4uyjk5.png

Advanced Android & iOS Hands-on Exploitation

oswlj6.jpg?width=150

Workshop Duration: 2 days
Date: 4 & 5th June,2015

Price: INR 25,000

Description:

Advanced Android and iOS Hands-on Exploitation is a unique training which covers security and exploitation of the two dominant mobile platforms - Android and iOS. This is a two day action packed class, full of hands-on challenges and CTF labs, for both Android and iOS environment. The entire class will be based on a custom VM which has been prepared exclusively for the training. The training will take the attendees from the ground level upwards to be able to audit any real world applications on the platforms.

Some of the topics that will be covered are Advanced Auditing of iOS and Android Applications, Reverse Engineering, Bypassing Obfuscations, Automating security analysis, Exploiting and patching apps, Advanced ARM Exploitation, API Hooking and a lot more.

The 2-day class is designed in a CTF approach where each of the module is followed by a complete hands-on lab, giving the attendees a chance to apply the knowledge and skills learnt during the class in real life scenario. Students will also be provided with an author signed copy of the book “Learning Pentesting for Android Devices”, printed reference materials and handouts to be used during and after the training class, and private scripts written by the trainer for Android and iOS app security analysis.

Workshop Agenda:

Day 1 :

  • Introduction to Android Security
  • Setting up the Pentest Lab
  • Android App Internals
  • Reversing Android Applications
  • Bypassing App protections
  • Static Analysis of Android Apps
  • Leaking Content Providers
  • Network Traffic Security Analysis
  • Dynamic Analysis of Android apps
  • API Hooking for security assessment
  • Using Drozer for security analysis
  • Automating Android app pentesting
  • OWASP Mobile Top 10 for Android apps

Day 2 :

  • Introduction to iOS Security Architecture
  • iOS Pentesting Lab Setup
  • Reversing iOS Applications
  • Bypassing iOS App Security Mechanisms
  • Runtime Manipulation of iOS Apps
  • Advanced Cycript Techniques
  • OWASP Mobile Top 10 for iOS
  • Pentesting Real World Applications
  • Using AppWatch to pentest Android and iOS apps automagically
  • Secure Coding for Android and iOS Applications
  • Integrating Mobile Security into SDLC
  • Mobile Application Checklist

Candidate Requirements:

  • The course starts from the very ground level. So, a basic understanding, but not a lot on mobile applications is expected.
  • Since Mobile Architectures are based on Linux, it is expected that the attendee will have some familiarity with the Linux environment
  • The course is completely hands-on. So, you should be willing to take up and solve challenges.
  • Scripting knowledge is not mandatory, but will be a plus.

 

You Need To Bring:

Hardware: 

  • Minimum 2GB RAM and 20 GB free Hard Disk space
  • Administrative Privileges on your laptop
  • External USB Access Allowed on your laptop
  • iPhone/iPad/iPod (compulsory, jailbroken and should be 6.1.x+)

Software:

  • Windows 7/8 (No XP!), Ubuntu, MacOSX (Mountain Lion or above)
  • VMWare Player/Workstation/Fusion
  • GenyMotion with the image of Nexus S - Android 4.1.1
  • SSH Client (If you’re on Windows, download Putty)
  • Python and Java installed and configured as environment variable

Eligible Candidates:

  • Information Security Professionals
  • Web Security Researchers who are willing to start in Mobile Security
  • Mobile Security Enthusiasts

Set Expectations:

  • Interactive Hands-on Session
  • Learning to Reverse Engineer, and find security vulnerabilities in mobile applications
  • Applying the skills learnt, to real world environment after the class

Takeaway

  • 300+ slides course pdf
  • Lab Reference Materials and Handouts
  • Course VM with mobile security tools preconfigured
  • Additional Reading materials to research further into mobile security
  • Mobile Security Cheat Sheet

Benefits of Attending

  • Unique learning experience of Mobile Applications for both Android and iOS
  • Real World Hands-on exercises and case studies
  • Automating Mobile Application Security
  • Using AppWatch for Mobile Security for enterprises

Not To Expect

  • Becoming an Android/iOS expert hacker overnight. However, you can use the knowledge and skill set gained to research further and master the platform.

Trainer: Aditya Gupta

8669935485?profile=originalAditya Gupta (@adi1391) is the founder and trainer of Attify, a mobile security firm, and leading mobile security expert and evangelist.

Apart from being the lead developer and co-creator of Android framework for exploitation, he has done a lot of in-depth research on the security of mobile and hardware devices, including Android, iOS, and Blackberry, as well as BYOD Enterprise Security.

He is also the author of the popular Android security book “Learning Pentesting for Android” selling over 5000+ copies, since the time of launch in March 2014. He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe, Skype, and many more. He has also published a research paper on ARM Exploitation titled “A Short Guide on ARM Exploitation.”

In his previous work at Rediff.com, his main responsibilities were to look after web application security and lead security automation. He also developed several internal security tools for the organization to handle the security issues.

He has also previously spoken and trained at numerous international security conferences including Black Hat, Syscan, OWASP AppSec, Toorcon, Clubhack, Nullcon etc, along with many other corporate trainings on Mobile Security.

Checkout other training

>> Cyber Forensics & Incident Response Training: Click Here

>> Network Forensic & Practical Packet Analysis: Click Here

>> Application Security Testing & Web Hacking: Click Here

>>Reverse Engineering & Malware Analysis: Click Here

>>Security Testing In The Cloud: Click Here

>> Decision Summit & Top 100 CISO Awards: Click Here

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform