OS X and iOS Internals

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
Please Log in or register to rate

OS X and iOS Internals


This course accompanies Jonathan Levin’s highly praised book, “OS X and iOS Internals” (Wiley, 2012), with deeper discussions of aspects which the book had to leave off due to brevity. Additionally, updates for Yosemite (10.10) , El Capitan (10.11) and iOS 9 are presented.

This is your chance to learn about the nooks and crannies of Apple’s operating systems – from the man who literally wrote the book. The course will also present the book’s tools with in depth coverage, as well as introduce more bonus materials and updates.

Course Objectives
  • Understand the process of binary linking and loading
  • Reverse engineer and analyze Mach-O Binaries
  • Reverse engineer Objective-C and Swift code
  • Use Apple’s own documented and undocumented APIs for tracing and debugging
  • Explain, interface with and hook Kernel system calls
  • Explain and interface with the network stack, at all levels
  • Explain common malware techniques
  • Understand attack surfaces in OS X and iOS, particularly those of the kernel, kexts (I/O Kit) and system daemons

This course allocates time for hands-on practice (shown in parentheses). Most modules are accompanied by exercises (often in the form of guided instructor demos), as shown below; Participants are encouraged to bring malware samples to class, or inquire in advance for specific binaries/subsystems to analyze!


Target Audience:

  • Reverse Engineers, Security and/or Malware Researchers and Forensics Experts, both Mac and iOS, interested in getting to know Apple’s Operating Systems intimately, and obtaining reverse engineering techniques and paradigms.


  • Knowledge of OS X at a user level, and user mode programming
  • Familiarity with x86_64 and/or ARM32/64 is highly recommended
  • Bring your own Mac/jailbroken i-Device – or ask us about renting one for class!
Course Modules
  • Architectural Overview
  • Binaries
  • Advanced Mach-O and DYLD
  • Runtime Environments
  • Debugging and Tracing Techniques
  • Launchd and XPC
  • Mach primitives and IPC
  • XNU, up close
  • Programming KEXTs
  • I/O Kit
  • The Network Stack
  • Security
Detailed Course Outline

OS X and iOS Internals detailed course outline

© Copyright - Skilit - Site by Dweb