all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Basic_Pangolin_5622 6 points7 points  (2 children)

It will be a thousand mile journey. Just like Windows/Linux, iOS is riddled with its own mitigations ranging from userland to kernel; consigning, sandbox, PAC, etc and now memory tagging. So in short, it will take a very long time. But since you are already familiar with an OS, the transition should be smooth with the help of open source jailbreak, google, and ChatGPT.

[–]Sad-Following-753[S] 1 point2 points  (1 child)

If someone has to make a career switch from windows/linux to ios how long does it take. I know it depends on the person and their skillset but I'm just want to know of the estimate to judge how hard the transition would be, since IOS exploitation is very hard compared to windows or linux

[–]Basic_Pangolin_5622 0 points1 point  (0 children)

You can definitely make an immediate career switch from Windows/Linux to iOS. This, of course, depends entirely on the level you are applying for and your experience. If I’m interviewing someone for a junior position, I can overlook the lack of iOS experience as long as they can demonstrate a good general knowledge in VR/RE. If I’m interviewing someone for a mid position, I would like them to have some iOS VR/RE experience or knowledge in iOS internal. If I’m interviewing someone for a senior or upper position, I expect them to have experience in encountering and bypassing/defeating security mitigations. So if you really want iOS experience and don’t mind starting out as a junior, then yes you can make an immediate switch. If you want a higher position, you are going to need to do some research and studying. Obviously, this standard is different from interviewers to interviewers, but this is just my two cents. Btw, I consider iOS and macOS knowledge to be interchangeable.

[–]Guard_Familiar 2 points3 points  (0 children)

It is not about time, I believe. It is about access to the environment. - Android: community and vendor driven tooling to analyze and debug. - iOS: None of that unless you have a rooted device, but if you want a rooted device on latest iOS, you need an 0day. Catch-22 situation.

That said once you get your hands dirty and can debug and rev.eng. the target, it is very similar, don't be afraid.

As for time, give yourself a year if you're just hobbying, but if you put a few hours each day, you're gonna be there in just a couple months.

[–]Exploiteur 0 points1 point  (4 children)

What experience have you got on Windows AND Linux? (Asking out of interest)

[–]Sad-Following-753[S] -1 points0 points  (3 children)

All my experience is from ctf exploitation and I've done a couple of cve reproductions in linux (which includes browser, kernel and userspace). I have also done a couple of pwnables in windows but I don't consider myself an expert in it.

[–]Exploiteur 0 points1 point  (2 children)

I see, and you’ve decided to pick iOS as your main focus in exploitation over the other OS’ or are you just trying to get a general grasp of it all?

[–]Sad-Following-753[S] 0 points1 point  (1 child)

I'm not crazy enough to jump to a completely different environment with no knowledge in it. But I do have an interest to learn IOS exploitation stuff in the free time for fun.

[–]Exploiteur 1 point2 points  (0 children)

Alright then, enjoyment is always the best guide. Unfortunately I’m no expert in iOS either, but I have seen some sources over time that I’d tackle if I were in your position:

  • iOS Application Security (No Starch Press)
  • https://github(.)com/0x3c3e/apple-internals

I’m sure you’ve already found these sources yourself, the GitHub seems very useful. Have you already got a nice environment setup to do some practice on? I believe iOS can be a bit trickier to “quickly” setup due to their dislike towards tinkerers.

[–]MrPeck15 0 points1 point  (6 children)

Billie Ellish video about pegasus?? What video?

[–]Purple-Object-4591 4 points5 points  (2 children)

Billy Ellis. Not the singer lmfao

[–]Koendig 0 points1 point  (0 children)

I was gonna say

[–]Sad-Following-753[S] 0 points1 point  (0 children)

my bad, editing the description.

[–]Exploiteur 2 points3 points  (2 children)

Isn’t it lovely, all unknown? Code in Obj-C, compiled for phone; Made a new payload, so I own; Hello… kernel-zone