PRACTICAL MOBILE APPLICATION EXPLOITATION

Trainer: Prateek Gianchandani & 8ksec

Abstract :

Ever wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job. This course is designed to introduce beginners as well as advanced security enthusiasts to the world of mobile security using a fast-paced learning approach through intensive hands-on labs. We are bringing an updated version of the course with the latest tools & techniques. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2,

InsecurePass and a wide range of real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems. Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to the students for practice after the class. Students will be provided access to Slack channel where the trainers will help prep them for the class, and the students can retain access to it for the foreseeable future.

After the training the attendees will:

Be able to Reverse engineer iOS and Android binaries (Apps and system binaries)
Have understanding of the various bug categories on Android and iOS systems
Be able to audit iOS and Android apps for security vulnerabilities
Understand and bypass anti-debugging and obfuscation techniques
Get a detailed walkthrough on using IDA Pro, Hopper, Frida, etc.

Course Syllabus/Outline:

Part 0 - Intro to Mobile Security

Introduction to Labs
Native IDEs - Xcode and Android Studio
Mobile Development Frameworks - React Native, Flutter, Swiftic, Xamarin

Part 1 - iOS Exploitation:

Module 1: iOS Exploitation

Getting Started with iOS Pentesting
iOS security model
App Signing, Sandboxing and Provisioning
Setting up XCode
Changes in iOS 14
Primer to iOS 14 security
Exploring the iOS filesystem
Intro to Objective-C and Swift
What's new in Swift 5.1 ?
Setting up the pentesting environment
Jailbreaking your device
Introduction to Corellium
Cydia, Mobile Substrate
Getting started with Damn Vulnerable iOS app
Binary analysis
Finding shared libraries
Checking for PIE, ARC
Decrypting ipa files
Self signing IPA files

Module 2: Static and Dynamic Analysis of iOS Apps

Static Analysis of iOS applications
Dumping class information
Insecure local data storage
Finding Secrets in Code
Lint Testing
Dumping Keychain
Dynamic Analysis of iOS applications
Basic App Exploitation techniques using Frida
Advance App Exploitation techniques using Frida
Testing React Native and Flutter Apps
Bypassing Sandbox restrictions and dumping data using iOS vulns.

Module 3: iOS application vulnerabilities

Exploiting iOS applications
Broken Cryptography
Side channel data leakage
Sensitive information disclosure
Client side injection
Bypassing jailbreak, piracy checks
Inspecting Network traffic
Traffic interception over HTTP, HTTPs
Manipulating network traffic
Bypassing SSL pinning

Module 4 : Reversing iOS Apps

Introduction to Hopper
Disassembling methods
Modifying assembly instructions
Patching App Binary

Part 2 - Android Exploitation :

Module 1: iOS Exploitation

Why Android
Intro to Android
Android Security Architecture
Android application structure
Signing Android applications
ADB – Non Root
Rooting Android devices
ADB – Rooted
Understanding Android file system
Permission Model Flaws
Attack Surfaces for Android applications

Module 2:

Understanding Android Components
Introducing Android Emulator
Introducing Android AVD

Module 3:

Proxying Android Traffic
Reverse Engineering for Android Apps
Smali Learning Labs
Smali vs Java
Dex Analysis and Obfuscation
Android App Hooking
Running Lint Testing
Finding Secrets in Code

Module 4:

Exploiting Local Storage
Exploiting Network Communication
Exploiting Certificate Pinning using manual and automated techniques
Exploiting Weak Cryptography
Exploiting Side Channel Data Leakage
Manual and Automated Root Detection and Bypass
Identifying and Exploiting flawed Broadcast Receivers
Identifying and Exploiting flawed Intents
Identifying and Exploiting Vulnerable Activity Components
Analysing and bypassing Proguard, DexGuard and other Obfuscation Techniques
Remote Code Execution on Android Applications
1 Click Remote Exploit for Android Applications
Exploiting Android NDK

Module 5:

App Exploitation using Automated Tools
Basic App Exploitation techniques using Frida
Advance App Exploitation techniques using Frida

Reservá tu lugar

Inglés

2 días
(horario: por confirmar)

Del 31 de octubre al 1° de noviembre 2022

ONSITE
BUENOS AIRES

Costo:

USD 1.500

Reservá tu lugar

CONSULTAS

Para realizar consultas sobre el training o alguno de sus beneficios, escribir a:capacitacion@ekoparty.org

Trainer:

Prateek Gianchandani

Prateek Gianchandani is currently working as Head of Product Security at Careem - An Uber Company. He has more than 10 years of experience in security research and penetration testing. His core focus area is mobile exploitation, reverse engineering and embedded device security. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, POC, TyphoonCon, Blackhat USA, Brucon, Hack in Paris, Phdays, Appsec USA, etc. In his free time, he blogs at Prateek´s Blog.

8ksec
8ksec is a cyber security research firm that provides high-quiality training and consulting services to help clients improve their security posture. Our team has experience providing consulting and specialized cybersecurity training to several commercial and defense agencies across the US, EU, and the MENA region.