DURATION: 2 DAYS
CAPACITY: 12 pax
SEATS AVAILABLE: REGISTRATION CLOSED
USD2299 (early bird)
USD3299 (normal)
Early bird registration rate ends on the 30th of September
Overview
Every day we see a bunch of new mobile applications being published on the Store, from games, to utilities, to IoT devices clients and so forth, almost every single aspect of our life can be somehow controlled with “an app” like taking a cab ride, buying groceries. We have smart houses, smart fitness devices and smart coffee machines … but is it just smart or is it secure as well? 🙂
The Mobile-Sec Exploitation Breakout training will enable attendees to master various android & iOS application penetration testing techniques and exploitation methods.
The training focuses on practical hands-on exercises on several dedicated vulnerable apps, with the basic theory explained prior to the Do-It- Yourself mind-bending exercises, enabling the attendee to test his acquired skills during the training.
This two day fast paced tightly action packed brain-melting revamped custom tailored flag-ship workshop program will include subjects covered from setting up Android & iOS pentest environment, Identifying and exploiting application vulnerabilities in a variety of mobile application architectures, changes in Android & iOS security features, and complementary subjects viz. Hybrid Mobile Application Pentest.
Who Should Attend
Mobile Application Developers
Information Security Professionals
Mobile Application Vulnerability Analyst /Auditors
Mobility, Mobile Security & Operations Team
Pen testers and Security professionals interested to get into Mobile Security
Bug bounty hunters
Key Learning Objectives
Understand the Android, iOS, ecosystem and application architecture
Identify specific threats and risks associated with the Android, iOS platform
Perform a hands-on penetration test and reverse engineering an Android, iOS mobile apps
Attendees will be able to find vulnerabilities in various real world applications for the android, iOS platform.
Attendees would be able to audit an android, iOS mobile application for client engagements.
Preequisite Knowledge
Students could be familiar with below topics but not mandatory
• Common security concepts or common web security issues
• Basic knowledge of the Linux OS and network security basics
Hardware / Software Requirements
Working Personal laptop (no Netbooks, no Tablets, no corporate laptop due to restriction’s enabled) with Windows 7 64 bit in Host machine installed.
Min 250 GB free Hard disk space and 8 GB RAM preferred
Genymotion free version installed (https://www.genymotion.com/#!/ ) https://www.genymotion.com/faq/
Virtual box installed (https://www.virtualbox.org/)
Intel / AMD Hardware Virtualization enabled Operating System Jailbroken iphone/ipad for iOS pentest version 8=> required
Mac OS X El Capitan with xcode 8.2.1 preferred
Laptop with antivirus and firewall disabled.
Attendees must have administrator privilege
Working USB port and Wifi enabled
No VPN installed
Update to the latest display drivers
What not to expect:
To become Mobile Ninja overnight.
Although this training would considerably lead to a next level in Mobile Security, people willing to learn new things and research further is expected to continue exploration in Mobile Security.
What Students will be provided:
Custom Android Tamer VM modified image containing all new off the shelf tools, runtime, target apps, scripts, fuzzing payloads etc.
Vulnerable apps for iOS & android, tools etc Customized Mobile Security Testing Checklist Access to Continuous Learning Environment
Level:
Basic – Intermediate
Agenda
Day 1
Module 1: Android Rudiments
Introduction to Android Security
Android Permission Model and Security Architecture File System Overview
Dalvik vs ART runtimes
Android security features
Module 2: Lab setup and in-depth analysis
Lab Environment setup for android pentest
Setting up android emulator
Android Debug Bridge (ADB) basics
Module 3: Rooted vs non rooted
Common exploits for rooting
Types of mobile apps (Web based, Native, Hybrid)
Module 4: Reverse Engineering of Android Application binaries: (static analysis)
Indepth into APK file format Unpacking APKs
The APK file package
Application Components Activity
Intents
Services
Decoding XML/Resource Files
APK extraction – Investigating layout, android manifest, permissions Parsing Dex files
Extracting the content of the classes.dex file
Reverse engineering obfuscated android apps & native libraries Decompilation to java & smali code
Using smali for in-depth analysis
Finding hard coded secrets like geolocation, passwords in code Detecting red flags in Android Manifest file 101.
In-Depth with Smali Analysis
Modifying Android applications to reveal sensitive info
Module 5 : Insecure data storage
Exploring installed application files at the /data/data directory The file system security model
Insecure file system permissions
Insecure storage of sensitive data in files
Searching Inside the SDcard
SQLite Database storage & data dumping Sensitive data in application shared preferences Storage of sensitive data at the server side Hard coded Secrets in source code
Sensitive data leakage via insecure log exposure Identifying vulnerable Broadcast Receivers Attacking & exploiting Broadcast Receivers Identifying and exploiting vulnerable Intents Attacking & exploiting intents
Identifying and exploiting vulnerable Activity Components Attacking & exploiting Activity Components
Identifying and exploiting vulnerable content providers Attacking & exploiting content providers
Identifying and exploiting vulnerable services Attacking & exploiting vulnerable services Detecting developer backdoors
Module 6: Data interception and manipulation (dynamic analysis) Active+Passive
Importing SSL certificates & trusted CA’s
Intercepting proxy chaining– Zed Attack Proxy and Burp Insecure session management
Authorization
Data Interception for SSL applications
Transmission of sensitive information
Exposing insecure traffic
SSL Pinning Bypass & advanced techniques
Module 7 : Analyzing Runtime Analysis
Attacking android Apps from Inside
Memory dumping and analysis
Analysing logs by parsing logcat and ddms Android Hacking 101
Module 8: Exploiting Logic and Code flaws in applications
Local File Inclusion/Path Traversal flaws SQL Injection in Android Application Labs
Module 9: Automated Assessment with Introspy / & Drozer /Mobile Security Framework, Xposed Framework /
Introduction to Drozer and configuration
Post-exploitation using drozer modules
Introduction to Mobile Security Framework (MobSF) and configuration
Automated security assessment using Mobile Security Framework (MobSF)
Hands-on MobSF Framework
Introduction to Xposed Framework & essential modules Hands-on Xposed Framework
Module 10: Android Malware Analysis & Forensics
Introduction to Android Malware Analysis
Android forensics
Extracting hidden strings, messages, logs, and sensitive information
Module 11: Analyze Hybrid HTML5 Applications
Introduction HTML5 Mobile apps
Common Vulnerabilities in HTML5 Android Applications
Module 12: Automatic Analysis for android code review
Tools for trade
Secure coding android guidelines
Defeating Code obfuscation – bypass techniques
Day 2
Module 14: Pentesting android apps in non –rooted devices
Emulator/VM detection & Root detection 101 & corollary Approach & methodology
Tools of the trade
iOS:
Module 15: iOS Basics Primer – Background
Understanding iOS Architecture iOS Security Features
iOS Application Overview Objective-C vs Swift apps
Swift 4.1 – Wider Aspect
Module 16: iOS Security Model
Code Signing
Sandboxing
Encryption
iOS Simulator vs. Physical iDevice
Module 17: Jailbreaking
What is JailBreaking Cydia
Need for JailBreaking History
Types of JailBreaking Tethered vs Unthered –Semi Common Jailbreak exploits
Security Threats due to JailBreaking
Module 18: Setting up the Environment
Creating a Pentest Lab Environment
Tools of the trade to install
Setting up the iPhone / iPad / Simulator Setting up the Xcode
Module 19: iOS App Analysis – Passive / Static Analysis
IPA (iOS package application) file Architecture Installing apps using itunes
Application Installation Location
Changes in iOS 7/8/9/10
Reverse Engineering iOS Apps
Local Data Storage (SQLite) Plist Storage
Keychain Usage NSUserDefaults Storage
Module 20: Dynamic Analysis/ Data Protection (Transit)
Passive sniffing traffic – inspecting Network traffic
Active sniffing traffic- Proxying traffic interception over HTTP/HTTPS in Simulator and iDevice
Server Communication Public Key Pinning
SSL Pinning
Bypassing SSL Pinning
Module 21: Authentication
Remote Authentication
Module 22: Side Channel Data Leaks
Device Logs Cut-and-Paste Backgrounding Keystroke Logging
Module 23: Injection Flaws
Module 24: Runtime Manipulation
Module 25: Automatic Analysis for Code review
SQL Injection Cross Site Scripting
Tools of the trade
Secure coding guidelines for iOS application iMas
iOS Malwares & forensics
Introduction to iOS malwares & forensics
Module 26: Pentesting using non-jailbreak approach
Jailbreak/piracy detection techniques Common challenges
Tools of trade
Approach & methodology
CTF Time:
Vulnerable application would be given to audit and report findings