v

您的位置:VeryCD图书计算机与网络

图书资源事务区


《iOS应用安全攻防》扫描版[PDF]

  • 状态: 精华资源
  • 摘要:
    图书分类软件
    出版社东南大学出版社
    发行时间2012年
    语言英文
  • 时间: 2013/07/05 15:24:45 发布 | 2013/07/23 23:22:15 更新
  • 分类: 图书  计算机与网络 

lovelinux8

精华资源: 42

全部资源: 43

相关: 分享到新浪微博   转播到腾讯微博   分享到开心网   分享到人人   分享到QQ空间   订阅本资源RSS更新   美味书签  subtitle
该内容尚未提供权利证明,无法提供下载。
中文名iOS应用安全攻防
图书分类软件
资源格式PDF
版本扫描版
出版社东南大学出版社
书号0787020002207
发行时间2012年
地区大陆
语言英文
简介

IPB Image

内容介绍:

《iOS应用安全攻防(影印版)(英文)》绝对急你所需——你所在公司的iOS应用被攻击的可能性很大。这是因为恶意攻击者现在使用一系列工具采用大多数程序员想象不到的方式进行反向工程、跟踪和操纵应用。这本《iOS应用安全攻防(影印版)(英文)》讲解了几种iOS的攻击手段,以及黑客们常用的工具和技术。你会从中学到保护你的应用的最佳方式,并且意识到像你的对手那样去理解和制定策略是多么重要。

内容截图:

IPB Image



目录

1. Everything You Know Is Wrong
The Myth of a Monoculture
The iOS Security Model
Components of the iOS Security Model
Storing the Key with the Lock
Passcodes Equate to Weak Security
Foreic Data Trumps Encryption
External Data Is at Risk, Too
Hijacking Traffic
Data Can Be Stolen...Quickly
Trust No One, Not Even Your Application
Physical Access Is Optional
Summary
Part Ⅰ. Hacking
2. The Basics of Compromising iOS
Why It's Important to Learn How to Break Into a Device
Jailbreaking Explained
Developer Tools
End User Jailbreaks
Jailbreaking an iPhone
DFU Mode
Tethered Veus Untethered
Compromising Devices and Injecting Code
Building Custom Code
Analyzing Your Binary
Testing Your Binary
Daemon!zing Code
Deploying Malicious Code with a Tar Archive
Deploying Malicious Code with a RAM Disk
Exercises
Summary
3. Stealing the Filesystem
Full Disk Encryption
Solid State NAND
Disk Encryption
Where lOS Disk Encryption Has Failed You
Copying the Live Filesystem
The DataTheft Payload
Customizing launchd
Preparing the RAM disk
Imaging the Filesystem
Copying the Raw Filesystem
The RawTheft Payload
Customizing launchd
Preparing the RAM disk
Imaging the Filesystem
Exercises
The Role of Social Engineering
Disabled Device Decoy
Deactivated Device Decoy
Malware Enabled Decoy
Password Engineering Application
Summary
4. Foreic Trace and Data Leakage
Extracting Image Geotags
Coolidated GPS Cache
SQLite Databases
Connecting to a Database
SQLite Built­in Commands
Issuing SQL Queries
Important Database Files
Address Book Contacts
Address Book Images
Google Maps Data
Calendar Events
Call History
Email Database
Notes
Photo Metadata
SMS Messages
Safari Bookmarks
SMS Spotlight Cache
Safari Web Caches
Web Application Cache
WebKit Storage
Voicemail
Revee Engineering Remnant Database Fields
SMS Drafts
Property Lists
Important Property List Files
Other Important Files
Summary
5. Defeating Encryption
Sogeti's Data Protection Tools
Italling Data Protection Tools
Building the Brute Forcer
Building Needed Python Libraries
Extracting Encryption Keys
The KeyTheft Payload
Customizing Launchd
Preparing the RAM disk
Preparing the Kernel
Executing the Brute Force
Decrypting the Keychain
Decrypting Raw Disk
Decrypting iTunes Backups
Defeating Encryption Through Spyware
The SpyTheft Payload
Daemonizing spyd
Customizing Launchd
Preparing the RAM disk
Executing the Payload
Exercises
Summary
6. Unobliterating Files
Scraping the HFS Journal
Carving Empty Space
Commonly Recovered Data
Application Screehots
Deleted Property Lists
Deleted Voicemail and Voice Recordings
Deleted Keyboard Cache
Photos and Other Peonal Information
Summary
7. Manipulating the Runtime
Analyzing Binaries
The Mach­O Format
Introduction to class­dump­z
Symbol Tables
Encrypted Binaries
Calculating Offsets
Dumping Memory
Copy Decrypted Code Back to the File
Resetting the cryptid
Abusing the Runtime with Cycript
Italling Cycript
Using Cycript
Breaking Simple Locks
Replacing Methods
Trawling for Data
Logging Data
More Serious Implicatio
Exercises
SpringBoard Animatio
Call Tapping...Kind Of
Making Screen Shots
Summary
8. Abusingthe Runtime Library
Breaking Objective­C Down
Itance Variables
Methods
Method Cache
Disassembling and Debugging
Eavesdropping
The Underlying Objective­C Framework
Interfacing with Objective­C
Malicious Code Injection
The CodeTheft Payload
Injection Using a Debugger
Injection Using Dynamic Linker Attack
Full Device Infection
Summary
9. Hijacking Traffic
APN Hijacking
Payload Delivery
Removal
Simple Proxy Setup
Attacking SSL
SSLStrip
Paros proxy
Browser Warnings
Attacking Application­Level SSL Validation
The SSLTheft Payload
Hijacking Foundation HTTP Classes
The POSTTheft Payload
Analyzing Data
Driftnet
Building
Running
Exercises
Summary
Part Ⅱ. Securing
10. Implementing Encryption
Password Strength
Beware Random Password Generato
Introduction to Common Crypto
Stateless Operatio
Stateful Encryption
Master Key Encryption
Geo­Encryption
Geo­Encryption with Passphrase
Split Server­Side Keys
Securing Memory
Wiping Memory
Public Key Cryptography
Exercises
11. Counter Foreics
Secure File Wiping
DOD 5220.22­M Wiping
Objective­C
Wiping SQLite Records
Keyboard Cache
Randomizing PIN Digits
Application Screehots
12. Securing the Runtime
Tamper Respoe
Wipe User Data
Disable Network Access
Report Home
Enable Logging
False Contacts and Kill Switches
Process Trace Checking
Blocking Debugge
Runtime Class Integrity Checks
Validating Address Space
Inline Functio
Complicating Disassembly
Optimization Flags
Stripping
They're Fun! They Roll! ­funroll­loops
Exercises
13. Jailbreak Detection
Sandbox Integrity Check
Filesystem Tests
Existence of Jailbreak Files
Size of/etc/fstab
Evidence of Symbolic Linking
Page Execution Check
14. Next Steps
Thinking Like an Attacker
Other Revee Engineering Tools
Security Veus Code Management
A Flexible Approach to Security
Other Great Books

正在读取……

这里是其它用户补充的资源(我也要补充):

暂无补充资源
正在加载,请稍等...

点击查看所有22网友评论

 

(?) [公告]留口水、评论相关规则 | [活动]每日签到 轻松领取电驴经验

    小贴士:
  1. 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
  2. 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
  3. 勿催片。请相信驴友们对分享是富有激情的,如果确有更新版本,您一定能搜索到。
  4. 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。
  5. 如果您发现自己的评论不见了,请参考以上4条。