Abstract
This 3-day hands-on training is tailored for security researchers, vulnerability analysts, and reverse engineers seeking to understand the Swift programming language’s internals.
The course offers a structured exploration of Swift, moving from fundamentals to advanced topics like Swift’s compiler, Strict Concurrency, Objective-C bridging and more.
The daily schedule maintains a balanced 50/50 ratio of theory to hands-on exercises.
While the content is optimized for beginner and intermediate attendees, advanced researchers will also find value in the material.
Because RE & VR require tooling, the course will also discuss how AI can empower existing Swift tools or help create custom ones.
By the end of the course, participants will understand what Swift is, where it is being used, how it works internally and what are its weaknesses.
Participants will be equipped with both knowledge and tooling to bootstrap their own defensive or offensive research.
Who should attend?
✅ Security researchers interested in Swift or in Apple’s ecosystem
✅ iOS App bug hunters looking to automate security testing
✅ Reverse engineers analyzing Apple’s system components, apps or malware
Suggested Prerequisites
In order to get the most out of this training, attendees should have a basic understanding of the following:
- Experience with reverse engineering (Binary Ninja, IDA, Ghidra, …)
- Experience with debugging tools (GDB, LLDB, …)
- Familiarity with binary exploitation is a plus
Technical Prerequisites & Setup
To ensure a smooth hands-on experience, participants should have the following environment ready before the training:
- A MacBook running macOS 26+ (Apple Silicon M1+)
- Optionally, a jailbroken iPhone or an iOS 26+ simulator
Training Outline
Day 1 - Swift Fundamentals
Objective: Understanding what Swift is, how it was design and for what purpose. This day covers:
- Introduction to Swift
- Where is Swift being used, who uses it, how to learn it, …
- Language perks, compile-chain, runtime and toolbox
- “Your first Swift program“, and how to reverse it
- Swift reverse engineering
- Swift internals (source code, metadata, calling convention, …)
- Deeper dive into the runtime and its objects (strings, array, structures, closures, …)
- Memory management, heap usage, and reference counting
- Getting started with Swift dynamic analysis
- Using LLDB, Frida and custom scripts
- Interacting with the runtime
Day 2 - Swift Advanced Topics
Objective: Digging deeper in Swift internals to understand its most advances features and obtain the knowledge required for further vulnerability research:
- Swift advanced features
- C interoperability
- Objective-C fundamentals and bridging
- Using and reverse engineering IPCs in Swift
- Parallel programming in Swift (asynchronous tasks, actors, strict concurrency, GCD, …)
- Going deeper with the compilation-chain
- Understanding the Swift IR and the LLVM toolbox
- (De)obfuscation of a Swift program
Day 3 - Swift weaknesses & offensive security
Objective: Understanding Swift security design, known flaws and how to exploit them. It covers:
- Swift security design and threat model
- Major security-related changes across versions
- CVE analysis and reproduction
- Play with the concurrency model, discuss memory corruptions, unsafe patterns, …
- Swift APIs used by attackers
- Offensive Swift development
- Implant reverse engineering
- AI workflows to boost vulnerability research
- Reconstruct lost informations (inlined functions, stripped symbols, …)
- Build AI-powered tooling to help understand concurrency in a target
Trainer Info
Atlan Pinabel leads the iOS security team at FuzzingLabs,
where he focuses on making research that will later be implemented inside FuzzForge,
their offensive security platform for fuzzing and AI agent orchestration.
He also provides expert iOS and reversing training.