.
Select Search Category
2 Days Course - Offensive Mobile Reversing and Exploitation
We45

Ever wondered how different attacking a mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job.

This course is designed to introduce beginners as well as advanced information security enthusiasts to the world of mobile application security using a fast-paced learning approach through intensive hands-on labs. We are bringing an updated version of the course with the latest mobile security tools and techniques. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and other real-world mobile application vulnerabilities in order to give you an in-depth knowledge about the different kinds of vulnerabilities to help you recognize and exploit security vulnerabilities in mobile application.

Course outline:
 >

              <div class=
  • Part 0 - Intro to Mobile Security

  • Part 1 - iOS Exploitation: Getting Started with iOS Pentesting, Static and Dynamic Analysis of iOS Apps, iOS application vulnerabilities and Reversing iOS Apps

  • Part 2 - Android: Introduction to Android, understanding Android Components, Smali vs Java, Exploiding Local Storage, App Explotaition and much more.

After the training the attendees will:
  • Reverse engineer iOS and Android binaries (Apps and system binaries)
  • Understanding of the various bug categories on Android and iOS systems
  • Be able to audit iOS and Android apps for security vulnerabilities
  • Understand and bypass anti-debugging and obfuscation techniques
  • Get a quick walkthrough on using IDA Pro, Hopper, Frida, etc
Session FAQ

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security.

The course covers topics ranging from beginners to advance topics. Basic Linux skills is the only requirement for the course. The iOS kernel exploitation module will require basic exploit development background.

Laptop with:

  • 80+ GB free hard disk space
  • 8+ GB RAM • VMware player installed on the machine. Latest version of Android SDK.
  • A Mac machine and jailbroken 64bit iPhone/iPad/iPod running iOS 10+ is necessary for the iOS hands-on modules
  • Download and install the latest version of Xcode.
  • Administrative access on the system • External USB access allowed
  • Videos for all the vulnerabilities shared in the class
  • Huge list of good reads and articles for learning mobile application security
  • Source code for vulnerable applications
  • Custom VM for hands-on pentesting

Dinesh