Q: What's better than attending the worlds only Mac security conference?
A: Attending the conference, and training with some of the world's top security researchers!

ℹ️   Note:

Trainings occur Oct 9th - 11th, and are held at the conference venue.
Even if you sign up for a training, you must still separately register for the conference, by emailing conference@objective-see.com.

"The Art of Mac Malware: Detection & Analysis" (Oct. 9th - 11th)
Learn the tools & techniques to comprehensively detect and analyze threats targeting macOS.

As macOS grows in popularity, so does the prevalence of malware targeting this platform ...including those designed to run natively on Apple Silicon.

Ever wanted to learn exactly how to tear apart these malicious creations in order to reveal their inner workings? Or how to craft tools capable of programmatically detecting even new threats? Here's your chance!

In this content-packed three-day course, Mac security expert and author Patrick Wardle will teach the tools and techniques needed to comprehensively analyze and understand malware targeting Apple's desktop OS. Moreover, we'll discuss heuristic-based approaches to programmatically detect such threats.
Patrick Wardle is the creator the non-profit Objective-See Foundation, author of the "The Art of Mac Malware" book series, and founder of the "Objective by the Sea" macOS Security conference.

Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.

Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.

"Threat Hunting macOS" (Oct. 9thth - 11th)
An in-depth and hands experience, for those looking for a deep dive into using macOS internals to their advantage for threat hunting.

Whether you're new to threat hunting or an experienced threat hunter this three day course will bring an in-depth and hands on experience to those looking to deep dive into using macOS internals to their advantage for threat hunting. Learn how to use the less commonly used artifacts to hunt down malicious activity in your environment.

This course uses simulated attack data collected with the Apple Endpoint Security Framework and teaches attendees how to connect the dots to determine what took place on the system.

Topics are discussed in presentation form and then applied via hands on labs. Among the different topics explored are
  • Exploring the process tree and understanding process creation
  • Understanding the complications of XPC
  • Tracing the steps of real malware samples and determining the scope of the attack
  • Hunting using the lesser explored pid values
  • Hunting using macOS and Unix specific technologies
  • ...and much more!
Attendees will walk away with a solid understanding of the system internals knowledge required for threat hunting on macOS as well as a new set of investigation skills.
Jaron has a background in incident response and threat hunting across Unix based platforms. He currently works as the macOS detections lead for Jamf Protect.

"Practical iOS App, User-, and Kernel-Space Reverse-Engineering" (Oct. 9thth - 11th)
Figure out how iOS apps work, understand the Apple mobile ecosystem, and dive into low-level kernel and firmware internals.

This 3-day training will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps on Apple's mobile devices. While covering all basics to get beginner reverse-engineers started, intermediate and even advanced attendees are provided with appropriately challenging content and exercises.

After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we’ll pivot to challenges posed by programs written in Objective-C and Swift, which use asynchronous programming using Grand Central Dispatch and Cross-Process Communication (XPC). We’ll be using Frida to trace control flow, find interesting code paths, manipulate data, and finally collect code coverage – everything you’ll need to get started writing custom fuzzers for vulnerability discovery. Going deeper into the internals of iOS, the user-space analysis will be followed up by a dive into the XNU kernel. Starting with a broad overview of the interactions between user- and kernel-space, we’ll be taking a closer look at IOKit, the common API used by iOS apps and daemons to communicate with drivers. This is followed up with a look into RTKit-based firmware and an overview of the network of Co-Processors in an iPhone.

The training will include hands-on exercises on virtual or physical iOS devices. Advanced iOS app internals are conveyed by breaking them down into small, easily comprehensible chunks and exercises building up on each other to form a general understanding of iOS concepts. Students will be guided through using free and open-source reverse-engineering software and frameworks (such as Ghidra and Frida) to understand the internals and perform security testing of closed-source apps and daemons. Students will be provided with slides, exercises, solutions including custom tooling, and cheat sheets to follow along the training.
Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse-engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues. Jiska Classen gave Android security trainings privately and for BlackHoodie at TROOPERS 2022, and has teaching experience from creating own lectures and labs as a postdoctoral researcher at TU Darmstadt.
Fabian Freyer has a love-hate relationship with reverse engineering and binary exploitation. Using the advanced method of excessive amounts of intense staring at hexdumps in Binary Ninja, trying to figure out every bit of the software he’s looking at, only to be disappointed it doesn’t give a flag to hand into the scoreboard. After years of CTF playing, he’s turned to using his skills as an independent security researcher but is currently taking a break from breaking things to build things at a hosting provider. Since then, he’s been scratching that itch by doing security research into mitigations at a systematic level and enjoys presenting his research at conferences such as NDSS, Black Hat, Hardwear.io and Nullcon. Fabian has given public security training on mobile security as well as cellular baseband firmware emulation and reverse-engineering at Hardwear.io, Nullcon Berlin and bespoke private security trainings.