iOS Malware Detection

£2,520.00£2,832.00 inc VAT

Matthias’s training on iOS malware detection is an essential course for anyone who wants to keep iOS devices secure. Over three days, participants will learn about the basics of iOS security, including how to detect and prevent insecure configurations, how to defend against mass-market attacks, and how to defend against targeted attacks.
This course has been cancelled.

The course will be cancelled if minimum numbers are not reached three weeks before the training is due to take place so book early to avoid disappointment.

This product is currently out of stock and unavailable.

Presented by: Matthias Frielingsdorf

In the first day, participants will learn the fundamentals of iOS security, including the iOS security model, attack vectors for iOS, and how to set up a research and test environment. They will also get hands-on experience setting up a lab environment and detecting insecure configurations.

Day two focuses on defending against mass-market attacks, including an in-depth look at iOS apps and how to detect and prevent malicious apps. Participants will dive into the world of iOS app analysis, including static and dynamic analysis, as well as network traffic analysis. They will get hands-on experience with popular testing tools like Mobsf and Burp.

The final day is all about defending against targeted attacks. Participants will learn about recent targeted attacks, including the attack vectors, targeted groups, implants, and detection methods. They will then delve into iOS forensics, learning where to find interesting data and how to gather that data. Participants will also get hands-on experience by analyzing forensic data.

Overall, this course is an invaluable resource for anyone concerned about iOS security. With Matthias’s expertise, participants will gain the knowledge and practical skills needed to protect iOS devices against common threats. Additionaly, participants will be first ever visiting a training on detecting targeted attacks for iOS.

You’ll leave the course with a valuable evaluation checklist for mobile threat defense, iOS forensic analysis cheatsheets, and other useful resources to help you keep your devices secure.

Security Engineers, SOC Analysts, Mobile Security Team, CISOs, Journalists, Human Rights Defenders or everyone interested in securing their iPhones and iPads.

  • Participants understand the security model of iOS/iPadOS devices.
  • They know possible attack vectors and defensive measures against these.
  • They know how to use public tools to check their devices for app based malware or known targeted attacks. They know how to apply basic forensic methods on iOS to secure traces of potential malware so these can be further analysed by experts.

This will allow participants to secure their iPhones and iPads in:

  1. (Personal) Day to day usage even in critical geographic areas
  2. In Businesses and Enterprises

Topics are:

  • iOS Security Model
  • Attack vectors for iOS
  • Setting up a Research & Test Environment

Lab 1-1:

Setting up the Lab Environment

  • Jailbreaks (2)
  • Insecure Configurations

Lab 1-2:

Detecting Malicious Configuration Profiles

  • iOS Apps Basics

Lab 2-1

Detecting Mal. Apps and App Extraction

  • iOS App Analysis

Lab 2-2

Static App Analysis with MobSF

  • Dynamic Analysis

Lab 2-3

Network Traffic Analysis with Burp

  • Dynamic Analysis with Frida & Objection

Lab 2-4

Dynamic Analysis with Frida and bypassing Network Security

  • A study of recent targeted attacks
  • iOS Forensics

Lab 3-1:

Extracting Sysdiagnose, iTunes Backup and useful data from lockdownd.

Analyzing Forensic Data

  • Detecting known targeted Attacks

Lab 3-2:

Finding Advanced Malware in Forensic Artifacts

Useful Resources & Take Aways

  • Evaluation checklist for Mobile Threat Defense
  • iOS Forensic Analysis CheatSheets
  • Evaluation checklist for Mobile Threat Defense

An arm/Intel based Mac. Basically any computer that’s capable of running a virtual machine is fine.

  • A virtualisation solution of their choice. Virtual Machines will be provided in beforehand (Virtual Box for Intel and Parallels/Fusion for Arm). 
  • An iOS device is needed for the class. This can be an iPhone or an iPad.
  • Two labs require a jailbroken* device or a virtual iOS device (Corellium). 

The trainer will provide some spare devices which can be used during the training. 

iOS devices which are enrolled in a Mobile Device Management might not be suitable for this training, depending on the restrictions set by the company. It is recommend to use test devices instead of production ones. 

Neither the trainer nor 44CON is liable for any damage to devices / software during the training. 

*Latest Jailbreaks support

  • iOS 15.4 for iPhone XS and higher and
  • iOS 16.4 for iPhone X and lower

Devices can be jailbroken during the class.

This is an intermediary training. Students should be familiar with basic security controls / mechanisms and technical evaluations.  Students should know how to run virtual machines on their mac. Students need to be able to work with the command line and use python based tools. Python programming is recommend but not required.

Matthias is a dedicated security researcher who spends his days researching and discovering iOS Malware at iVerify.

He brings a wealth of experience to the table, having previously secured Deutsche Bahn’s smartphones and tablets, as well as testing mobile security software and upcoming security products for T-Systems. He is truly passionate about all aspects of iOS security, having written his master’s thesis on iOS exploit and malware detection. Matthias has given talks on this topics at OBTS and HIBT AMS 2023. When he isn’t busy playing basketball or games, he loves nothing more than continually educating himself on the latest developments in the field, with his focus this year being exploit development.

The three-day course will take place at the Novotel London West on 11–13 September 2023.
The price is £2,520 (inc VAT/£2,100 ex VAT).

You can purchase a ticket at a discounted rate for 44CON 2023 at the same time as your training course. The conference will take place on 13th September in the evening and 14–15 September at the Novotel London West, London. If you want to purchase a pre-order t-shirt and/or accommodation with the conference ticket, please email

A ticket for the training does not include accommodation.

Conference and training tickets are non-refundable as per our Terms of Service.

This ticket is NOT transferable (i.e. you cannot use it one day and pass it to someone the other — you can however change the name on it if circumstances change and you can’t attend).