Hours - Mobile Vulnerability... · Dynamic analysis - Monitoring processes - Monitoring files -...
Transcript of Hours - Mobile Vulnerability... · Dynamic analysis - Monitoring processes - Monitoring files -...
Index: RT801
Mobile Vulnerability Research & Exploit Development
40Hours
Mobile Vulnerability Research and Exploit Development
DescriptionThe course provides a comprehensive and progressive approach to understanding advanced vulnerability and exploitation topics. Attendees will be immersed in hands-on exercises that impart valuable skills in researching vulnerabilities on Android and iOS mobile platforms and applications.The training is designed to turn the students into high-level security experts, and to fully prepare them for working as vulnerability researchers. The course includes immersive hands-on exercises, via virtual labs, where participants will practice what they have studied during each day.
Objectives
Target Audience
Prerequisites
Discovering different levels of vulnerabilities on mobile platforms.Learning to exploit advanced vulnerabilities on both Android and iOS applications.Staying on top of the “vulnerability landscape” and being up-to-date on current attacks or potential threats to prepare counter-measures where possible.
The course targets participants with advanced knowl-edge and substantial on-field experience in the cyber security world. Primarily:
Good knowledge and practical experience in penetration testing, including on Android and iOS platforms.Good familiarity and experience with programming languages. Background in Assembly.RT800 is a pre-requisite training-plan for taking this course.
Note:This course is a direct follow-up on RT800 –Vulnerability Research and Exploit Development.
Cyber security technical expertsExperienced penetration testers Junior vulnerability researcher
Android iOS
Overview - The Dalvik VM - Java - Smali - Linux OS security - The permissions model - Android security - Database isolation - The emulator - Debug bridge - Rooting - OWASP Top 10 MobileStatic analysis - APK - Special files - Smali disassembling - DEX decompilation - Code patchingDynamic analysis - Monitoring processes - Monitoring files - Analyzing logs - Memory dumps and analysis - Smali debuggingTraffic analysis - Importing SSL certificates & trusted CA’s - Bypassing SSL pinningCode analysis - Component types - Intents structure and filters - Component callers authentication - Binder interface - Pending intents - Sticky broadcasts - Unprotected content providers - Restricted screens access - Locating interesting code
Overview - Device architecture - Security model - File system isolation - Application sandbox - Objective-C - OWASP Top 10 MobilePreparations - Pen-testing environment - Lab setup overview - Device setup - Jailbreaking - Cydia installations - Laptop installationStatic analysis - IPA - Special files - Tampering - Investigating with view controllers - Binaries - AutomationStorage analysis - Filesystem access - Application storages - Plists - Tampering - DB files - Snapshots - Cookies - Logs - Cache - The keychainDynamic analysis - Class interposing - Cycript - Header and class dumps - Reversing iOS binaries - Remote debuggingTraffic analysis - Importing SSL certificates & trusted CA’s - Bypassing SSL pinning
01 02
20Hours
20Hours
During this module, students will learn advanced types of Android vulnerabilities and ways to exploit them, in order to take over Android applications. The most complex and interesting attack-scenarios will be discussed, providing the students with means to find critical vulnerabilities in any Android application. By the end of this stage, students will have comprehensive understanding of the Android platform, and its risks and vulnerabilities.
In the following module, students will learn advanced types of iOS vulnerabilities and ways to exploit them, in order to take over Android applications. The most complex and interesting attacks and scenarios will be discussed, providing the students with means to find critical vulnerabilities in any iOS application. This module provides comprehensive understanding of the iOS platform and its unique risks and vulnerabilities.