iOS Application Exploitation Challenges

lab Challenge series

Tackle security vulnerabilities in iOS apps, and challenge your iOS reverse engineering prowess.

Write your awesome label here.

Explore the Challenges

TraceTheMap is an iOS location-based challenge where you must collect 5 hidden map markers scattered within a 1 km radius. Each collectible is worth 100 points—and you need all 500 to win.Get within 50 meters of each collectible to score. Sounds simple? Not so fast.

While spoofing your GPS might seem like the obvious path, this app comes with a few built-in countermeasures to detect foul play. From unexpected location sanity checks to behavioral traps, it won’t be a walk in the park—even if you fake it.

Create a malicious web page that exploits SekureBrowzer's deep-linking and screenshot functionality to silently exfiltrate all stored screenshots from the victim's device to an attacker-controlled server without the victim's knowledge or consent.
Your attack should be able to redirect the user to attacker controlled webpage and should also be able to also trigger the screenshots without additional user interaction. The attacker should be able to steal all the screenshots by means of a html page that the user opens using the SekureBrowzer application.

Restrictions:

Your solution must work on non-jailbroken iOS devices.
Your exploit must work through standard web browsers where all the victim needs to do is visit a malicious webpage using SekureBrowzer.

After You Upload Your Solution:

Review

We’ll review your submission to confirm correct exploitation. This may take up to 5 business days

Certification

Successfully completing the challenges earns you a verified digital certificate to showcase your skills

03

Recognition

Add your certificate to your LinkedIn profile and portfolio, validating your hands-on skills in iOS application exploitation

Hands-On Exploitation Skills
Practice reverse engineering, static and dynamic analysis, and bypassing security controls on iOS IPAs that are created to mimick real world vulnerabilities.

Real-World Scenarios
Work with realistic apps ranging from balance ball games, to productivity-first browsers, that mimic the complexity of production environments.

Tool Proficiency
Get comfortable using tools like Frida, Ghidra, Medusa, and more in practical settings.

Security Mindset
Train yourself to think like an attacker: identify weaknesses, understand threat models, and build intuition around mobile app attack strategies and defense evasion.

Portfolio-Ready Experience
Build a strong foundation that you can showcase, whether you are applying for security roles or contributing to mobile app defense strategies.

Are you ready to test your iOS Security skills?

At 8kSec, we Empower businesses with Cutting-Edge Mobile Security Training, Pioneering Vulnerability research, and Innovative product offerings

Senior Lead Security Engineer - Mobile*

A Global Banking Corporation

$147,700 - $190,000 a year

- Formal training or certification on Mobile Development concepts and 5+ years applied experience
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices
- Ability to collaborate with development teams on security functions & resolutions
- Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
- Strong collaboration and communication skills are essential for working effectively with teams on security implementations
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for future state architecture & enterprise integrations
- Proven experience leading projects from scoping to delivery

- Working closely with in-house mobile development teams, providing guidance on secure coding practices, threat mitigation strategies, and optimal use of mobile security solutions.
- Utilize our mobile security vendors and tools to drive proactive security measures, ensuring optimal configuration, monitoring, and maintenance to safeguard our mobile applications.
- Oversee the deployment, integration, and ongoing support of mobile security tools, ensuring they are effectively utilized and updated.
- Provide technical leadership in securing mobile applications and infrastructure, ensuring compliance with industry standards and best practices.
- Manage the lifecycle of mobile security tools, including planning and executing upgrades to maintain optimal performance and security.
- Work closely with cross-functional teams to enhance security awareness, provide training, and ensure adherence to security protocols. Additionally, serve as a key feedback conduit to the mobile binary scanning team, risk management, and source scanning teams, ensuring continuous improvements in security posture and alignment with organizational security strategies.

Mobile Implant Software Engineer*

A Cyber-Risk Consulting Firm

$114,000 - $180,000 a year

- Proven experience in CNO and software development, particularly in support of DoD and Intelligence community customers
- Demonstrated ability to perform advanced research and development on embedded systems, Linux, and iOS platforms
- Strong understanding of network protocols and experience in implementing support for TCP, UDP, and TLS
- Experience in designing, developing, and integrating modular cyber capabilities
- Proficiency in using and integrating CI/CD tools and practices
- Excellent problem-solving skills and the ability to design novel solutions to complex security challenges
- Strong leadership skills with the ability to guide and mentor development teams
- Programming Languages: C, C++, Python, Java, x86 Assembly, MIPS Assembly, Microblaze Assembly, ARM Assembly, ARM64 Assembly, VHDL, Verilog, XML, JSON, HTML
- Tools and Technologies: LLDB/LLVM, IDA Pro, Immunity Debugger, Immunity Canvas, Eclipse, Git, Subversion, Embedded Systems, FPGAs, Docker, Intel Performance Primitives (IPP), High Performance Computing (HPC), REDHAWK, OmniORB CORBA, Software Defined Radios (SDR), Signal Processing, MySQL, PostgreSQL, JDBC, Django, ActiveMQ, Jpype, Pyxb, STOMP

- Lead research and development projects focused on mobile vulnerabilities and cyber operations
- Design and implement innovative solutions to address operational security challenges
- Architect and develop flexible, modular cyber capabilities in C, C++, and Python
- Triage and analyze public software vulnerabilities (CVEs) for security concerns
- Provide technical support and custom solutions to high-priority customer needs
- Design and develop new client/server data distribution tools
- Implement support for multiple network protocols, including TCP, UDP, and TLS
- Create custom build systems and ensure portability using Docker
- Integrate new projects with CI/CD services to streamline development processes
- Generate and maintain unit tests to enhance the reliability of client/server applications
- Guide the development team in adhering to industry software engineering standards and best practices

Sr. Android Penetration Tester*

A Gobal Device Company

$130,000 - $166,000 a year

- 5+ years of penetration testing experience, including 2+ years of Android penetration testing and 1+ year of web application penetration testing
- Strong understanding of malware, phishing attacks, attack vectors, and security best practices
- Knowledge of penetration testing tools, threat modeling, and security frameworks
- Ability to conduct security research, CVE analysis, and adversary simulation
- Strong communication skills to work cross-functionally with engineering and security teams
- Experience working in corporate environments with internal penetration testing teams (preferred over agency-based consulting experience)
- Bachelor’s degree in either Cybersecurity, Computer Science, Information Security, or related field
Preferred Qualifications:
- Certifications in offensive security
- Published CVEs, blog posts, or walkthroughs on security research
- Malware development and reverse engineering experience
- Experience working in top security consulting firms or in-house red teams at major tech companies
- Hands-on experience with firmware penetration testing and IoT security.

- Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios
- Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Web application, Android platform, Android Apps, Backend APIs, and Cloud services
- Research & and conduct adversary simulation for known security threats and identify novel attack vectors to test a system’s relative security readiness
- Conduct Threat modelling, Threat Intelligence and scoping with stakeholders
- Assist in creating and maintaining internal penetration testing and practice within QA team, managing vulnerabilities and tracking until closure
- Build Test harness & required Automation suites and validate attack vectors in Threat Lab
- Co-ordinate with program management, security architects at Internal & offshore sites
- Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices
- Research and developing exploits for zero-day vulnerabilities
- Conduct penetration test on IOT and Firmware Devices