OFFENSIVE MOBILE REVERSING AND EXPLOITATION

Overview

Ever wondered how different attacking a Mobile application would be, from a traditional web  application? Gone are the days when knowledge of just SQL Injection or XSS could help you  land a lucrative high-paying infoSec job.

This course is designed to introduce beginners as well as advanced security enthusiasts to the  world of mobile security using a fast-paced learning approach through intensive hands-on labs. 

We are bringing an updated version of the course with the latest tools & techniques. The

training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2,

InsecurePass and other real-world application vulnerabilities in order to give an in-depth

knowledge about the different kinds of vulnerabilities in Mobile applications. After the

workshop, the students will be able to successfully pentest and secure applications running on  the various operating systems.

Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to  the students for practice after the class.


After the training the attendees will: 

  • Reverse engineer iOS and Android binaries (Apps and system binaries)

  • Understanding of the various bug categories on Android and iOS systems

  • Be able to audit iOS and Android apps for security vulnerabilities

  • Understand and bypass anti-debugging and obfuscation techniques

  • Get a quick walkthrough on using IDA Pro, Hopper, Frida, etc

Course outline:

Part 1 - iOS Exploitation

Module 1: Getting Started with iOS Pentesting

  • iOS security model

  • App Signing, Sandboxing and Provisioning

  • Setting up XCode

  • Changes in iOS 12

  • Primer to iOS 12 security

  • Exploring the iOS filesystem

  • Intro to Objective-C and Swift

  • What's new in Swift ?

  • Setting up the pentesting environment

  • Jailbreaking your device

  • Cydia, Mobile Substrate

  • Getting started with Damn Vulnerable iOS app

  • Binary analysis

  • Finding shared libraries

  • Checking for PIE, ARC

  • Decrypting ipa files

  • Self signing IPA files

Module 2 : Static and Dynamic Analysis of iOS Apps

  • Static Analysis of iOS applications

  • Dumping class information

  • Insecure local data storage

  • Dumping Keychain

  • Dynamic Analysis of iOS applications

  • Basic App Exploitation techniques using Frida

  • Advance App Exploitation techniques using Frida

Module 3: iOS application vulnerabilities

  • Exploiting iOS applications

  • Broken Cryptography

  • Side channel data leakage

  • Sensitive information disclosure

  • Client side injection

  • Bypassing jailbreak, piracy checks

  • Inspecting Network traffic

  • Traffic interception over HTTP, HTTPs

  • Manipulating network traffic

  • Bypassing SSL pinning


Module 4 : Reversing iOS Apps

  • Introduction to Hopper

  • Disassembling methods

  • Modifying assembly instructions

  • Patching App Binary

Part 2 - Android Exploitation

Module 1

  • Why Android

  • Intro to Android

  • Android Security Architecture

  • Android application structure

  • Signing Android applications

  • ADB – Non Root

  • Rooting Android devices

  • ADB – Rooted

  • Understanding Android file system

  • Permission Model Flaws

  • Attack Surfaces for Android applications

Module 2

  • Understanding Android Components

  • Introducing Android Emulator

  • Introducing Android AVD

Module 3

  • Proxying Android Traffic

  • Reverse Engineering for Android Apps

  • Smali Learning Labs

  • Smali vs Java

  • Dex Analysis and Obfuscation

  • Android App Hooking

Module 4

  • Exploiting Local Storage

  • Exploiting Network Communication

  • Exploiting Certificate Pinning using manual and automated techniques

  • Exploiting Weak Cryptography

  • Exploiting Side Channel Data Leakage

  • Manual and Automated Root Detection and Bypass

  • Identifying and Exploiting flawed Broadcast Receivers

  • Identifying and Exploiting flawed Intents

  • Identifying and Exploiting Vulnerable Activity Components

  • Analysing Proguard, DexGuard and other Obfuscation Techniques

  • Exploiting Android NDK

Module 5

  • App Exploitation using Drozer

  • Basic App Exploitation techniques using Frida

  • Advance App Exploitation techniques using Frida


Key takeaways

  • Videos for all the vulnerabilities shared in the class

  • Custom VM that can be used for Mobile Application Exploitation

  • Detailed slides about every topic learnt in the class


Who Should Take This Course

This course is for penetration testers, mobile developers or anyone keen to learn mobile  application security.



Student Requirements

The course covers topics ranging from beginners to advance topics. Basic Linux skills is the only  requirement for the course.

What students should bring 

• Laptop with:

• 50+ GB free hard disk space

• 8+ GB RAM

• VMware player installed on the machine

• Students will be provided with access to Corellium for iOS hands-on and as such do not n eed to carry iOS devices

• Download and install the latest version of Xcode

• Administrative access on the system

• External USB access allowed



What Students Will be Provided With


• Videos for all the vulnerabilities shared in the class

• Huge list of good reads and articles for learning mobile application security

• Source code for vulnerable applications

• Custom VM for hands-on pentesting

• Students will be provided with access to Corellium for iOS hands-on for the duration of

the course





English 

2 days

22nd, 23rd  September 

ONLINE

Cost

Early bird

USD 1000

CONSULTAS

Escribinos a capacitacion@ekoparty.org


Instructor


Dinesh Shetty leads the Mobile Security Testing Center of Excellence at Security Innovation. His

core area of expertise is Mobile and Embedded application pentesting and exploitation. He has

spoken at conferences like Black Hat, Bsides, Def Con, BruCon, AppsecUSA, AppsecEU, HackFest

and many more. He maintains an open source intentionally vulnerable Android application

named InsecureBankv2 for use by developers and security enthusiasts. He has also authored

the guide to Mitigating Risk in IoT systems that covers techniques on security IoT devices and

Hacking iOS Applications that covers all of the known techniques of exploiting iOS applications.


   Instructor


Prateek Gianchandani is currently working as a Security Researcher at DarkMatter. He has

more than 7 years of experience in security research and penetration testing. His core focus

area is mobile exploitation,reversing engineering and embedded device secuirty. He is also the

author of the open source vulnerable application named Damn Vulnerable iOS app. He has

presented and trained at many international conferences including Defcon, Blackhat USA,

Brucon, Hack in paris, Phdays, Appsec USA etc. In his free time, he blogs at

http://highaltitudehacks.com