Events
Training Details
This four-day class will teach you both the fundamentals and advanced topics in iOS forensics and educate you on different malware samples.
The first half of the class will be focused on laying the forensics foundations and touch on Backups, Sysdiagnoses, Logs, Crashes, and OS Telemetry required to find Malware.
The second half of the class will be focused on analysing Malware samples that were captured in the last years and the methods they incorporated to hide their tracks. We'll be touching infection vectors, privilege escalation methods, code signing bypasses, and the actual implants' behavior and clean-up.
On the last day, we will be working on a completely unknown malware challenge where you can test your acquired skills.
Students will learn:
How iOS Malware infects devices and which traces are left behind.
Which Forensic Traces are available and how to differentiate malicious from normal activity.
How iOS Malware samples are analyzed and iOS specific clean-up behavior.
Who Should Take This Course
Security Engineers, Forensic Investigators. SOC and Malware Analysts or anyone thats wants to have deep understanding of iOS Threats and Malware.
Audience Skill Level
Intermediate. Students need to have familiarity with macOS and the macOS terminal. Experience in SQL and Python is nice but not required.
What Students Should Bring
A Mac on at least macOS 14. A Apple Silicon Mac is recommended but not required. You can also use Linux / Windows on your own responsibility. We can not guarantee every tool will work as expected.
What Students Will Be Provided With
All trainings materials including slides and hands-on labs. Students will be also provided with the malware samples thought in class.
Trainer
Matthias Frielingsdorf is Co-Founder and Vice President of Research & Development at iVerify. With over a decade of experience, Matthias has focused on understanding iOS exploitation and malware development. His achievements include his work on iOS threat research, capturing and analysing multiple iOS malware samples, security solutions for smartphones and tablets for Deutsche Bahn and testing mobile security software products for T-Systems. Matthias has conducted extensive research on iOS exploits and malware detections, regularly presenting his findings at conferences such as BlackHat, OBTS, and LabsCon. He is also a sought-after trainer in detecting commercial spyware on iOS, conducting training sessions throughout the year at both private and public seminars. Beyond his professional pursuits, Matthias enjoys playing basketball and gaming, as well as learning more about iOS.
Black Hat USA 26: iOS Threat Hunting and Malware Analysis Training
Since 2021, Apple has roughly notified victims of Commercial and Nation State Spyware in 150 countries.
But what do you do when you, your friend, or someone in your company gets some of these notifications? How do you investigate an iPhone for compromise? How do you find advanced Malware? How does the Malware actually infect an iPhone, and what can you do to make it harder?
This course will teach you everything you need to know to investigate iPhones for compromises and find the needles left behind by some of the most advanced threat actors.
August 1-4, 2026
Black Hat USA 2026
Register
Training Details
This four-day class will teach you both the fundamentals and advanced topics in iOS forensics and educate you on different malware samples.
The first half of the class will be focused on laying the forensics foundations and touch on Backups, Sysdiagnoses, Logs, Crashes, and OS Telemetry required to find Malware.
The second half of the class will be focused on analysing Malware samples that were captured in the last years and the methods they incorporated to hide their tracks. We'll be touching infection vectors, privilege escalation methods, code signing bypasses, and the actual implants' behavior and clean-up.
On the last day, we will be working on a completely unknown malware challenge where you can test your acquired skills.
Students will learn:
How iOS Malware infects devices and which traces are left behind.
Which Forensic Traces are available and how to differentiate malicious from normal activity.
How iOS Malware samples are analyzed and iOS specific clean-up behavior.
Who Should Take This Course
Security Engineers, Forensic Investigators. SOC and Malware Analysts or anyone thats wants to have deep understanding of iOS Threats and Malware.
Audience Skill Level
Intermediate. Students need to have familiarity with macOS and the macOS terminal. Experience in SQL and Python is nice but not required.
What Students Should Bring
A Mac on at least macOS 14. A Apple Silicon Mac is recommended but not required. You can also use Linux / Windows on your own responsibility. We can not guarantee every tool will work as expected.
What Students Will Be Provided With
All trainings materials including slides and hands-on labs. Students will be also provided with the malware samples thought in class.
Trainer
Matthias Frielingsdorf is Co-Founder and Vice President of Research & Development at iVerify. With over a decade of experience, Matthias has focused on understanding iOS exploitation and malware development. His achievements include his work on iOS threat research, capturing and analysing multiple iOS malware samples, security solutions for smartphones and tablets for Deutsche Bahn and testing mobile security software products for T-Systems. Matthias has conducted extensive research on iOS exploits and malware detections, regularly presenting his findings at conferences such as BlackHat, OBTS, and LabsCon. He is also a sought-after trainer in detecting commercial spyware on iOS, conducting training sessions throughout the year at both private and public seminars. Beyond his professional pursuits, Matthias enjoys playing basketball and gaming, as well as learning more about iOS.
Black Hat USA 26: iOS Threat Hunting and Malware Analysis Training
Since 2021, Apple has roughly notified victims of Commercial and Nation State Spyware in 150 countries.
But what do you do when you, your friend, or someone in your company gets some of these notifications? How do you investigate an iPhone for compromise? How do you find advanced Malware? How does the Malware actually infect an iPhone, and what can you do to make it harder?
This course will teach you everything you need to know to investigate iPhones for compromises and find the needles left behind by some of the most advanced threat actors.
August 1-4, 2026
Black Hat USA 2026
Register
Hubspot
Set a portal ID and form in the Properties.