Syllabus_MASPT

14
MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to eMAPT certification Most practical and up-to-date course on Mobile Application Security and Penetration testing Covers Mobile OSs Security Mechanisms and Implementations Exposes Android and iOS vulnerabilities in-depth For Penetration testers, Forensers and Mobile app developers The most practical and comprehensive training course on Mobile Security and Penetration Test eLearnSecurity has been chosen by students in 120 countries in the world and by leading organizations such as:

description

Syllabus of MASPT course

Transcript of Syllabus_MASPT

MASPT at a glance:

10 highly practical modules

4 hours of video material

1200+ interactive slides

20 Applications to practice with

Leads to eMAPT certification

Most practical and up-to-date

course on Mobile Application

Security and Penetration testing

Covers Mobile OSs Security

Mechanisms and Implementations

Exposes Android and iOS

vulnerabilities in-depth

For Penetration testers, Forensers

and Mobile app developers

The most practical and comprehensive training

course on Mobile Security and Penetration Test

A bridge to the gap between

Web application attack and

defense. Web application attack and defense

are related

eLearnSecurity has been chosen by

students in 120 countries in the

world and by leading organizations

such as:

2

Mobile Application Security and Penetration Testing (MASPT) is the online

training course on Mobile Application Security that gives penetration testers and

IT Security professionals the practical skills necessary to understand technical

threats and attack vectors targeting Mobile devices.

The course will walk you through the process of identifying security issues on

Android and iOS Applications, using a wide variety of techniques including

Reverse Engineering, Static/Dynamic/Runtime and Network analysis.

The student will learn how to code simple iOS and Android applications step by

step. These will be necessary to fully understand mobile application security and

to build real world POC’s and exploits.

Moreover, a number of vulnerable mobile applications, included in the training

course, will give the student the chance to practice and learn things by actually

doing them: from decrypting and disassembling applications, to writing fully

working exploits and malicious applications.

The MASPT training course benefits the career of Penetration Testers and IT

security personnel in charge of defending their organization applications and

data. We also believe this course will be interesting and entertaining for

developers who want to know more about security mechanisms and features

implemented in mobile OSs such as Android and iOS.

Although the course uses and explains several snippets of iOS and Android

Applications source codes, strong programming skills are not required. Basic

mobile application development skills are provided within the training course.

NOTE: In order to go through some of the techniques explained in the iOS

related modules, physical devices such as iPod, iPhone, iPad might be

necessary. Unlike iOS, the Android related modules do not require the

possession of an Android device: Android SDK provides all the necessary tools

for both Windows and *Nix systems.

3

This course is probably not for you if you are looking for something that:

Teaches you how to jailbreak or root iOS/Android Devices

Will give you a certification without any effort

You can memorize to pass a multiple-choice test

Will not make you think

eLearnSecurity courses are very interactive and addictive. During this training

course you will have to deal with several guided challenges, so knowledge and

fun is guaranteed. Just don't expect the outdated way of learning by reading

pages and pages of theoretical methodologies.

NO BORING THEORIES ABOUT THE UNIVERSE

This course is practical and entertaining. We show you how attacks work in

practice. With real examples and labs that reflect real-world application

vulnerabilities.

Or will I only find out during the exam if I actually learned something?

The answer to these questions is very simple. Your achievements will tell. During

the study of the training course you will find several labs to practice with. You

will solve these together with us, while we explain you all the necessary

concepts. Then you are free to practice as long as you want to on these

experiments. If you can solve a challenge, you know that you learned and

understood the concepts behind it properly.

4

Yes. The final exam consists of a hands-on challenge in which the student has to

prove the skills acquired during the training course.

The student will be provided with a real world scenario of two Android

applications to analyze and pentest.

The final deliverable will be a working and reproducible proof of concept that

will be reviewed by the training course instructor.

Once you pass the final exam, you will be awarded with the

eMAPT "eLearnSecurity Mobile Application Penetration Tester" certification.

You can print your shiny new certificate directly or have it shipped to you

internationally.

5

The student is provided with a suggested learning path to ensure the maximum

success rate and the minimum effort.

- Module 1: Mobile Devices Overview

- Module 2: Mobile OS Architectures & Security Models

- Module 3: Android: Setting up a test environment

- Module 4: iOS: Setting up a test environment

- Module 5: Android: Reverse Engineering & Static Analysis

- Module 6: iOS: Reverse Engineering & Static Analysis

- Module 7: Android: Dynamic/Runtime Analysis

- Module 8: iOS: Dynamic/Runtime Analysis

- Module 9: Android: Network Analysis

- Module 10: iOS: Network Analysis

6

In this module we will see which the most used mobile platforms are and why mobile security is so critical nowadays. We will enumerate the most important mobile threats and provide a taxonomy useful to fully understand the rest of the training course.

1.1. Mobile Platforms

1.1.1. Android 1.1.2. iOS

1.2. Why Mobile Security 1.3. Taxonomy of Security Threats

1.3.1. OWASP Top 10 Mobile Risks 1.3.2. Physical Security 1.3.3. Poor Keyboards 1.3.4. User Profiles 1.3.5. Web Browsing 1.3.6. Malwares

1.3.6.1. Malware History 1.3.6.2. Malware Spreading

1.3.7. Patching and Updating

7

The second module covers in great details all the security features and mechanisms implemented in the two most important mobile Operating Systems: Android and iOS.

2.1. Android

2.1.1. Android Architecture 2.1.2. Android Security Models

2.1.2.1. Privilege Separation and Sandboxing

2.1.2.2. File System Isolation 2.1.2.3. Storage and Database Isolation 2.1.2.4. Application Signing 2.1.2.5. Permission Model 2.1.2.6. Memory Management Security

Enhancement 2.1.2.7. Components 2.1.2.8. Google Bouncer

2.1.3. Rooting Devices 2.2. iOS

2.2.1. iOS Architecture 2.2.2. iOS Security Models

2.2.2.1. Privilege Separation 2.2.2.2. Sandbox 2.2.2.3. Code Signing 2.2.2.4. Keychain and Encryption 2.2.2.5. DEP/ASLR 2.2.2.6. Reduced OS 2.2.2.7. Security iOS Overview

2.2.3. Jailbreaking Devices

8

In this module the student will learn how to create and configure the local environment for the Android SDK and all the Android related tools. An in-depth coverage of how to create and interact with Android Emulated and Actual Devices will help the student build strong foundations necessary to understand attacks and techniques covered in the following modules.

3.1. Android SDK

3.1.1. Windows OS 3.1.2. Linux OS

3.2. Eclipse IDE 3.3. AVD and Actual Devices

3.3.1. Start AVD 3.3.2. Edit Virtual Devices Definitions 3.3.3. Create New Virtual Device 3.3.4. Run and Interact with Virtual

Devices 3.3.5. Improve Virtual Devices

Performance 3.3.6. Connect Actual Devices via USB

3.4. Interact with the Devices 3.4.1. Android Debug Bridge

3.4.1.1. List Devices 3.4.1.2. Gather Devices Information 3.4.1.3. ADB Shell 3.4.1.4. Browse the Device 3.4.1.5. Read Databases 3.4.1.6. Move Files from/to the

Device 3.4.1.7. Sqlite3 3.4.1.8. DDMS File Explorer 3.4.1.9. Mount Device Disk 3.4.1.10. Install / Uninstall

Application with gdb 3.4.2. Install and Run Custom Application 3.4.3. BusyBox 3.4.4. SSH 3.4.5. VNC

Video and practical sessions included in this module

9

This module focuses on how to configure the Mac OS environment to work with simulated and iDevices. The student will learn how to interact with the device, write iOS applications, install and run them on emulated and actual devices as well as use tools to access and inspect data and files stored on the device.

4.1. iOS SDK

4.1.1. Xcode IDE 4.1.2. iOS Simulator 4.1.3. Writing an iOS App

4.2. iOS Simulator and Xcode Limitations 4.3. File System and Device Interaction

4.3.1. Directory Structure 4.3.2. Plist Files 4.3.3. Databases 4.3.4. Logs and Cache Files 4.3.5. Browse Application Files and Folders

4.3.5.1. Plist 4.3.5.2. Databases 4.3.5.3. Library and Caches 4.3.5.4. Cookies.bynaricookies

4.3.6. Extract Files from Devices 4.3.7. Snapshots 4.3.8. Export Installed Apps 4.3.9. Install Applications 4.3.10. SSH Access 4.3.11. Xcode Organizer

4.4. Backups 4.5. Interact with Jailbroken Devices

4.5.1. SSH Access 4.5.1.1. Windows OS 4.5.1.2. Mac/Linux OS 4.5.1.3. SSH via cable (USB) 4.5.1.4. BigBoss Recommended Tools

4.5.2. SFTP (FTP via SSH) 4.5.3. Explorer Software 4.5.4. VNC 4.5.5. Run Apps without Developer

Account 4.5.5.1. Don’t code sign 4.5.5.2. Self-Signed Certificate 4.5.5.3. Create and Run Custom Apps 4.5.5.4. From .app to .ipa

4.5.6. Edit Existing Application Files 4.5.7. Keychain Dumper

Video and practical sessions included in this module

10

In the beginning, the student will learn how Android applications are built and packaged in order to effectively reverse engineer them. Moreover the student will be exposed to techniques and tools used for binary decompiling, reading the application source code and gathering hardcoded information.

5.1. Decompiling and Disassembling .apk files 5.2. Smali 5.3. Decompile .apk to .jar files 5.4. From .jar to Source Code 5.5. Decompiling/Disassembling Overview 5.6. LABS

5.6.1. Locating Secrets 5.6.2. Bypassing Security Controls

5.7. Patching Binaries

Video and practical sessions included in this module

During this module the student will go through the process of decompiling iOS applications. Several tools will be used to access and inspect information contained in the applications binaries.

6.1. .ipa and .App files 6.2. Plist 6.3. Decompiling iOS Apps: Otools 6.4. Decompiling iOS Apps: class-dump 6.5. Decompiling iOS Apps: IDA 6.6. LAB

6.6.1. Locating Information 6.7. Patching iOS Apps – Simulator

Video and practical sessions included in this module

11

During this module the student will learn how to access runtime information on Android devices. Memory analysis techniques will be covered through the use of different tools for different purposes. The student will learn how to subvert the normal execution flow of an application to access restricted information, data and areas. At the end of this highly practical module, the student will be able to bypass security controls and write exploit applications targeting implementations of Android IPC mechanisms.

7.1. Debugging 7.2. LogCat 7.3. DDMS 7.4. Memory Analysis

7.4.1. DDMS 7.4.2. HPROF 7.4.3. Strings 7.4.4. Inspect HPROF Dump 7.4.5. MAT

7.5. IPC Mechanisms and App Components 7.5.1. Intents 7.5.2. Android Tools

7.5.2.1. Monkey 7.5.2.2. Activity Manager 7.5.2.3. LAB: Bypass Security Checks

7.5.3. Content Providers 7.5.3.1. Example #1 7.5.3.2. Example #2 7.5.3.3. Example #3 7.5.3.4. Query a Content Provider 7.5.3.5. Find the Correct URI

7.5.3.5.1. LAB: Content Providers Leakage

7.5.3.6. SQL Injection 7.5.3.6.1. LAB: SQL injection

7.5.3.7. Directory Traversal 7.5.4. SharedUID

Video and practical sessions included in this module

12

During this module the student will become familiar with the most important tools and techniques for dynamic analysis and runtime manipulations on iDevice. The aim of this module is to teach the student how applications can be decrypted at runtime as well as how they can be manipulated in order to force the application to run or display restricted areas. The student will be guided step by step through the exploitation process of real world iOS applications, provided within the module. By using advanced debugging techniques and tools, the student will learn how to bypass security controls implemented within the target application.

8.1. Manually Decrypt Applications Binaries

8.1.1. GDB 8.1.2. Ldid 8.1.3. Identify ASLR/PIE 8.1.4. Calculating Area to Dump 8.1.5. Attach GDB and Dump the Area 8.1.6. Mere the Dump 8.1.7. Edit cryptid values

8.1.7.1. MachOView 8.1.8. Debug/Run the App

8.2. Decrypt Applications Binaries: Clutch 8.3. Runtime Manipulation

8.3.1. Cycript 8.3.1.1. Install Cycript 8.3.1.2. Attach Cycript to a Process 8.3.1.3. Interact with Cycript 8.3.1.4. Pop up an Alert at runtime 8.3.1.5. Bypass the Lock Screen 8.3.1.6. Attack Custom Apps: LogMeIn 8.3.1.7. Attack Custom Apps: LogMeIn2

8.4. GDB 8.4.1. Objc_msgSend 8.4.2. ARMv6 Processor Registers 8.4.3. Runtime Analysis with GDB 8.4.4. Attack Applications with GDB

Video and practical sessions included in this module

13

This module focuses on specific configurations that allow a user to intercept and sniff all the Android device communications. The student will learn how to analyze and manipulate the traffic that goes through the Android device.

9.1. Traffic Sniffing 9.2. Proxying Emulators and Actual Devices 9.3. Intercept Application and SSL Traffic

9.3.1. Intercept with Rooted Device and ProxyDroid

9.4. Traffic Manipulation

Video and practical sessions included in this module

This module focuses on specific configurations that allow a user to intercept and sniff all the iOS device communications. The student will learn how to analyze and manipulate the traffic that goes through the iOS device.

10.1. Traffic Sniffing 10.2. Proxying Simulators and Actual Devices 10.3. Proxying and Intercepting SSL Traffic:

Charles 10.4. Proxying and Intercepting SSL Traffic: Burp 10.5. SSL Traffic on Actual Devices

10.5.1. Charles 10.5.2. Burp

Video and practical sessions included in this module

14

About eLearnSecurity

A leading innovator in the field of practical, hands-on IT security training.

Based in Pisa (Italy), Dubai (UAE) and in San Jose (USA), eLearnSecurity is a leading

provider of IT security and penetration testing courses including certifications for IT

professionals.

eLearnSecurity's mission is to advance the career of IT security professionals by

providing affordable and comprehensive education and certification.

All eLearnSecurity courses utilize engaging eLearning and the most effective mix of

theory, practice and methodology in IT security - all with real-world lessons that

students can immediately apply to build relevant skills and keep their organization's

data and systems safe.

eLearnSecurity © 2014 Via Matteucci 36/38 56124 Pisa, Italy