iOS for Security Engineers

4800€ | 12th to the 15th of October 2026

iOS is one of the most popular operating systems on the market, offering a state-of-the-art security model. During this 4-day training provided by experienced security researchers, participants will discuss the ecosystem, the fundamental building blocks and the internals of the iOS operating system with a hands on approach on a virtual phone device. They will discover how to use the macOS toolchain to deploy their own code, debug and use diagnostic tools.

The fundamentals of reverse-engineering applications and system services in iOS will be covered in a second step: Objective-C internals, IPC mechanisms (Mach, XPC, NSXPC), kernel APIs (MIG, IOKit), usermode and kernelmode tracing, bootloader. Practical examples and exercises will guide participants throughout the training. Finally, software and hardware security measures specific to iOS will be covered both in kernel and user space, including: PAC, MIE, SPTM/TXM, KTRR.

Get prepared for the world of iOS vulnerability research and exploit development with a training built to equip you with the essential tools, techniques, and mindset to get started on iOS 26.


Objectives of the training

Discover the iOS 26 ecosystem

Deploy code using the macOS toolchain

Use debugging and diagnostic tools

Get a global overview of XNU

Explore Objective-C internals

Use IPC mechanisms (XPC, NSXPC) and kernel APIs

Study XNU & hardware security (PAC, MTE, SPTM/TXM, sandboxing, heap protections and more)

Get ready to perform iOS security research on your own

The trainer

Who will run this training?

Quentin
Meffre

Synacktiv
@0xdagger

Quentin Meffre is a security researcher at Synacktiv.

His main interests are vulnerability research and exploit development. He especially likes iOS security.

He has spoken at international conferences including, Hexacon, BlackHat EU and SSTIC.

Victor
Cutillas

Synacktiv

Victor Cutillas is a computer security researcher working at Synacktiv.

His main interests are reverse engineering and exploit development with a focus on iOS and Linux.

Almond-based food recipes also make him happy.

Syllabus

What will we do?

Content

Day 1: Introduction to reverse engineering on Apple platforms

Setup of the work environment (libimobiledevice tools, vphone VM), developing on Apple platforms (macOS and iOS), using diagnostic tools, introduction to the Apple ecosystem, extraction of updates, important file formats and tools, introduction to Objective-C runtime.

Labs: device setup, use of diagnostic tools, compile & run code on the device, trace back a log message, Objective-C runtime introspection & method hooking.

Day 2: Kernel overview, userland instrumentation, and Mach IPC

Introduction to XNU, BSD & Mach syscalls, entitlements, PAC hardware protection, instrumenting userland processes using Frida, inter-process communications in userland (Mach messages).

Labs: use a private XNU syscall, instrument a service with Frida, get familiar with Mach IPC API (simple & complex messages).

Day 3: Userland services & XNU security design

Interactions with kernel objects (MIG), theory and practice on XPC and NSXPC inter-process communication abstractions, overview of the MACF framework (code signing, sandboxing), understanding defense-in-depth in XNU design.

Labs: Write an encrypted Mach-O dumper using task objects, interact & exploit custom services using both XPC & NSXPC APIs.

Day 4: XNU mitigations & extensions

Kernel heap protections, monitoring kernel functions with DTrace, Memority Integrity Extension (MIE), bootloader overview, interacting with kernel extensions (IOKit).

Labs: trace the kernel to perform a Man-in-the-Middle on MIG interactions, interact with a native IOKit service.

Why should people attend your course?

This course is designed for people looking to quickly get a strong understanding of key concepts specific to iOS and mandatory to get started in iOS research. They will be guided by the real-world experience of specialized security researchers through a pedagogical training focusing on a practical approach.

Audience and prerequisites

This intermediate level training is suitable for people with notions of reverse engineering but limited prior experience in the Apple ecosystem. It is aimed primarily at:

  • Pentesters
  • iOS developers
  • Security engineers

Good knowledge of C development and basics in reverse engineering are highly recommended.

Software requirements

  • Any operating system will do
  • Disassembler/decompiler with ARM support is nice to have but not mandatory
  • Your favorite code editor
  • A PDF reader
  • SSH client + sshfs

Provided material

  • Access to a physical Mac
  • 1 virtual device
  • 1 slide deck (~430 slides)
  • 13 exercises with their solutions

Other trainings

What else might interest you?

Read more

Attacking Instant Messaging Applications in the LLM Era

Nitay Artenstein

Read more

Bug Hunting in Hypervisors

Corentin Bayet & Bruno Pujos

Read more

Exploiting the Android Kernel

Andrey Konovalov

Read more

Modern Malware OPSEC & Anti-Reverse Techniques Implementation and Reversing

Silvio La Porta & Antonio Villani

Read more

Practical Baseband Exploitation

Pedro Ribeiro & Vitor Pedreira

Read more

Software Deobfuscation Techniques

Tim Blazytko

Read more

Windows Internals for Security Engineers

Yarden Shafir

contact@hexacon.fr

Discord

@hexacon_fr

Conference

Your venue

About

The Hexacon team

Code of conduct

Archives

2022

2023

2024

2025