PRACTICAL MOBILE APPLICATION EXPLOITATION


Trainers: Dinesh Shetty & Prateek Gianchandani

                              Abstract :

                              Ever wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job. This course is designed to introduce beginners as well as advanced security enthusiasts to the world of mobile security using a fast-paced learning approach through intensive hands-on labs. We are bringing an updated version of the course with the latest tools & techniques. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2,


                              InsecurePass and a wide range of real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems. Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to the students for practice after the class. Students will be provided access to Slack channel where the trainers will help prep them for the class, and the students can retain access to it for the foreseeable future.


                              After the training the attendees will:

                              • Be able to Reverse engineer iOS and Android binaries (Apps and system binaries)

                              • Have understanding of the various bug categories on Android and iOS systems

                              • Be able to audit iOS and Android apps for security vulnerabilities

                              • Understand and bypass anti-debugging and obfuscation techniques

                              • Get a detailed walkthrough on using IDA Pro, Hopper, Frida, etc.


                              Course Syllabus/Outline:

                              Part 0 - Intro to Mobile Security

                              • Introduction to Labs

                              • Native IDEs - Xcode and Android Studio

                              • Mobile Development Frameworks - React Native, Flutter, Swiftic, Xamarin


                              Part 1 - iOS Exploitation:

                              Module 1: iOS Exploitation

                              • Getting Started with iOS Pentesting

                              • iOS security model

                              • App Signing, Sandboxing and Provisioning

                              • Setting up XCode

                              • Changes in iOS 14

                              • Primer to iOS 14 security

                              • Exploring the iOS filesystem

                              • Intro to Objective-C and Swift

                              • What's new in Swift 5.1 ?

                              • Setting up the pentesting environment

                              • Jailbreaking your device

                              • Introduction to Corellium

                              • Cydia, Mobile Substrate

                              • Getting started with Damn Vulnerable iOS app

                              • Binary analysis 

                              • Finding shared libraries

                              • Checking for PIE, ARC

                              • Decrypting ipa files

                              • Self signing IPA files

                              Module 2: Static and Dynamic Analysis of iOS Apps

                              • Static Analysis of iOS applications

                              • Dumping class information

                              • Insecure local data storage

                              • Finding Secrets in Code

                              • Lint Testing

                              • Dumping Keychain

                              • Dynamic Analysis of iOS applications

                              • Basic App Exploitation techniques using Frida

                              • Advance App Exploitation techniques using Frida

                              • Testing React Native and Flutter Apps

                              • Bypassing Sandbox restrictions and dumping data using iOS vulns.


                              Module 3: iOS application vulnerabilities

                              • Exploiting iOS applications

                              • Broken Cryptography

                              • Side channel data leakage

                              • Sensitive information disclosure

                              • Client side injection

                              • Bypassing jailbreak, piracy checks

                              • Inspecting Network traffic

                              • Traffic interception over HTTP, HTTPs

                              • Manipulating network traffic

                              • Bypassing SSL pinning


                              Module 4 : Reversing iOS Apps

                              • Introduction to Hopper

                              • Disassembling methods

                              • Modifying assembly instructions

                              • Patching App Binary


                              Part 2 - Android Exploitation :

                              Module 1: iOS Exploitation

                              • Why Android

                              • Intro to Android

                              • Android Security Architecture

                              • Android application structure

                              • Signing Android applications

                              • ADB – Non Root

                              • Rooting Android devices

                              • ADB – Rooted

                              • Understanding Android file system

                              • Permission Model Flaws

                              • Attack Surfaces for Android applications


                              Module 2:

                              • Understanding Android Components

                              • Introducing Android Emulator

                              • Introducing Android AVD


                              Module 3:

                              • Proxying Android Traffic

                              • Reverse Engineering for Android Apps

                              • Smali Learning Labs

                              • Smali vs Java

                              • Dex Analysis and Obfuscation

                              • Android App Hooking

                              • Running Lint Testing

                              • Finding Secrets in Code


                              Module 4:
                              • Exploiting Local Storage

                              • Exploiting Network Communication

                              • Exploiting Certificate Pinning using manual and automated techniques

                              • Exploiting Weak Cryptography

                              • Exploiting Side Channel Data Leakage

                              • Manual and Automated Root Detection and Bypass

                              • Identifying and Exploiting flawed Broadcast Receivers

                              • Identifying and Exploiting flawed Intents

                              • Identifying and Exploiting Vulnerable Activity Components

                              • Analysing and bypassing Proguard, DexGuard and other Obfuscation Techniques

                              • Remote Code Execution on Android Applications

                              • 1 Click Remote Exploit for Android Applications

                              • Exploiting Android NDK


                              Module 5:

                              • App Exploitation using Automated Tools

                              • Basic App Exploitation techniques using Frida

                              • Advance App Exploitation techniques using Frida



                              Inglés

                              2 días
                              (horario: por confirmar)

                              Del 31 de octubre al 1° de noviembre 2022

                              ONSITE 
                              BUENOS AIRES

                              Costo:

                              USD  1.500 

                              ARS  436.500  

                              Reservá tu lugar  

                              CONSULTAS

                              Para realizar consultas sobre el training o alguno de sus beneficios, escribir a:capacitacion@ekoparty.org


                              Trainers: 

                              Dinesh Shetty  


                              Dinesh Shetty leads the Mobile Security Testing Center of Excellence at Security Innovation. His core area of expertise is Mobile and Embedded application pentesting and exploitation. He has spoken at conferences like Black Hat, Bsides, Def Con, BruCon, AppsecUSA, AppsecEU, HackFest and many more

                              He maintains an open source intentionally vulnerable Android application named InsecureBankv2 for use by developers and security enthusiasts. He has also authored the guide to Mitigating Risk in loT systems that covers techniques on security loT devices and Hacking iOS Applications that covers all of the known techniques of exploiting iOS applications. 


                              Prateek Gianchandani  

                               

                              Prateek Gianchandani is currently working as a Security Researcher at Dark Matter. He has more than 7 years of experience in security research and penetration testing. His core focus area is mobile exploitation,reversing engineering and embedded device secuirty. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, Blackhat USA, Brucon, Hack in paris, Phdays, Appsec USA etc. In his free time, he blogs at highaltitudehacks.com