芒果iOS开发之安全学习资料整理
2015-09-30 00:06
561 查看
最近出了XcodeGhost这一档子事,这件事情给广大的iOS开发者敲响了警钟,虽然iOS系统不是开源的,这在一定程度上也保证了大家的安全性。但是黑客还是会从其他方面入手。这次就是一个很好的例子。苹果的App Store平常打开速度很慢,所以很多开发者选择从地方下载。黑客就行病毒植入到开发工具中。所以大家先要保证开发工具的安全,防止开发工具被人篡改。
下边我收集了一些跟iOS相关的安全类的技术文章和博客。分享给大家:
iOS安全类的书籍:
1.《IOS应用安全攻防实战》
2.《iOS应用逆向工程》
3.《iOS取证实战》
4.《安全技术大系:iOS取证分析》
5.《黑客攻防技术宝典-IOS实战篇》
6.《Mac OS X and iOSInternals:To the Apple’s Core》
7.《OS X and iOS Kernel Programming》
8.《OS X ABI Mach-O File Format》
9.《The Mac Hacker’s Handbook》
10.《Mac OS X Interals:A Systems Approach》
11.《Hacking and Securing iOS Applications》
iOS安全学习网站收集:
http://samdmarshall.com https://www.exploit-db.com https://reverse.put.as http://security.ios-wiki.com https://truesecdev.wordpress.com/ http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/ http://esoftmobile.com/2014/02/14/ios-security/ http://bbs.iosre.com http://bbs.chinapyg.com http://blog.pangu.io/ http://yonsm.net/ http://nianxi.net/ https://github.com/pandazheng/iOSAppReverseEngineering http://drops.wooyun.org
iOS安全优秀博客文章
https://github.com/secmobi/wiki.secmobi.com http://bbs.iosre.com/t/debugserver-lldb-gdb/65 http://bbs.pediy.com/showthread.php?t=193859 http://bbs.pediy.com/showthread.php?t=192657&viewgoodnees=1&prefixid= http://blog.darkrainfall.org/2013/01/os-x-internals/ http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries http://drops.wooyun.org/papers/5309 https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html http://soundly.me/osx-injection-override-tutorial-hello-world/ https://nadavrub.wordpress.com/2015/07/23/injecting-code-to-an-ios-appstore-app/
iOS安全优秀GitHub
XCodeGhost清除脚本
https://github.com/pandazheng/XCodeGhost-Clean
Apple OS X ROOT提权API后门
https://github.com/tihmstar/rootpipe_exploit
Dylib插入Mach-O文件
https://github.com/Tyilo/insert_dylib
OSX dylib injection
https://github.com/scen/osxinj
IOS IPA package refine and resign
https://github.com/Yonsm/iPAFine
ROP Exploitation
https://github.com/JonathanSalwan/ROPgadget
Scan an IPA file and parses its info.plist
https://github.com/apperian/iOS-checkIPA
A PoC Mach-O infector via library injection
https://github.com/gdbinit/osx_boubou
IOS-Headers
https://github.com/MP0w/iOS-Headers
Interprocess Code injection for Mac OS X
https://github.com/rentzsch/mach_inject
OS X Auditor is a free Mac OS X computer forensics tool
https://github.com/jipegit/OSXAuditor
remove PIE for osx
https://github.com/CarinaTT/MyRemovePIE
A TE executable format loader for IDA
https://github.com/gdbinit/TELoader
Mobile Security Framework
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS
https://github.com/facebook/fishhook
OSX and iOS related security tools
https://github.com/ashishb/osx-and-ios-security-awesome
Introspy-Analyzer
https://github.com/iSECPartners/Introspy-Analyzer
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk
https://github.com/stefanesser/dumpdecrypted
Simple Swift wrapper for Keychain that works on iOS and OS X
https://github.com/kishikawakatsumi/KeychainAccess
idb is a tool to simplify some common tasks for iOSpentesting and research
https://github.com/dmayer/idb
Pentesting apps using Parse as a backend
https://github.com/igrekde/ParseRevealer
The iOS Reverse Engineering Toolkit
https://github.com/Vhacker/iRET
XNU – Mac OS X kernel
https://github.com/opensource-apple/xnu
Code injection + payload communications for OSX
https://github.com/mhenr18/injector
iOS related code
https://github.com/samdmarshall/iOS-Internals
OSX injection tutorial: Hello World
https://github.com/arbinger/osxinj_tut
Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices
https://github.com/heardrwt/RevealLoader
NSUserDefaults category with AES encrypt/decrypt keys and values
https://github.com/NZN/NSUserDefaults-AESEncryptor
Blackbox tool to disable SSL certificate validation
https://github.com/iSECPartners/ios-ssl-kill-switch
应用逆向工程抽奖插件
https://github.com/iosre/iosrelottery
Untested iOS Tweak to hook OpenSSL functions
https://github.com/nabla-c0d3/iOS-hook-OpenSSL
IOS *.plistencryptor project. Protect your *.plist files from jailbroken
https://github.com/FelipeFMMobile/ios-plist-encryptor
Re-codesigning tool for iOSipa file
https://github.com/hayaq/recodesign
Scans iPhone/iPad/iPod applications for PIE flags
https://github.com/stefanesser/.ipa-PIE-Scanner
下边我收集了一些跟iOS相关的安全类的技术文章和博客。分享给大家:
iOS安全类的书籍:
1.《IOS应用安全攻防实战》
2.《iOS应用逆向工程》
3.《iOS取证实战》
4.《安全技术大系:iOS取证分析》
5.《黑客攻防技术宝典-IOS实战篇》
6.《Mac OS X and iOSInternals:To the Apple’s Core》
7.《OS X and iOS Kernel Programming》
8.《OS X ABI Mach-O File Format》
9.《The Mac Hacker’s Handbook》
10.《Mac OS X Interals:A Systems Approach》
11.《Hacking and Securing iOS Applications》
iOS安全学习网站收集:
http://samdmarshall.com https://www.exploit-db.com https://reverse.put.as http://security.ios-wiki.com https://truesecdev.wordpress.com/ http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/ http://esoftmobile.com/2014/02/14/ios-security/ http://bbs.iosre.com http://bbs.chinapyg.com http://blog.pangu.io/ http://yonsm.net/ http://nianxi.net/ https://github.com/pandazheng/iOSAppReverseEngineering http://drops.wooyun.org
iOS安全优秀博客文章
https://github.com/secmobi/wiki.secmobi.com http://bbs.iosre.com/t/debugserver-lldb-gdb/65 http://bbs.pediy.com/showthread.php?t=193859 http://bbs.pediy.com/showthread.php?t=192657&viewgoodnees=1&prefixid= http://blog.darkrainfall.org/2013/01/os-x-internals/ http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries http://drops.wooyun.org/papers/5309 https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html http://soundly.me/osx-injection-override-tutorial-hello-world/ https://nadavrub.wordpress.com/2015/07/23/injecting-code-to-an-ios-appstore-app/
iOS安全优秀GitHub
XCodeGhost清除脚本
https://github.com/pandazheng/XCodeGhost-Clean
Apple OS X ROOT提权API后门
https://github.com/tihmstar/rootpipe_exploit
Dylib插入Mach-O文件
https://github.com/Tyilo/insert_dylib
OSX dylib injection
https://github.com/scen/osxinj
IOS IPA package refine and resign
https://github.com/Yonsm/iPAFine
ROP Exploitation
https://github.com/JonathanSalwan/ROPgadget
Scan an IPA file and parses its info.plist
https://github.com/apperian/iOS-checkIPA
A PoC Mach-O infector via library injection
https://github.com/gdbinit/osx_boubou
IOS-Headers
https://github.com/MP0w/iOS-Headers
Interprocess Code injection for Mac OS X
https://github.com/rentzsch/mach_inject
OS X Auditor is a free Mac OS X computer forensics tool
https://github.com/jipegit/OSXAuditor
remove PIE for osx
https://github.com/CarinaTT/MyRemovePIE
A TE executable format loader for IDA
https://github.com/gdbinit/TELoader
Mobile Security Framework
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS
https://github.com/facebook/fishhook
OSX and iOS related security tools
https://github.com/ashishb/osx-and-ios-security-awesome
Introspy-Analyzer
https://github.com/iSECPartners/Introspy-Analyzer
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk
https://github.com/stefanesser/dumpdecrypted
Simple Swift wrapper for Keychain that works on iOS and OS X
https://github.com/kishikawakatsumi/KeychainAccess
idb is a tool to simplify some common tasks for iOSpentesting and research
https://github.com/dmayer/idb
Pentesting apps using Parse as a backend
https://github.com/igrekde/ParseRevealer
The iOS Reverse Engineering Toolkit
https://github.com/Vhacker/iRET
XNU – Mac OS X kernel
https://github.com/opensource-apple/xnu
Code injection + payload communications for OSX
https://github.com/mhenr18/injector
iOS related code
https://github.com/samdmarshall/iOS-Internals
OSX injection tutorial: Hello World
https://github.com/arbinger/osxinj_tut
Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices
https://github.com/heardrwt/RevealLoader
NSUserDefaults category with AES encrypt/decrypt keys and values
https://github.com/NZN/NSUserDefaults-AESEncryptor
Blackbox tool to disable SSL certificate validation
https://github.com/iSECPartners/ios-ssl-kill-switch
应用逆向工程抽奖插件
https://github.com/iosre/iosrelottery
Untested iOS Tweak to hook OpenSSL functions
https://github.com/nabla-c0d3/iOS-hook-OpenSSL
IOS *.plistencryptor project. Protect your *.plist files from jailbroken
https://github.com/FelipeFMMobile/ios-plist-encryptor
Re-codesigning tool for iOSipa file
https://github.com/hayaq/recodesign
Scans iPhone/iPad/iPod applications for PIE flags
https://github.com/stefanesser/.ipa-PIE-Scanner
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- MySQL 安全事宜
- 黑客最起码要懂基本问题
- 黑客基本术语
- 如何成为一名黑客
- 预防黑客侵入你正在使用的Win系统(隐藏帐号)
- 灰帽黑客:正义黑客的道德规范、渗透测试、攻击方法和漏洞分析技术(第3版)
- spring security 3.2.0.M1 方法级别教程 基于注解——第一部分
- spring security 3.2.0.M1 方法级别教程 基于注解——第二部分
- 黑客挂马木马病毒研究 黑客木马的攻击与防止 木马的威力 木马运作流程 黑客的高明 社工学用户行为分析
- Spring Security3源码分析-FilterChainProxy初始化(转)
- Spring-Security-OAuth2遇到的奇怪问题
- Mac OS X 软件签名校验
- 码农 黑客和2B程序员之间的区别
- 蒙牛官网遭某留名黑客攻击
- SpringSecurity 3.x,无法找到元素 'http' ,以及 [http://www.springframework.org/schema/security]
- Firewall in linux–IPTABLE [01]
- PHP代码审计小计
- windows 2008文件服务器审计
- 网络信息安全防范体系以及设计原则