Mobile App Attack 2.0 (closed)

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration)

 Mobile Apps are the most preferred way of delivering attacks today. Understanding the finer details of Mobile App attacks is soon becoming an essential skill for penetration testers as well as for app developers & testers. So, if you are an Android or an iOS User, a developer, a security analyst, a mobile pen-tester or just a mobile security enthusiast then 'Mobile App Attack' is of definite interest to you. The training familiarizes attendees with in-depth technical explanations of some of the most notorious mobile (Android and iOS) based vulnerabilities, ways to verify and exploit them, along with the various Android, iOS application analysis techniques, inbuilt security schemes and teachings how to bypass those security models on both platforms. The labs are equipped with intentionally crafted real-world vulnerable Android and iOS apps by the author and enables participants to learn the art of finding and exploiting flaws in mobile applications. The platforms used for the trainings will be iOS 11 and Android 8. Course Content: Android Exploitation - Introduction to ARM CPU - Architecture, Registers and Modes of Operations - ARM Assembly - Debugging - Stack Overflow in ARM - Writing your first shellcode ARM Exploitation - Introduction to ARM CPU - Architecture, Registers and Modes of Operations - ARM Assembly - Debugging - Stack Overflow in ARM - Writing your first shellcode iOS Exploitation - Getting started with iOS - iOS Security Basics - Setting up the Lab - Reverse Engineering iOS Applications - Static Analysis and Dynamic Analysis of iOS Apps - Jailbreak Detection and Bypass - Identifying and Exploiting Flaws in iOS Apps - Findings security flaws in real world iOS Apps Hands on CTF Challenge! What Students will be provided with: • Training Material / Slide Decks • Mobile Application Hacking Lab Manual • DIVA iOS Vulnerable iOS Application • DIVA Android Vulnerable Android Application • VM Who should take this course? Penetration testers/security professionals, mobile developers, anyone interested to learn mobile application security. What should students bring? * A jailbroken iPhone/iPad/iPod for iOS testing is must for hands-on. * Laptop with 20+ GB free hard disk space 4+ GB RAM * Windows 7/8 , Ubuntu 12.x + (64 bit Operating System), MacOSX (Maverick or later) * Android SDK , Genymotion installed. * Intel / AMD Hardware Virtualization enabled Operating System * Administrative access on your laptop with external USB allowed What will be provided? Slides (PDF), Lab manuals, practice apps, VM for pen testing mobile apps

Presenters:

• Sneha Rajguru - Sneha Rajguru
  Sneha works as a Security Consultant with Payatu Software Labs LLP. Her areas of interest lie in web application and mobile application security and fuzzing. She has discovered various application flaws within open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided training at GNUnify, FUDCon, DefCamp, DefCon, BSides- LV, Nullcon, AppSec USA, DeepSec and BSidesVienna. Sneha is also the chapter lead for null - Pune. Twitter: @sneharajguru.

Links:

• https://deepsec.net/archive/2018.deepsec.net/speaker.html#WSLOT379

Similar Presentations:

• AppSec USA 2015 / Training (2 days): Advanced Android and iOS Hands-on Exploitation
• DeepSec 2017 „Science First!“ / Mobile App Attack
• DeepSec 2020 „The Masquerade“ / Mobile Security Testing Guide Hands-On (closed)