iOS安全相關學習資料

1. 　https://github.com/zhengmin1989/iOS_ICE_AND_FIRE  (冰與火代碼)
2.    http://weibo.com/zhengmin1989?is_hot=1 （蒸米博客）
3.    http://drops.wooyun.org/tips/9300
4.    http://drops.wooyun.org/papers/10156
5. 　https://github.com/KJCracks/yololib (dylib注入源碼)
6.    https://github.com/zhengmin1989/iOS_ICE_AND_FIRE (binary)
7.    CaptainHook framework

OSX/IOS漏洞源碼：

1. https://github.com/tihmstar/rootpipe_exploit
2. https://github.com/jndok/ropnroll
3. https://github.com/tyranid/canape-ssl-mitm-osx
4. https://github.com/kpwn/vpwn
5. https://github.com/kpwn/tpwn
6. https://github.com/jndok/tpwn-bis
7. https://github.com/wzw19890321/OSX_vul
8. https://github.com/linusyang/SSLPatch

 

公開的IOS越獄源碼：

1. IOS6.1.3~6.1.6的越獄源碼
2. https://github.com/p0sixspwn/p0sixspwn
3. IOS8.4.1的越獄源碼
4. https://github.com/kpwn/yalu

 

OSX/IOS漏洞研究博客：

1. Hidden backdoor API to root privileges in Apple OS X
2. https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
3. Metasploit post exploitation scripts to steal ios5 backups
4. http://www.securitylearn.net/2012/09/09/metasploit-post-exploitation-scripts-to-steal-ios-5-backups/
5. OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
6. https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html
7. Researchers discover new keychain vulnerability in osx
8. http://www.csoonline.com/article/2979068/vulnerabilities/researchers-discover-new-keychain-vulnerability-in-osx.html
9. Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper
10. http://arstechnica.com/security/2015/09/drop-dead-simple-exploit-completely-bypasses-macs-malware-gatekeeper/
11. IOS9.2/9.2.1修補的內核漏洞
12. http://blog.pangu.io/race_condition_bug_92/
13. POC2015 & RUXCON2015 盤古團隊議題
14. http://blog.pangu.io/poc2015-ruxcon2015/
15. 一個「短命」的IOS內核漏洞
16. http://blog.pangu.io/short-lifecycle-bug/
17. IOS8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl
18. http://blog.pangu.io/ios-8-4-1-kernel-vulns/
19. CVE-2015-5774
20. http://blog.pangu.io/cve-2015-5774/
21. IOS8.1.2越獄過程詳解及相關漏洞分析
22. http://nirvan.360.cn/blog/?p=887
23. 從p0sixspwn源碼看越獄流程，原理，目的
24. http://bbs.pediy.com/showthread.php?t=193859&viewgoodnees=1&prefixid=
25. Pangu8越獄中所用/usr/libexec/neagent漏洞原理分析
26. http://bbs.pediy.com/showthread.php?t=195495&viewgoodnees=1&prefixid=
27. DYLD_ROOT_PATH dyld本地提取漏洞分析
28. http://nirvan.360.cn/blog/?p=455
29. tpwn分析
30. http://nirvan.360.cn/blog/?p=469
31. CVE-2015-5774分析及利用
32. http://nirvan.360.cn/blog/?p=461
33. CVE-2014-4423分析過程及結論
34. http://nirvan.360.cn/blog/?p=450
35. IOS ODay分析：播放視頻形成內核DoS
36. http://nirvan.360.cn/blog/?p=487
37. IOS進程通信安全和利用
38. http://nirvan.360.cn/blog/?p=723
39. 在非越獄的iPhone6(IOS8.1.3)上進行釣魚攻擊（盜取App Store密碼)
40. http://drops.wooyun.org/mobile/4998
41. IOS URL Scheme劫持-在未越獄的iPhone6上盜取支付寶和微信支付的賬號和密碼
42. http://drops.wooyun.org/papers/5309
43. IOS冰與火之歌-Object-C Pwn and IOS arm64 ROP
44. http://drops.wooyun.org/papers/12355
45. IOS冰與火之歌-在非越獄手機上進行App Hook
46. http://drops.wooyun.org/papers/12803
47. 對dyld的分析（源碼，代碼簽名等）
48. http://cocoahuke.com/2016/02/14/dyld%E5%8A%A0%E8%BD%BD%E8%BF%87%E7%A8%8B/
49. 太極taiji(IOS8.4)Info和部分反編譯代碼
50. http://cocoahuke.com/2015/09/18/taij(iOS8.4)/
51. CVE-2015-5774
52. http://cocoahuke.com/2015/09/18/describeCVE-2015-5774/

OSX/IOS漏洞集合網站：

1. https://www.exploit-db.com/platform/?p=osx
2. https://www.exploit-db.com/platform/?p=ios
3. https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html
4. http://www.macexploit.com/