We're excited to present the #OBTS v8.0 trainings, led by some of the world's foremost Apple security researchers and instructors. These sessions cover a range of topics, including reverse engineering, malware analysis, tool development, and OS internals across both macOS and iOS.
Note:
- Trainings occur just prior to the conference. All trainings are 3 days in length, running from October 12th - 14th. All trainings are held at the conference venue (Palacio de Congresos de Ibiza).
- Trainings are separate from the conference talks and are not included in the general conference ticket price. Also, registering for a training does not include conference access, you must still register and pay for the conference separately.
- Since trainings are independently owned and operated by the trainers, all questions should be directed to them.
#OBTS v8.0 Trainings:
"The Art of Mac Malware: Detection & Analysis"
Learn the tools & techniques used to uncover and then dissect the latest threats targeting macOS.
As Macs grows in popularity, so does the prevalence of malware targeting this platform.
Ever wanted to learn exactly how to tear apart these malicious creations in order to reveal their inner workings? Or how to craft tools capable of programmatically detecting even brand new threats? Here's your chance!
In this recently updated content-packed three-day course, Mac security expert and author Patrick Wardle will teach the tools and techniques needed to comprehensively analyze and understand malware targeting Apple's desktop OS. Moreover, we'll discuss heuristic-based approaches to programmatically detect both current and novel threats.
Patrick Wardle is the creator the non-profit Objective-See Foundation, author of the "The Art of Mac Malware" book series, and founder of the "Objective by the Sea" macOS Security conference.
Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.
Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.
"Threat Hunting macOS"
An in-depth and hands experience, for those looking for a deep dive into using macOS internals to their advantage for threat hunting.
Whether you're new to threat hunting or an experienced threat hunter this three day course will bring an in-depth and hands on experience to those looking to deep dive into using macOS internals to their advantage for threat hunting. Learn how to use the less commonly used artifacts to hunt down malicious activity in your environment.
This course uses simulated attack data collected with the Apple Endpoint Security Framework and teaches attendees how to connect the dots to determine what took place on the system.
Topics are discussed in presentation form and then applied via hands on labs. Among the different topics explored are
- Exploring the process tree and understanding process creation
- Understanding the complications of XPC
- Tracing the steps of real malware samples and determining the scope of the attack
- Hunting using the lesser explored pid values
- Hunting using macOS and Unix specific technologies
- ...and much more!
Jaron has a background in incident response and threat hunting across Unix based platforms. He currently works as the macOS detections lead for Jamf Protect.
"Practical iOS Reverse Engineering"
Figure out how iOS apps work, understand the Apple mobile ecosystem, and dive into low-level kernel and firmware internals.
This 3-day training will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps and discovering system internals on Apple's mobile devices. While covering all basics to get beginner reverse-engineers started, intermediate and even advanced attendees are provided with appropriately challenging content and exercises. The course material of this training is always kept up to date with the latest version of iOS – so you’ll even learn about features that will be introduced in iOS 19!
After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we'll pivot to challenges posed by programs written in Objective-C and Swift, which use asynchronous programming using Grand Central Dispatch and Cross-Process Communication (XPC). We'll be using Frida to trace control flow, find interesting code paths, manipulate data, and finally collect code coverage – everything you'll need to get started writing custom fuzzers for vulnerability discovery. Going deeper into the internals of iOS, the user-space analysis will be followed up by a dive into the XNU kernel. Starting with a broad overview of the interactions between user- and kernel-space, including Mach messages and syscalls, we'll be taking a closer look at IOKit, the common API used by iOS apps and daemons to communicate with drivers. This is followed up with a look into RTKit-based firmware and an overview of the network of Co-Processors in an iPhone.
Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices.
She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse-engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues.
Jiska Classen gave Android security trainings privately and for BlackHoodie at TROOPERS 2022, and has teaching experience from creating own lectures and labs as a postdoctoral researcher at TU Darmstadt.
She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse-engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues.
Jiska Classen gave Android security trainings privately and for BlackHoodie at TROOPERS 2022, and has teaching experience from creating own lectures and labs as a postdoctoral researcher at TU Darmstadt.
"iOS Threat Hunting & Malware Analysis"
Learn everything you need to know to find advanced malware and threats targeting iOS.
Since 2016, Pegasus has been the most well-known example of mercenary spyware targeting iOS devices. But it's not the only one. Other threat actors have developed tools like QuaDream’s Reign, Cytrox’s Predator, Tykelab’s Hermit, and spyware linked to Candiru.
This training is focused on iOS threat hunting, with a strong emphasis on practical investigation techniques. You'll start by exploring the key forensic data sources available on iOS—such as system and analytics logs, usage histories, crash reports, and low-level file system artifacts—and learn how to extract, interpret, and correlate this information during an investigation. Building on this foundation, you'll analyze real-world malware samples through detailed case studies, examining how different types of iOS spyware operate and what forensic traces they leave behind.
Participants will gain hands-on experience with actual malware samples and forensic data, learning how to identify and detect infections using a variety of analysis techniques. The training combines practical exercises with in-depth technical sessions, giving you the knowledge and tools needed to detect and investigate iOS malware in real-world scenarios."
Matthias Frielingsdorf is the Co-Founder and Vice President of Research & Development at iVerify, a leader in mobile Endpoint Detection and Response (EDR) that specializes in advanced protection against sophisticated mobile threats. With over a decade of experience, Matthias has focused on understanding iOS exploitation and malware development. His achievements include his work on iOS threat research, discovering and analysing a new Pegasus sample in 2023, security solutions for smartphones and tablets for Deutsche Bahn and testing mobile security software products for T-Systems.
Matthias has conducted extensive research on iOS exploits and malware detections, regularly presenting his findings at conferences such as BlackHat, OBTS, and LabsCon. He is also a sought-after trainer in detecting commercial spyware on iOS, conducting training sessions throughout the year at both private and public seminars.
Beyond his professional pursuits, Matthias enjoys playing basketball and gaming, as well as learning more about iOS.
Matthias has conducted extensive research on iOS exploits and malware detections, regularly presenting his findings at conferences such as BlackHat, OBTS, and LabsCon. He is also a sought-after trainer in detecting commercial spyware on iOS, conducting training sessions throughout the year at both private and public seminars.
Beyond his professional pursuits, Matthias enjoys playing basketball and gaming, as well as learning more about iOS.
"*OS - Security & Insecurity Workshop"
An deeply technical in-depth exploration and analysis of Apple's security mechanisms, their flaws, and modern exploitation techniques.
This course, modeled after Jonathan Levin's "*OS Internals: Volume III", takes a practical approach to explaining the security of Apple's operating systems, by explaining the various mechanisms employed by Apple to secure the system - and yet demonstrating how they fail, time and time again. Through case studies of jailbreaks and Pegasus (the only weapons-grade malware caught in the wild), the techniques for protecting the OS integrity - as well as past measures used to bypass them - are detailed.
Code samples detailing usage of each mechanism are provided as actual examples for discussion in class. Actual jailbreak code, including the latest KFD family of jailbreaks, is presented. Advanced tools - such as Xn00p2, our live kernel inspection/debugging tool - allow unprecedented visualization of what happens behind the scenes in every step of the jailbreak process. This course is updated to the latest Darwin 24 releases (iOS18, macOS 10.20/"15") - and by the time OBTS takes place - we'll be ready for iOS 19 and the next macOS!
Jonathan Levin is a trainer and consultant specializing in operating system internals. He is the author of definitive books on Android Internals as well as "*OS Internals" series, and provides plentiful tools and research for the community on the books' web sites.
He is founder and CTO of Technologeeks.com, a group of like-minded expert trainers and consultants.
He is founder and CTO of Technologeeks.com, a group of like-minded expert trainers and consultants.
"AI for Mac security"
A hands-on introduction to building native machine-learning models and AI tools to protect macOS.
Mac-centric security tooling is finally catching up with the power of Apple Silicon. This beginner-friendly, three-day course equips security professionals with the skills to design and deploy fast, native machine-learning models on their MacBooks.
No prior experience with machine learning is required—just a basic understanding of scripting, familiarity with threat hunting concepts, and a desire to learn.
Participants will apply both classical ML techniques and modern large language models (LLMs) to real-world macOS security problems, including malware classification and detection of anomalous terminal commands. Emphasis is placed on hands-on implementation, performance optimization, and integration into the macOS ecosystem.
Dr. Kimo Bumanglag is a Member of Technical Staff at OpenAI focused on threat hunting and intelligence.
He also serves as an adjunct lecturer at Johns Hopkins University, where he's committed to making complex cybersecurity topics accessible and mentoring the next generation of security professionals.
He also serves as an adjunct lecturer at Johns Hopkins University, where he's committed to making complex cybersecurity topics accessible and mentoring the next generation of security professionals.