Index: RT801

Mobile Vulnerability Research & Exploit Development

40Hours

Mobile Vulnerability Research and Exploit Development

DescriptionThe course provides a comprehensive and progressive approach to understanding advanced vulnerability and exploitation topics. Attendees will be immersed in hands-on exercises that impart valuable skills in researching vulnerabilities on Android and iOS mobile platforms and applications.The training is designed to turn the students into high-level security experts, and to fully prepare them for working as vulnerability researchers. The course includes immersive hands-on exercises, via virtual labs, where participants will practice what they have studied during each day.

Objectives

Target Audience

Prerequisites

Discovering different levels of vulnerabilities on mobile platforms.Learning to exploit advanced vulnerabilities on both Android and iOS applications.Staying on top of the “vulnerability landscape” and being up-to-date on current attacks or potential threats to prepare counter-measures where possible.

The course targets participants with advanced knowl-edge and substantial on-field experience in the cyber security world. Primarily:

Good knowledge and practical experience in penetration testing, including on Android and iOS platforms.Good familiarity and experience with programming languages. Background in Assembly.RT800 is a pre-requisite training-plan for taking this course.

Note:This course is a direct follow-up on RT800 –Vulnerability Research and Exploit Development.

Cyber security technical expertsExperienced penetration testers Junior vulnerability researcher

Android iOS

Overview - The Dalvik VM - Java - Smali - Linux OS security - The permissions model - Android security - Database isolation - The emulator - Debug bridge - Rooting - OWASP Top 10 MobileStatic analysis - APK - Special files - Smali disassembling - DEX decompilation - Code patchingDynamic analysis - Monitoring processes - Monitoring files - Analyzing logs - Memory dumps and analysis - Smali debuggingTraffic analysis - Importing SSL certificates & trusted CA’s - Bypassing SSL pinningCode analysis - Component types - Intents structure and filters - Component callers authentication - Binder interface - Pending intents - Sticky broadcasts - Unprotected content providers - Restricted screens access - Locating interesting code

Overview - Device architecture - Security model - File system isolation - Application sandbox - Objective-C - OWASP Top 10 MobilePreparations - Pen-testing environment - Lab setup overview - Device setup - Jailbreaking - Cydia installations - Laptop installationStatic analysis - IPA - Special files - Tampering - Investigating with view controllers - Binaries - AutomationStorage analysis - Filesystem access - Application storages - Plists - Tampering - DB files - Snapshots - Cookies - Logs - Cache - The keychainDynamic analysis - Class interposing - Cycript - Header and class dumps - Reversing iOS binaries - Remote debuggingTraffic analysis - Importing SSL certificates & trusted CA’s - Bypassing SSL pinning

01 02

20Hours

20Hours

During this module, students will learn advanced types of Android vulnerabilities and ways to exploit them, in order to take over Android applications. The most complex and interesting attack-scenarios will be discussed, providing the students with means to find critical vulnerabilities in any Android application. By the end of this stage, students will have comprehensive understanding of the Android platform, and its risks and vulnerabilities.

In the following module, students will learn advanced types of iOS vulnerabilities and ways to exploit them, in order to take over Android applications. The most complex and interesting attacks and scenarios will be discussed, providing the students with means to find critical vulnerabilities in any iOS application. This module provides comprehensive understanding of the iOS platform and its unique risks and vulnerabilities.