×

IosHackStudy安全学习资料汇总

消耗积分:2 | 格式:zip | 大小:0.12 MB | 2022-04-19

分享资料个

授权协议未知

开发语言 Swift

操作系统跨平台

软件类型开源软件

所属分类其他开源、开源图书

软件简介

不解决好这 3 大矛盾，就别搞 DevOps 了>>>>>>

IOS安全学习资料汇总

（1）IOS安全学习网站收集：

http://samdmarshall.com
https://www.exploit-db.com
https://reverse.put.as
http://highaltitudehacks.com/security/
http://www.dllhook.com/
http：// /www.securitylearn.net/archives/
http://securitycompass.github.io/iPhoneLabs/index.html
http://security.ios-wiki.com
http://www.opensecuritytraining.info/IntroARM.html
https： //truesecdev.wordpress.com/
http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/
http://esoftmobile.com/2014/ 02/14 / ios-security /
http://bbs.iosre.com
http://bbs.chinapyg.com
http://blog.pangu.io/
http://yonsm.net/
http：// nianxi。净/
http://cocoahuke.com/
https://blog.0xbbc.com
http://blog.imaou.com/
https://github.com/pandazheng/iOSAppReverseEngineering
http://drops.wooyun.org
http://bbs.pediy.com
http： //www.blogfshare.com/
https://github.com/michalmalik/osx-re-101
http://blog.qwertyoruiop.com/
https://github.com/secmobi/wiki.secmobi.com
http： //contagioexchange.blogspot.com/
http://contagiominidump.blogspot.com/
https://github.com/secmobi
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Guide_Development_Project
http：// blog.dornea.nu/2014/10/29/howto-ios-apps-static-analysis/
http://www.dllhook.com/post/58.html
http://thexploit.com/category/secdev/
https://github.com/secmobi/wiki.secmobi.com
https://github.com/mdsecresearch
http://sectools.org/tag/os-x/
http://googleprojectzero.blogspot.com/
http： //googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
http://www.macexploit.com/
https://code.google.com/p/google -security-research / issues / list？can = 1＆q = iOS＆sort = -id＆colspec = ID％20Type％20Status％20Priority％20Milestone％20Owner％20Summary
https://code.google.com/p/google-security-research/issues / list？can = 1＆q = OSX＆sort = -id＆colspec = ID + Type + Status + Priority + Milestone + Owner + Summary＆cells = tiles
http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part -ii.html
https://www.blackhat.com/docs/us-15/materials/us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf
https://www.youtube.com/watch?v = rxUgw5bEG3Y
https://www.theiphonewiki.com/wiki/固件
 http://www.trustedbsd.org/mac.html
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x- and-iphone-sandbox.html
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+摘要＆cells = tiles
https://support.apple.com/zh-cn/HT205731
https://www.apple.com/support/security/
http://opensource.apple.com/tarballs/
https：// mobile- security.zeef.com/oguzhan.topgu
http://www.powerofcommunity.net
http://cn.0day.today/exploits
https://recon.cx/2016/training/trainingios-osx.html
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/
https：//www.offensive-security .com / vulndev / evocam-remote-buffer-overflow-on-osx /
https://www.yumpu.com/zh-CN/document/view/7010924/ios-kernel-heap-armageddon
http：//contagiodump.blogspot。 com /
http://www.dllhook.com/post/138.html
http://shell-storm.org/blog/Return-Oriented-Programming-and-ROPgadget-tool/
https://medium.com/@ harryworld / 100-days-of-osx-development-e61591fcb8c8＃.vxyuyse12
http://www.poboke.com/study/reverse
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow -on-osx /
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/
http://phrack.org/issues/69/1.html
https://www.exploit-db.com/docs/28479.pdf
https://speakerdeck.com/milkmix/ios-malware-myth-or-reality
https://bbs.pediy.com/thread-223117。 htm

（2）IOS安全优秀博客文章

http://datatheorem.github.io/TrustKit/
http://ho.ax/posts/2012/02/resolving-kernel-symbols/
http://www.securitylearn.net/tag/pentesting-ios-apps/
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
https://github.com/secmobi/wiki.secmobi。 com
http://bbs.iosre.com/t/debugserver-lldb-gdb/65
http://bbs.pediy.com/showthread.php?t=193859
http://bbs.pediy.com/showthread.php ？t = 192657＆viewgoodnees = 1＆prefixid =
http://blog.darkrainfall.org/2013/01/os-x-internals/
http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone -appstore-binaries
http://drops.wooyun.org/papers/5309
http://www.blogfshare.com/category/ios-secure
https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html
http://soundly.me/osx-injection-override-tutorial-hello-world/
https：// nadavrub .wordpress.com / 2015/07/23 / injecting-code-to-an-ios-appstore-app /
http://blog.dewhurstsecurity.com/
https://github.com/project-imas
https：// github.com/iSECPartners
https://www.nowsecure.com/blog/
http://lightbulbone.com/
http://www.tanhao.me/pieces/1515.html/
http://dongaxis.github.io /
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

（3）IOS安全优秀GitHub

包含O'Reilly的iOS 9 Swift编程手册的所有示例代码
https://github.com/vandadnp/iOS-9-Swift-Programming-Cookbook
XCodeGhost清除脚本
https://github.com/pandazheng/XCodeGhost-Clean
Apple OS X ROOT提权API后门
https://github.com/tihmstar/rootpipe_exploit
适用于iOS和OS的轻松且通用的SSL固定X
https://github.com/datatheorem/TrustKit
使用shellcode
https修补PE，ELF，Mach-O二进制文件：//github.com/secretsquirrel/the-backdoor-factory
iReSign允许的iDevice的应用程序包（的.ipa）文件，以便与苹果的数字证书分发给签署或辞职
https://github.com/maciekish/iReSign
马赫-O加载命令反混淆器
https://github.com/x43x61x69/Mach-O-Prettifier
Dylib插入Mach-O文件
https://github.com/Tyilo/insert_dylib
dylib用于mach-o二进制文件的注入器
https://github.com/KJCracks/yololib
快速的iOS可执行转储程序
https://github.com/KJCracks/Clutch
Mac OS X的libimobiledevice库的二进制分发
https://github.com/benvium/libimobiledevice-macosx
与OS X上的dylib劫持有关的python实用程序
https：// /github.com/synack/DylibHijack
OSX dylib注入
https://github.com/scen/osxinj
IOS IPA软件包精简并辞职
https://github.com/Yonsm/iPAFine
ROP漏洞利用
https://github.com/JonathanSalwan / ROPgadget
对任何Mach-o文件进行类转储而不从dyld_shared_cache
https://github.com/limneos/classdump-dyld中提取文件
扫描IPA文件并解析其info.plist
https://github.com/apperian/iOS-checkIPA
A通过库注入的PoC Mach-O感染器
https://github.com/gdbinit/osx_boubou
IOS-Headers
https://github.com/MP0w/iOS-Headers
Mac OS X的进程间代码注入
https://github.com/ rentzsch / mach_inject
OS X Auditor是免费的Mac OS X计算机取证工具
https://github.com/jipegit/OSXAuditor
删除osx的PIE
https://github.com/CarinaTT/MyRemovePIE
IDA https的TE可执行格式加载器
： //github.com/gdbinit/TELoader
移动安全框架
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
一个库，可以动态重新绑定运行在iOS上的Mach-O二进制文件中的符号
https://github.com/facebook/fishhook
OSX和iOS相关安全工具
https://github.com/ashishb/osx-and-ios-security-awesome
Introspy-Analyzer
https://github.com/iSECPartners/Introspy-Analyzer
将加密的iPhone应用程序中解密的mach-o文件从内存转储到内存磁盘
https://github.com/stefanesser/dumpdecrypted
适用于iOS和OS X的Keychain的简单Swift包装器
https://github.com/kishikawakatsumi/KeychainAccess
idb是一种工具，可简化iOS渗透测试和研究的一些常见任务

使用Parse作为后端的https://github.com/dmayer/idb Pentesting应用程序
https://github.com/igrekde/ParseRevealer
iOS逆向工程工具包
https://github.com/Vhacker/iRET
XNU-Mac OS X内核
https://github.com/opensource-apple/xnu
OSX的代码注入+有效负载通信
https://github.com/mhenr18/injector
iOS相关代码
https://github.com/samdmarshall/iOS-Internals
OSX注入教程：Hello World
https://github.com/arbinger/osxinj_tut
Reveal加载程序将libReveal.dylib（Reveal.app支持）动态加载到越狱设备上的iOS应用程序中
https://github.com/heardrwt/RevealLoader
NSUserDefaults类别，带有AES加密/解密密钥和值
https://github.com/NZN/NSUserDefaults-AESEncryptor
黑盒工具可禁用SSL证书验证
https://github.com/iSECPartners/ios-ssl-kill-switch
应用逆向工程抽奖插件
https://github.com/iosre/iosrelottery
未经测试的iOS调整，以挂钩OpenSSL函数
https://github.com/nabla-c0d3/iOS-hook-OpenSSL
IOS * .plist加密器项目。保护您的.plist文件免于越狱
https://github.com/FelipeFMMobile/ios-plist-encryptor
iOS ipa文件重新设计工具
https://github.com/hayaq/recodesign
扫描iPhone / iPad / iPod应用程序中的PIE标志
https://github.com/stefanesser/.ipa-PIE-Scanner
通过cve-2015-1140的xnu本地特权升级IOHIDSecurePromptClient injectStringGated堆溢出| poc || gtfo
https://github.com/kpwn/vpwn
MachOView
https://github.com/gdbinit/MachOView
与iOS设备通信的跨平台协议库
https://github.com/libimobiledevice/libimobiledevice
WireLurkerDetector
https://github.com/pandazheng/WireLurker
发行按照GPL牌
https://github.com/p0sixspwn/p0sixspwn
通过CVE-2015 XNU本地权限提升
https://github.com/kpwn/tpwn
一个简单的通用OSX / iOS上的内存编辑器（游戏培训师）
https://github.com/pandazheng/HippocampHairSalon
BinaryCookieReader源码
https://github.com/pandazheng/BinaryCookieReader
Tiamo的引导程序
https://github.com/pandazheng/macosxbootloader
不完整的iOS 8.4.1越狱，由Kim Jong Cracks
https://github.com/pandazheng/yalu
OSX安全扫描程序
https http://github.com/openscanner/XGuardian
示例内核扩展，演示如何从kextstat隐藏
https://github.com/rc0r/KextHider
示例Mac OS X内核扩展，用于解析运行中的内核映像中的符号
https：// github .com / snare / KernelResolver
示例Mac OS X（Mountain Lion）内核扩展，演示了如何通过劫持getdirentries系统调用来隐藏文件
https://github.com/rc0r/FileHider
示例Mac OS X（Mountain Lion）内核扩展，演示了如何通过修改allproc和pidhashtbl隐藏进程的方法
https://github.com/rc0r/ProcessHider
Mach-O反汇编程序。现在兼容64位和Xcode 6
https://github.com/x43x61x69/otx
一个Mach-O二进制代码签名去除器
https://github.com/x43x61x69/codeunsign
一个Mach-O加载命令deobfuscator
https://github.com/ x43x61x69 /马赫-O-Prettifier
很简单的键盘记录器为自量化在Mac OS X
https://github.com/dannvix/keylogger-osx
通过iTunes LIB管理iOS设备
https://github.com/xslim/mobileDeviceManager
检测硬件，软件以及运行时当前iOS或Mac OS X设备的显示
https://github.com/lmirosevic/GBDeviceInfo
逆向工程Python武器库
http://pythonarsenal.com/
OS X加密勒索软件PoC
https://github.com/gdbinit/gopher
Frida
https：//codeshare.frida。 re /
原始码级侦错的XNU核心 https://bbs.ichunqiu.com/thread-48301-1-1.html
装甲：功能强大的macOS有效负载加密工具，可绕过大部分AV
https：// www .freebuf.com / sectool / 190620.html
使用radare2逆向iOS Swift应用程序
https://www.freebuf.com/articles/terminal/191595.html
调试macOS内核很有趣
https://geosn0w.github.io/Debugging -macOS-Kernel-For-Fun /
MacMalware_2018
https://objective-see.com/downloads/MacMalware_2018.pdf
适用于iOS的OpenSource.Apple.Com的精华
http://newosxbook.com/tools/iOSBinaries.html
FortiAppMonitor：用于监控macOS上的系统活动的强大工具
https://www.freebuf.com/sectool/193258.html

样品

https://objective-see.com/malware.html#resources

（4）IOS安全优秀书籍

《破解和保护iOS应用程序》
《 Mac OS X和iOS内部构件：以苹果的核心》
《 OS X和iOS内核编程》
《 OS X ABI Mach-O文件格式》
《 Mac黑客手册》
《 Mac OS X Interals：一种系统方法》
《黑客攻防技术宝典-IOS实战》
《 IOS应用安全攻防实战》
《 IOS应用逆向工程》
《 IOS取证战》
《安全技术大系：IOS取证分析》

（5）IOS安全推特

https://twitter.com/Technologeeks
https://twitter.com/osxreverser
https://twitter.com/Morpheus ______

（6）OSX / IOS漏洞分析文章

CVE-2016-1749
http://turingh.github.io/2016/04/29/CVE-2016-1749%E5%86%85%E6%A0%B8%E4%BB%A3%E7%A0%81 ％E6％89％A7％E8％A1％8CPOC％E5％88％86％E6％9E％90 /

CVE-2016-1757
http://googleprojectzero.blogspot.com/2016/03/race-you-to-kernel.html
https://github.com/gdbinit/mach_race

CVE-2016-1824
http://marcograss.github.io/security/apple/cve/2016/05/16/cve-2016-1824-apple-iohidfamily-racecondition.html

IOS越狱中使用到的突破列表

### ipsw ios10 ipsw
https://ipsw.me/所有
 https://www.alliphone.com
https://www.theiphonewiki.com/wiki/Firmware_Keys
http://pastebin.com/FRMfanmT https：// www.reddit.com/r/jailbreak/comments/4nyz1p/discussion_decrypted_kernel_cache_ios_10/d48cgd7 https://www.nowsecure.com/blog/2014/04/14/ios-kernel-reversing-step-by-step/
http：// /www.iphonehacks.com/download-iphone-ios-firmware

Mac下的一些软件

http://sqwarq.com/detectx/

Mac下的安全软件

https://objective-see.com/products.html

下载并关注上传者 低至0.43元/天 开通VIP 免费下载

声明：本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人，不代表电子发烧友网立场。文章及其配图仅供工程师学习之用，如有内容侵权或者其他违规问题，请联系本站处理。举报投诉

评论(0)

发评论

相关下载
相关文章

下载排行榜

3314A函数发生器维修手册
2024-12-19 31次下载

下载
美的电磁炉维修手册大全
2024-12-24 21次下载

下载
使用TL431设计电源
2024-12-16 10次下载

下载
如何正确测试电源的纹波
2025-01-02 10次下载

下载
感应笔威廉希尔官方网站图
2024-12-23 9次下载

下载
LZC3106G高性能谐振控制器中文手册
2024-12-23 8次下载

下载

全部0条评论

快来发表一下你的评论吧 !

'+ '

'+ '

'+ ''+ '

'+ ''+ ''+ '

'+ ''+ '' ); $.get('/article/vipdownload/aid/'+webid,function(data){ if(data.code ==5){ $(pop_this).attr('href',"/login/index.html"); return false } if(data.code == 2){ //跳转到VIP升级页面 window.location.href="//m.obk20.com/vip/index?aid=" + webid return false } //是会员 if (data.code > 0) { $('body').append(htmlSetNormalDownload); var getWidth=$("#poplayer").width(); $("#poplayer").css("margin-left","-"+getWidth/2+"px"); $('#tips').html(data.msg) $('.download_confirm').click(function(){ $('#dialog').remove(); }) } else { var down_url = $('#vipdownload').attr('data-url'); isBindAnalysisForm(pop_this, down_url, 1) } }); }); //是否开通VIP $.get('/article/vipdownload/aid/'+webid,function(data){ if(data.code == 2 || data.code ==5){ //跳转到VIP升级页面 $('#vipdownload>span').text("开通VIP 免费下载") return false }else{ // 待续费 if(data.code == 3) { vipExpiredInfo.ifVipExpired = true vipExpiredInfo.vipExpiredDate = data.data.endoftime } $('#vipdownload .icon-vip-tips').remove() $('#vipdownload>span').text("VIP免积分下载") } }); }).on("click",".download_cancel",function(){ $('#dialog').remove(); }) var setWeixinShare={};//定义默认的微信分享信息，页面如果要自定义分享，直接更改此变量即可 if(window.navigator.userAgent.toLowerCase().match(/MicroMessenger/i) == 'micromessenger'){ var d={ title:'IosHackStudy安全学习资料汇总',//标题 desc:$('[name=description]').attr("content"), //描述 imgUrl:'https://'+location.host+'/static/images/ele-logo.png',// 分享图标,默认是logo link:'',//链接 type:'',// 分享类型,music、video或link，不填默认为link dataUrl:'',//如果type是music或video，则要提供数据链接，默认为空 success:'', // 用户确认分享后执行的回调函数 cancel:''// 用户取消分享后执行的回调函数 } setWeixinShare=$.extend(d,setWeixinShare); $.ajax({ url:"//www.obk20.com/app/wechat/index.php?s=Home/ShareConfig/index", data:"share_url="+encodeURIComponent(location.href)+"&format=jsonp&domain=m", type:'get', dataType:'jsonp', success:function(res){ if(res.status!="successed"){ return false; } $.getScript('https://res.wx.qq.com/open/js/jweixin-1.0.0.js',function(result,status){ if(status!="success"){ return false; } var getWxCfg=res.data; wx.config({ //debug: true, // 开启调试模式,调用的所有api的返回值会在客户端alert出来，若要查看传入的参数，可以在pc端打开，参数信息会通过log打出，仅在pc端时才会打印。 appId:getWxCfg.appId, // 必填，公众号的唯一标识 timestamp:getWxCfg.timestamp, // 必填，生成签名的时间戳 nonceStr:getWxCfg.nonceStr, // 必填，生成签名的随机串 signature:getWxCfg.signature,// 必填，签名，见附录1 jsApiList:['onMenuShareTimeline','onMenuShareAppMessage','onMenuShareQQ','onMenuShareWeibo','onMenuShareQZone'] // 必填，需要使用的JS接口列表，所有JS接口列表见附录2 }); wx.ready(function(){ //获取“分享到朋友圈”按钮点击状态及自定义分享内容接口 wx.onMenuShareTimeline({ title: setWeixinShare.title, // 分享标题 link: setWeixinShare.link, // 分享链接 imgUrl: setWeixinShare.imgUrl, // 分享图标 success: function () { setWeixinShare.success; // 用户确认分享后执行的回调函数 }, cancel: function () { setWeixinShare.cancel; // 用户取消分享后执行的回调函数 } }); //获取“分享给朋友”按钮点击状态及自定义分享内容接口 wx.onMenuShareAppMessage({ title: setWeixinShare.title, // 分享标题 desc: setWeixinShare.desc, // 分享描述 link: setWeixinShare.link, // 分享链接 imgUrl: setWeixinShare.imgUrl, // 分享图标 type: setWeixinShare.type, // 分享类型,music、video或link，不填默认为link dataUrl: setWeixinShare.dataUrl, // 如果type是music或video，则要提供数据链接，默认为空 success: function () { setWeixinShare.success; // 用户确认分享后执行的回调函数 }, cancel: function () { setWeixinShare.cancel; // 用户取消分享后执行的回调函数 } }); //获取“分享到QQ”按钮点击状态及自定义分享内容接口 wx.onMenuShareQQ({ title: setWeixinShare.title, // 分享标题 desc: setWeixinShare.desc, // 分享描述 link: setWeixinShare.link, // 分享链接 imgUrl: setWeixinShare.imgUrl, // 分享图标 success: function () { setWeixinShare.success; // 用户确认分享后执行的回调函数 }, cancel: function () { setWeixinShare.cancel; // 用户取消分享后执行的回调函数 } }); //获取“分享到腾讯微博”按钮点击状态及自定义分享内容接口 wx.onMenuShareWeibo({ title: setWeixinShare.title, // 分享标题 desc: setWeixinShare.desc, // 分享描述 link: setWeixinShare.link, // 分享链接 imgUrl: setWeixinShare.imgUrl, // 分享图标 success: function () { setWeixinShare.success; // 用户确认分享后执行的回调函数 }, cancel: function () { setWeixinShare.cancel; // 用户取消分享后执行的回调函数 } }); //获取“分享到QQ空间”按钮点击状态及自定义分享内容接口 wx.onMenuShareQZone({ title: setWeixinShare.title, // 分享标题 desc: setWeixinShare.desc, // 分享描述 link: setWeixinShare.link, // 分享链接 imgUrl: setWeixinShare.imgUrl, // 分享图标 success: function () { setWeixinShare.success; // 用户确认分享后执行的回调函数 }, cancel: function () { setWeixinShare.cancel; // 用户取消分享后执行的回调函数 } }); }); }); } }); } function openX_ad(posterid, htmlid, width, height) { if ($(htmlid).length > 0) { var randomnumber = Math.random(); var now_url = encodeURIComponent(window.location.href); var ga = document.createElement('iframe'); ga.src = 'https://www1.elecfans.com/www/delivery/myafr.php?target=_blank&cb=' + randomnumber + '&zoneid=' + posterid+'&prefer='+now_url; ga.width = width; ga.height = height; ga.frameBorder = 0; ga.scrolling = 'no'; var s = $(htmlid).append(ga); } } openX_ad(828, '#berry-300', 300, 250);