Presented at
DeepSec 2018 „I like to mov &6974,%bx“,
Unknown date/time
(Unknown duration).
Mobile Apps are the most preferred way of delivering attacks today. Understanding the finer details of Mobile App attacks is soon becoming an essential skill for penetration testers as well as for app developers & testers. So, if you are an Android or an iOS User, a developer, a security analyst, a mobile pen-tester or just a mobile security enthusiast then 'Mobile App Attack' is of definite interest to you. The training familiarizes attendees with in-depth technical explanations of some of the most notorious mobile (Android and iOS) based vulnerabilities, ways to verify and exploit them, along with the various Android, iOS application analysis techniques, inbuilt security schemes and teachings how to bypass those security models on both platforms.
The labs are equipped with intentionally crafted real-world vulnerable Android and iOS apps by the author and enables participants to learn the art of finding and exploiting flaws in mobile applications.
The platforms used for the trainings will be iOS 11 and Android 8.
Course Content:
Android Exploitation
- Introduction to ARM CPU
- Architecture, Registers and Modes of Operations
- ARM Assembly
- Debugging
- Stack Overflow in ARM
- Writing your first shellcode
ARM Exploitation
- Introduction to ARM CPU
- Architecture, Registers and Modes of Operations
- ARM Assembly
- Debugging
- Stack Overflow in ARM
- Writing your first shellcode
iOS Exploitation
- Getting started with iOS
- iOS Security Basics
- Setting up the Lab
- Reverse Engineering iOS Applications
- Static Analysis and Dynamic Analysis of iOS Apps
- Jailbreak Detection and Bypass
- Identifying and Exploiting Flaws in iOS Apps
- Findings security flaws in real world iOS Apps
Hands on CTF Challenge!
What Students will be provided with:
• Training Material / Slide Decks
• Mobile Application Hacking Lab Manual
• DIVA iOS Vulnerable iOS Application
• DIVA Android Vulnerable Android Application
• VM
Who should take this course?
Penetration testers/security professionals, mobile developers, anyone interested to learn mobile application security.
What should students bring?
* A jailbroken iPhone/iPad/iPod for iOS testing is must for hands-on.
* Laptop with 20+ GB free hard disk space 4+ GB RAM
* Windows 7/8 , Ubuntu 12.x + (64 bit Operating System), MacOSX (Maverick or later)
* Android SDK , Genymotion installed.
* Intel / AMD Hardware Virtualization enabled Operating System
* Administrative access on your laptop with external USB allowed
What will be provided?
Slides (PDF), Lab manuals, practice apps, VM for pen testing mobile apps
Presenters:
-
Sneha Rajguru
- Sneha Rajguru
Sneha works as a Security Consultant with Payatu Software Labs LLP. Her areas of interest lie in web application and mobile application security and fuzzing. She has discovered various application flaws within open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided training at GNUnify, FUDCon, DefCamp, DefCon, BSides- LV, Nullcon, AppSec USA, DeepSec and BSidesVienna. Sneha is also the chapter lead for null - Pune. Twitter: @sneharajguru.
Links:
Similar Presentations: