COURSE ABSTRACT
Advanced Android and iOS Hands-on Exploitation is a unique training which covers security and exploitation of the two dominant mobile platforms - Android and iOS. This is a two day action packed class, full of hands-on challenges and CTF labs, for both Android and iOS environment.
Some of the topics that will be covered are
- Advanced Auditing of iOS and Android Applications
- Reverse Engineering, Bypassing Obfuscations
- Debugging Android and iOS applications
- Runtime manipulation based attacks
- Automating security analysis, Exploiting and patching apps
- ARM Exploitation
- API Hooking and a lot more.
The 2-day class is designed in a CTF approach where each of the module is followed by a complete hands-on lab, giving the attendees a chance to apply the knowledge and skills learnt during the class in real life scenario.
COURSE OUTLINE
Getting started with Android Exploitation and Pentesting
- Introduction to Android Security
- Android Debug Bridge 101
Android Exploitation 101
- Android Application Reverse Engineering
- Patching Android applications
- Hardcoding based vulnerabilities
- Working with Unity apps
- Logging Based vulnerabilities
- Securing Android components
- Static Automation tools
Digging Deeper in Android Exploitation
- Other Android App Components
- Insecure Android Components
- BlackBox analysis of an Android app
- Content Provider vulnerabilities
- Exploiting Content Providers
- Intent Interception
- Exploiting Broadcast Receivers
- Sniffing Broadcast Receivers and Deeper app analysis
- Drozer Scripting
- Android Backup based vulnerabilities
Runtime Analysis and Exploitation
- What is Hooking?
- Introduction to Frida
- Native Library analysis using Frida
- Analyzing encryption in app through Frida
- Advanced Frida Exploitation
Network Traffic Analysis in Android
- Getting started with Network analysis in Android
- Webview based vulnerabilities
Getting started with iOS Security
- Introduction to iOS Security
- Binary analysis for iOS
- Looking inside an iOS app
iOS App Exploitation
- Exploiting iOS Local data storage
- Digging deep into iOS Local data storage
- Reverse Engineering iOS Apps to dump class and methods
- Decrypting iOS binaries
- Traffic analysis for iOS
- Runtime manipulation in iOS
- Additional tools
All the above-mentioned topics are taught with extremely hands-on lab-based practical sessions.
WHO CAN ATTEND THIS COURSE
- Mobile Security Enthusiasts
- Mobile application developers and Penetration Testers
- Anyone wanting to start in mobile application security
WHAT STUDENTS WILL BE REQUIRED WITH
- Free 25GB disk space with minimum 4 GB RAM
- Jailbroken iOS device (if you would like to perform iOS Exploitation)