Training

Apple’s Swift - RE, VR and AI

trainer

Atlan Pinabel

FuzzingLabs


Abstract

This 3-day hands-on training is tailored for security researchers, vulnerability analysts, and reverse engineers seeking to understand the Swift programming language’s internals. The course offers a structured exploration of Swift, moving from fundamentals to advanced topics like Swift’s compiler, Strict Concurrency, Objective-C bridging and more.

The daily schedule maintains a balanced 50/50 ratio of theory to hands-on exercises. While the content is optimized for beginner and intermediate attendees, advanced researchers will also find value in the material. Because RE & VR require tooling, the course will also discuss how AI can empower existing Swift tools or help create custom ones.

By the end of the course, participants will understand what Swift is, where it is being used, how it works internally and what are its weaknesses. Participants will be equipped with both knowledge and tooling to bootstrap their own defensive or offensive research.

Who should attend?

✅ Security researchers interested in Swift or in Apple’s ecosystem

✅ iOS App bug hunters looking to automate security testing

✅ Reverse engineers analyzing Apple’s system components, apps or malware

Suggested Prerequisites

In order to get the most out of this training, attendees should have a basic understanding of the following:

  • Experience with reverse engineering (Binary Ninja, IDA, Ghidra, …)
  • Experience with debugging tools (GDB, LLDB, …)
  • Familiarity with binary exploitation is a plus

Technical Prerequisites & Setup

To ensure a smooth hands-on experience, participants should have the following environment ready before the training:

  • A MacBook running macOS 26+ (Apple Silicon M1+)
  • Optionally, a jailbroken iPhone or an iOS 26+ simulator

Training Outline

Day 1 - Swift Fundamentals

Objective: Understanding what Swift is, how it was design and for what purpose. This day covers:
  • Introduction to Swift
    • Where is Swift being used, who uses it, how to learn it, …
    • Language perks, compile-chain, runtime and toolbox
    • “Your first Swift program“, and how to reverse it
  • Swift reverse engineering
    • Swift internals (source code, metadata, calling convention, …)
    • Deeper dive into the runtime and its objects (strings, array, structures, closures, …)
    • Memory management, heap usage, and reference counting
  • Getting started with Swift dynamic analysis
    • Using LLDB, Frida and custom scripts
    • Interacting with the runtime

Day 2 - Swift Advanced Topics

Objective: Digging deeper in Swift internals to understand its most advances features and obtain the knowledge required for further vulnerability research:
  • Swift advanced features
    • C interoperability
    • Objective-C fundamentals and bridging
    • Using and reverse engineering IPCs in Swift
    • Parallel programming in Swift (asynchronous tasks, actors, strict concurrency, GCD, …)
  • Going deeper with the compilation-chain
    • Understanding the Swift IR and the LLVM toolbox
    • (De)obfuscation of a Swift program

Day 3 - Swift weaknesses & offensive security

Objective: Understanding Swift security design, known flaws and how to exploit them. It covers:
  • Swift security design and threat model
    • Major security-related changes across versions
    • CVE analysis and reproduction
    • Play with the concurrency model, discuss memory corruptions, unsafe patterns, …
  • Swift APIs used by attackers
    • Offensive Swift development
    • Implant reverse engineering
  • AI workflows to boost vulnerability research
    • Reconstruct lost informations (inlined functions, stripped symbols, …)
    • Build AI-powered tooling to help understand concurrency in a target

Trainer Info

trainer

Atlan Pinabel leads the iOS security team at FuzzingLabs, where he focuses on making research that will later be implemented inside FuzzForge, their offensive security platform for fuzzing and AI agent orchestration. He also provides expert iOS and reversing training.

Organizer

Organizer Logo

Partner Company

Partner Company Logo

Sponsors

POC Conference is made possible thanks to the support of our sponsors. Their continued partnership has played a vital role in sustaining and growing POC over the years. We sincerely thank them for their contribution.


TBA

Sponsorship Kit is not ready yet. Please check back later.

card-img

Become a Sponsor

Join leading offensive security companies from around the world in supporting POC Conference. Connect with a highly engaged technical audience and shape the future of security research. We’re excited to learn more about you and would be happy to share our sponsorship kit. Contact us to explore sponsorship opportunities.

Supporting Friends

  • 0x41con
  • codeblue
  • kunlun
  • dailysecu
  • ekoparty
  • h2hc
  • hardweario
  • hexacon
  • hitcon
  • nopcon
  • nullcon
  • offensivecon
  • phdays
  • sincon
  • theori
  • xcon
  • zeronights