Are you, or your organisation, concerned about potential compromise on your iPhone, iPad, or Apple Watch? This workshop equips you with the knowledge and tools to identify red flags on your iOS device. We delve into the world of sysdiagnose and explore methods to verify potential breaches.

This is the starter workshop, we invite you to also join the second deeper dive session with deeper analysis.

This is the second part, or deep dive, of the Sysdiagnose Analysis Framework Workshop.

We will continue on the topics discussed in the first workshop, but here the focus is on diving DEEP in lots of the data that is present in the sysdiagnose archive.
Please ONLY attend this workshop if you either attended previous year's session or attended the beginners session, or already used the sysdiagnose analysis framework before.

Building a pipeline to analyse iOS devices at scale

Overview and Abstract

This talk will show how the DG DIGIT is bulding a pipeline to analyse devices at scale relying on 2 key pieces:
1. The sysdiagnose analysis framework developed jointly with CERT-EU.
2. A toolset to collect artifacts over the air via a self-developped App (in collaboration with an independent security researcher) or Computer app on a PC. The self-developped app is now available on all EC-owned devices.

Globabally this is a part of a larger "mobile cybersecurity programme" which is a deliverable of the European Commission Cybersecurity Strategy.

The presenters will share with the audience hands-on experiences and share what works and what does not work with this approach.

Incident responders will leave the talk with a deeper understanding of Sysdiagnose and a novel tool in their IR arsenal.