Mobile Application Exploitation

COURSE ABSTRACT

Advanced Android and iOS Hands-on Exploitation is a unique training which covers security and exploitation of the two dominant mobile platforms - Android and iOS. This is a three day action packed class, full of hands-on challenges and CTF labs, for both Android and iOS environment.

The entire class will be based on a custom VM which has been prepared exclusively for the training. The training will take the attendees from the ground level upwards to be able to audit any real world applications on the platforms.

Some of the topics that will be covered are

  • Advanced Auditing of iOS and Android Applications
  • Reverse Engineering, Bypassing Obfuscations
  • Debugging Android and iOS applications 
  • Runtime manipulation based attacks
  • Automating security analysis, Exploiting and patching apps
  • Advanced ARM Exploitation
  • API Hooking and a lot more.

The class is designed in a CTF approach where each of the module is followed by a complete hands-on lab, giving the attendees a chance to apply the knowledge and skills learnt during the class in real life scenario.

Students will also be provided with the author signed copy of the book "Learning Pentesting for Android Devices", printed reference materials and handouts to be used during and after the training class, and private scripts written by the trainer for Android and iOS app security analysis.


Topics covered

course outline

Module 1 : Diving into Android

  • Setting up a Mobile Pentest Environment
  • Android Security Architecture
  • Permission Model Flaws
  • Getting familiar with ADB
  • Activity and Package Manager Essentials
  • API level vulnerabilities
  • Rooting for Pentesters Lab
  • Android ART and DVM Insecurities
     

Module 2 : Android App for Security Professionals

  • Security Analysis of AndroidManifest.xml 
  • Reverse Engineering for Android Apps
  • Smali for Android 101
  • Smali Labs for Android
  • Cracking and Patching Android apps
  • Understanding Dalvik 
  • Dex Analysis and Obfuscation
  • Android Application Hooking
  • Using JDB and Andbug
  • Dynamic Dalvik Instrumentation for App Analysis
  • Introspy for Android 
  • Creating custom Hooks


Module 3 : Application Specific Vulnerabilities
 

  • Static Analysis of Android Apps
  • Attack Surfaces for Android applications
  • Exploiting Side Channel Data Leakage
  • Exploiting and identifying vulnerable IPCs
  • Exploiting Backup and Debuggable apps
  • Exploiting Exported Components
  • Webview based vulnerabilities
  • Dynamic Analysis for Android Apps
  • Logging Based Vulnerabilities
  • Insecure Data Storage
  • Network Traffic Interception 
  • Analysing Network based weaknesses
  • Exploiting Secure applications
  • Analysing Proguard, DexGuard and other Obfuscation Techniques
  • OWASP Mobile Top 10
  • Using Drozer for Exploitation
  • Writing custom Modules for Drozer
  • Exploiting Android apps using Frida 
  • Analysing Android apps using Androguard
  • Analysing Native Libraries
  • Security Issues in Hybrid Apps


Module 4 : ARM for Android Exploitation
 

  • Getting familiar with Android ARM
  • ARM Architecture and Calling conventions
  • Debugging with GDB
  • Using IDA for Android
  • Exploiting Overflow based vulnerabilities
  • ROP Labs for Android
  • Use After Free vulns
  • Writing your own reliable exploit
  • Race Condition vulns
  • Hardware Exploitation Techniques
  • Exploit Mitigation and Protections


Module 5 : Getting Started with iOS Pentesting

  • iOS security model
  • App Signing, Sandboxing and Provisioning
  • Setting up XCode
  • Changes in iOS 10
  • Exploring the iOS filesystem 
  • Intro to Objective-C and Swift

Module 6 : Setting up the pentesting environment

  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Getting started with Damn Vulnerable iOS app
  • Binary analysis
  • Finding shared libraries
  • Checking for PIE, ARC
  • Decrypting ipa files 
  • Self signing IPA files

  •  

Module 7 : Static and Dynamic Analysis of iOS Apps

  • Static Analysis of iOS applications
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Finding url schemes
  • Dynamic Analysis of iOS applications
  • Cycript basics
  • Advanced Runtime Manipulation using Cycript
  • Writing patches using Theos
  • Frida for iOS 
  • Method Swizzling
  • GDB basic usage 
  • GDB kung fu with iOS
     

Module 8 : Exploiting iOS Applications

  • Broken Cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning

Module 9 : Reversing iOS Apps

  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching App Binary
  • Logify, Introspy, iNalyzer, Snoopit


Module 10 : Securing iOS Apps

  • Securing iOS applications
  • Where to look for vulnerabilities in code?
  • Code obfuscation techniques
  • Piracy/Jailbreak checks
  • iMAS, Encrypted Core Data

 

All the above mentioned topics are taught with an extremely hands-on lab based practical sessions. 


Additional Information

 

What students will be provided with

  • Attify's Mobile pentesting VM
  • Lab reference material and handouts
  • 400+ slides (PDF Copy)

Who can attend this course

  • Mobile Security Enthusiasts
  • Mobile application developers and Penetration Testers
  • Anyone wanting to start in mobile application security

REQUEST TO CONDUCT mobile app EXPLOITATION AT YOUR ORGANIZATION