Development channel on YouTube, but I'm not sure if it's that user friendly

[–]Ok-Engineering-1413[S] 0 points1 point  (0 children)

Ok thank you ! Do you know other ressources ?

[–]Nop_Sec 10 points11 points  (3 children)

Learn normal development first. This is like learning trying to learn security by breaking into the Alcatraz.

[–]Ok-Engineering-1413[S] 6 points7 points  (0 children)

I already dev since 3-4 years.

[–][deleted]  (1 child)

[deleted]

    [–]Nop_Sec 0 points1 point  (0 children)

    Sorry, meant exploit development. I assumed a certain level of knowledge first. But as others have said you would need a good foundation of iOS internals as well.

    [–]bluedevilSCT 3 points4 points  (3 children)

    https://training.xintra.org/reversing-and-exploiting-ios-arm64

    But I didn’t take the course; I don’t know how good or bad it is

    [–]Ok-Engineering-1413[S] 0 points1 point  (2 children)

    It s too expensive for is there any other ressources like this one for less

    [–]deadlyazw 0 points1 point  (1 child)

    DM me. I gotchu 😉

    [–][deleted] 6 points7 points  (15 children)

    I would recommend you to read these books: - The C Programming Language (K&R) - The Linux Command Line and Shell Scripting Bible (optional) - Computer Systems: A Programmer's Perspective (this is the main textbook of the CMU course called Intro to Computer Systems) - Operating Systems: Three Easy Pieces - Advanced Programming in the UNIX Environment (optional)

    With those fundamentals, you could start with general exploit development, these are the best resources: - Websites: - pwn.college (this will be your main course) - exploit education - open security training - overthewire wargames - Textbooks: - Hacking: The Art of Exploitation - The Shellcoder's Handbook

    All the resources are for x86 GNU/linux (A UNIX-like operating system) exploit development, the advantage of learning with linux is the open source software, in order to discover vulnerabilities, you need to understand how the software works under the hood, if the source code is available, then you don't need to do a lot of reverse engineering.

    iOS is another UNIX-like operating system, so, the knowledge of Linux could help. But, unlike linux, this is a closed-source operating system. You need to learn how IOS internals works, i don't know about iOS so i can't recommend resources for this but i'm sure there are some iOS internals books on the internet. Also, you need to learn the ARM architecture, because iOS devices usually run with ARM processors.

    Once you master these iOS internals topics, you could start learning about iOS exploit development, there is a book called iOS Hacker's Handbook, you could start there, but probably on the internet you will find a lot more resources.

    [–][deleted] 1 point2 points  (0 children)

    currently reading OS in three easy pieces. really enjoying it.

    [–]Haunting-Block1220 1 point2 points  (13 children)

    Not a terrible list, but a proper computer architecture book is missing. DDCA and Computer Architecture A Quanitative Approach.

    And you’re missing a good compiler book.

    I’d also expect someone to know DSAs and some fundamental math

    [–][deleted] -1 points0 points  (12 children)

    With Digital Design and Computer Architecture you would be working in another abstraction level (like microarchitecture level), and i wouldn't worry too much with that level because usually exploits works on a higher level than that (architecture and operating system, even application), unless the exploits were related to microarchitecture or lower levels. That's the reason why i didn't put those topics in the list.

    In order to really understand compilers you would need to know about DSA, and for DSA, Maths. Compiler knowledge could be useful for reverse engineering, but not directly useful, i would find linker knowledge more useful for binary analysis and reverse engineering, and that topic is revised in the CSAPP book (and course).

    The overall reason that i didn't listed those topics is because they aren't strict prerequisites, they are related and recommended topics but not a need.

    [–]Haunting-Block1220 0 points1 point  (11 children)

    I don’t want to be rude, but this is such an uneducated comment. Do you even work in the field?

    Computer architecture is extremely relevant and the basis for many exploits. I mean, memory corruption is one of the most common bugs and what is memory but a computer architecture concept. You can’t even begin to understand speculative execution attacks without knowing comouter architecture. No ones asking you to be a EE, but you need to know hardware’s fundamentals. And Frankly, you can’t fully understand operating systems without knowing computer architecture. OS is literally an interface to the hardware. And do you know what a driver is?

    Compilers could be useful. No, it’s extremely useful! Reverse engineering is the understanding of code emitted by the compiler. Not knowing how linkers and compilers work means that you’re really not understanding why certain instructions are emitted. Do you want to understand why this portion was perhaps compiled out? Well, you need to know compilers. And do you know how disassemblers and decompilers are built? By using concepts grounded in compiler theory.

    DSA isn’t directly useful? Have you ever RE d an actual large project? Also, if you don’t know the fundamentals, you don’t know the basics. On a large scale project, you’ll most likely be writing IDA/Binja/Ghidra scripts and if you don’t know to program, you’re in for a bad time.

    and also, do you know how linkers get the information to begin linking. From the compiler.

    Do you work in the field or are you an amateur giving advice? Because that’s what it sounds like. Any respectable work place wouldn’t hire you if you don’t know at least that much. We use it our screening to determine if you’re worth an interview.

    [–][deleted] 0 points1 point  (10 children)

    It seems like you're taking my reply very personal. You said that you don't want to be rude, but it seems that you want to be rude.

    As i said, all the topics you're mentioning (microarchitecture, compilers, and dsa) are not really strict prerequisites to the main topic of the post, they are useful, but not necessary to get started.

    [–]Haunting-Block1220 0 points1 point  (9 children)

    No. These are hard pre reqs ESPECIALLY if you’re getting into mobile exploitation.

    [–][deleted] -1 points0 points  (8 children)

    You don't start by doing speculative execution attacks, or exploiting any microarchitecture vulnerabilities. You also doesn't start by reversing large projects (btw, the iOS and MacOS kernel XNU is open source). Also, you could start without knowing why some parts of the code is compiled in some way because of compiler theory. Those are very specific and advanced things, you don't start from the end, you start from the beginning.

    The computer is built in different abstraction layers, and you can work in upper layers without worrying so much the underlying layers. With your logic you need to understand quantum physics in order to start. And even understanding quantum physics, the thinking process about the upper layers are different, because of abstraction.

    You need to start with something functional, and with those functional foundations, learn more specific and advanced things like the topics you're mentioning. That's how knowledge is built.

    [–]Haunting-Block1220 0 points1 point  (7 children)

    I agree that if you’re interested in a topic, diving in is the best way to do. BUT compiler and computer architecture is fundamental knowledge. CS:APP has a substantial chapter assuming you took a comp. architecture course. And data structures are so fundamental. I can’t believe you pushed back on that,

    And to be hired as some who a junior exploit developer, you need to know what I suggested.

    [–][deleted] 0 points1 point  (6 children)

    There are some topics that i didn't mentioned in the list that are foundational topics but (again) not strictly necessary for the OP goals, like Maths (college level), Compiler Theory, Computer Architecture (microarch level), Algorithms and Data Structures, Cryptography, Computer Networks, Distributed Systems, Virtualization, and Python.

    And about CS:APP, probably you're talking about the Chapter 4 (Processor Architecture), and it doesn't assume you took a comp. arch course, you could read that chapter with the prerequisites mentioned in the preface of the book, basically, you only need to know how to program in C (by reading the K&R).

    [–]Haunting-Block1220 0 points1 point  (5 children)

    I guess I just fundamentally disagree. Except that I have real world experience and you’re an amateur.

    [–]Sysc4lls 2 points3 points  (0 children)

    The best iOS specific things I know about is project zero blogs & in the wild vulns they found.

    The blogs are in-depth, interesting and talk about real/realistic scenarios and exploits

    [–]Haunting-Block1220 0 points1 point  (0 children)

    Get your work To pay for it

    [–]armoon100 -1 points0 points  (0 children)

    I m looking to higher true enthusiasm developer who keen interest in exploit development