Note:
Although conference registration has closed, you can still secure a ticket by signing up for one of our trainings!
Steps:
1️⃣ Sign up for your training of preference.
2️⃣ After receiving confirmation from your trainer, contact us (conference@objective-see.com), to purchase a conference ticket.
3️⃣ (Optionally) Book your room at the venue using this link to secure a discounted rate.
Note:
1️⃣ Trainings occur Dec 2nd - 4th, and are held at the conference venue.
Even if you sign up for a training, you must still separately register (and pay) for the conference.
2️⃣ The trainings are run exclusively by the trainers, and as such any specific questions should be directed to them.
"The Art of Mac Malware: Detection & Analysis"
(Dec. 2nd - 4th)
Learn the tools & techniques used to uncover and then dissect the latest threats targeting macOS.
As macOS grows in popularity, so does the prevalence of malware targeting this platform ...including those designed to run natively on Apple Silicon.
Ever wanted to learn exactly how to tear apart these malicious creations in order to reveal their inner workings? Or how to craft tools capable of programmatically detecting even new threats? Here's your chance!
In this content-packed three-day course, Mac security expert and author Patrick Wardle will teach the tools and techniques needed to comprehensively analyze and understand malware targeting Apple's desktop OS. Moreover, we'll discuss heuristic-based approaches to programmatically detect such threats.
Patrick Wardle is the creator the non-profit Objective-See Foundation, author of the "The Art of Mac Malware" book series, and founder of the "Objective by the Sea" macOS Security conference.
Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.
Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.
"Threat Hunting macOS"
(Dec. 2nd - 4th)
An in-depth and hands experience, for those looking for a deep dive into using macOS internals to their advantage for threat hunting.
Whether you're new to threat hunting or an experienced threat hunter this three day course will bring an in-depth and hands on experience to those looking to deep dive into using macOS internals to their advantage for threat hunting. Learn how to use the less commonly used artifacts to hunt down malicious activity in your environment.
This course uses simulated attack data collected with the Apple Endpoint Security Framework and teaches attendees how to connect the dots to determine what took place on the system.
Topics are discussed in presentation form and then applied via hands on labs. Among the different topics explored are
- Exploring the process tree and understanding process creation
- Understanding the complications of XPC
- Tracing the steps of real malware samples and determining the scope of the attack
- Hunting using the lesser explored pid values
- Hunting using macOS and Unix specific technologies
- ...and much more!
Jaron has a background in incident response and threat hunting across Unix based platforms. He currently works as the macOS detections lead for Jamf Protect.
"Practical iOS App, User-, and Kernel-Space Reverse-Engineering"
(Dec. 2nd - 4th)
Figure out how iOS apps work, understand the Apple mobile ecosystem, and dive into low-level kernel and firmware internals.
This 3-day training will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps on Apple's mobile devices. While covering all basics to get beginner reverse-engineers started, intermediate and even advanced attendees are provided with appropriately challenging content and exercises.
After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we’ll pivot to challenges posed by programs written in Objective-C and Swift, which use asynchronous programming using Grand Central Dispatch and Cross-Process Communication (XPC). We’ll be using Frida to trace control flow, find interesting code paths, manipulate data, and finally collect code coverage – everything you’ll need to get started writing custom fuzzers for vulnerability discovery. Going deeper into the internals of iOS, the user-space analysis will be followed up by a dive into the XNU kernel. Starting with a broad overview of the interactions between user- and kernel-space, we’ll be taking a closer look at IOKit, the common API used by iOS apps and daemons to communicate with drivers. This is followed up with a look into RTKit-based firmware and an overview of the network of Co-Processors in an iPhone.
The training will include hands-on exercises on virtual or physical iOS devices. Advanced iOS app internals are conveyed by breaking them down into small, easily comprehensible chunks and exercises building up on each other to form a general understanding of iOS concepts. Students will be guided through using free and open-source reverse-engineering software and frameworks (such as Ghidra and Frida) to understand the internals and perform security testing of closed-source apps and daemons. Students will be provided with slides, exercises, solutions including custom tooling, and cheat sheets to follow along the training.
Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse-engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues. Jiska Classen gave Android security trainings privately and for BlackHoodie at TROOPERS 2022, and has teaching experience from creating own lectures and labs as a postdoctoral researcher at TU Darmstadt.
Alexander is a PhD-candidate and security researcher. His research focuses on proprietary Apple protocols, such as Find My, UWB, and Satellite communications. By analyzing these, he not only uncovers new security and privacy issues but also creates free open-source tools to interact with them like OpenHaystack and AirGuard. AirGuard helps people to detect unwanted tracking and find hidden tracking devices.
"iOS Threat Hunting"
(Dec. 2nd - 4th)
Learn everything you need to know to find advanced malware and threats targeting iOS.
Since 2016 Pegasus is well known in the industry as the prime example for mercenary spyware targeting iOS devices. But did you know about Quadream's Reign, Cytrox's Predator, Tykelab's Hermit or Candiru?
This new training will enable you to detect a wide variety of iOS Malware. The forensic-based approach will provide you with a deep understanding of the forensic artifacts left behind by these malware samples and how to detect them through various techniques. Through a combination of hands-on exercises and expert-led sessions, you will develop the skills and knowledge necessary to become a proficient iOS Threat Hunter. Join me in this unique training opportunity that has not been offered before and gain valuable insights into the world of iOS Malware detection and forensics.
Special OBTS Bonus: On day three of this training we will analyze an actual Pegasus case together and you will learn the skills necessary to dissect the Malware on your own!
Matthias day to day job is to lead the research team and find new detection methods for iOS Malware at iVerify. He has plenty of experience protecting smartphones and tablets from Malware, having worked at two major German infrastructure corporations. He is a seasoned conference speaker and trainer with given talks and trainings at top conferences such as OBTS, HITB and BlackHat.
Matthias is passionate about all things related to iOS security. When he's not playing basketball or games he loves to spend his time learning new things around iOS.
Matthias is passionate about all things related to iOS security. When he's not playing basketball or games he loves to spend his time learning new things around iOS.