Android & iOS App Exploitation BootCamp is an self-paced hands-on training that covers practical techniques to analyze, reverse and pentest Android and iOS applications. 

The class has been built and improved constantly over the past 7 years (2013-now) to include all new tools, techniques, and vulnerabilities to exploit Android & iOS apps. 

This class takes you behind-the-scenes of most of the concepts and explains the underlying fundamentals, rather than rushing through the concepts or the labs. It’s completely self-paced - that means you can take it at your own pace and can keep coming back to it for reference. 

The class does not promise to make you a Mobile Application Pentesting rockstar - but it does increase your odds of becoming one. 

If you feel that there is something that’s missing from the course, or not explained clearly - we make constant revisions and are just an email/DM away. 

 

COURSE OUTLINE

The Fundamentals: Android 101 - Ecosystem, Operating System, App Distribution
Security Evolution of Android (apps and platform)
Visualizing Android Security RabbitHole
Tools / Mindset / Approach
Test lab setup
Android FileSystem explorations

What Makes an Android App
Android Permission Model
Android App LifeCycle and States
Languages and ByteCodes
IPC Communication
Reverse Engineering Android apps
Hardcoded values (app code, native code)
Exploring Android Data Storage
Modifying/Patching/Backdooring Android apps & Use Cases
Exploiting App Frameworks
Automated analysis of Android app security issues

Identifying Insecure components and Exploitation
Middleware utilities
Intents, Intent-Filters and Intent Interception
Broadcasts their Receivers and Security Issues
Deep Linking Deep Dive
Android Backups

Understanding Android Runtime
Debugging Java code and Native libraries
Hooking Fundamentals
Frida Foundations
Frida + Static Analysis tag-team
Recovering encryption keys and other secrets

Android Network Communication
Network APIs
HTTP, HTTPS, and TLS
Capturing Network traffic in Android
Webview based Security issues
Certificates and Authenticity
Defeating SSL Pinning

Android Defense Strategies
Code Obfuscation, Packers and Optimizers

Android Kernel Overview
Understanding Android Rooting
Summary and Wrap-up
Training Project & Submission Guidelines
Future Research Direction

What is iOS
iOS and Android - similarities and differences
iOS Ecosystem and Security Evolution
How are iOS applications built - overview
iOS frameworks
Obj-C and Swift
Navigating XCode
Signing and Certificates
Jailbreaking for non-jailbreakers

IPAs
MachO binaries
Reverse Engineering iOS apps
Patching iOS apps

Exploring iOS File System
iOS App Data Storage
Insecure data storage
iOS Network APIs
Capturing app communication
Defeating SSL pinning

Runtime manipulation concepts
Automated Runtime analysis
Frida for iOS Security Research

Fuzzing - Android and iOS components
Conclusion & Wrap-Up
Research Areas
Training Project for iOS 

    [CONTENT CONSTANTLY UPDATED] - You will get continuous access to the latest Mobile Exploitation training course material 

    All the above-mentioned topics are taught with extremely hands-on lab-based practical sessions. 

    WHAT STUDENTS WILL BE PROVIDED WITH

    • Attify's Mobile pentesting VM
    • Lab reference material and handouts
    • 400+ slides (PDF Copy)

    Ideal for 

    This course is ideal for individuals who: 

    Kickstart or accelerate their career in Android/iOS Security
    Identify and Exploit vulnerabilities in real-world apps 
    Research into Mobile Security topics and are looking for a starting launchpad
    Searching for a one-stop course covering ALL of Android and iOS application security

    Requirements:

    • Free 40 GB disk space
    • iOS device (preferably 12 or above)
    • Mac goes well with iOS security research (but not a requirement)


    Certification

    The course includes 2 certificates:

    • Certificate of Completion
    • Attify Certified Mobile Pentester (after submitting the Classroom project)