Select Search Category
4 Days Course - Offensive Mobile Reversing and Exploitation

After a sold-out course last year at Blackhat 2020, we are back with an updated version of our course with additional coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile applications and operating system security. So if you want to learn more about mobile application security, now is your chance.

Topics covered:

 

Part 1: ARM64 and Mobile Browser Security

  • Module 1 - Introduction to ARM64

  • Module 2 - WebKit, WebCore, JavaScriptCore internals and Browser Mitigations 

Part 2 - iOS Exploitation

  • Module 1 - Getting Started with iOS Security

  • Module 2 - iOS exploitation basics

  • Module 3 - Static and Dynamic Analysis of iOS Apps

  • Module 4 - iOS application vulnerabilities

  • Module 5 - Reversing iOS Apps • Introduction to Hopper

  • Module 6 - Securing iOS Apps

Part 3 - Android Exploitation

  • Module 1 - Intro to Android Security

  • Module 2 - Components 

  • Module 3 - Reversing Android apps

  • Module 4 - Static and Dynamic analysis

  • Module 5 - Frida and Automated Exploitation

  • Module 6 -Android Fuzzing and System Security

Session FAQ

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security.

The course covers topics ranging from beginners to advance topics. Basic Linux skills is the only requirement for the course. The iOS kernel exploitation module will require basic exploit development background.

Laptop with:

  • 80+ GB free hard disk space

  • 8+ GB RAM

  • VMware player installed on the machine. Latest version of Android SDK.

  • A Mac machine and jailbroken 64bit iPhone/iPad/iPod running iOS 10+ is necessary for the iOS hands-on modules

  • Download and install the latest version of Xcode.

  • Administrative access on the system

  • External USB access allowed

  • Videos for all the vulnerabilities shared in the class
  • Huge list of good reads and articles for learning mobile application security
  • Source code for vulnerable applications
  • Custom VM for hands-on pentesting

Prateek Gianchandani