The course provides a comprehensive and progressive approach to understanding advanced vulnerability and exploitation topics. Attendees will be immersed in hands-on exercises that impart valuable skills in researching vulnerabilities on Android and iOS mobile platforms and applications.

The training is designed to turn the students into high-level security experts, and to fully prepare them for working as vulnerability researchers. The course includes immersive hands-on exercises, via virtual labs, where participants will practice what they have studied during each day.

The course targets participants with advanced knowledge and substantial on-field experience in the cyber security world. Primarily:

  • Cyber security technical experts
  • Experienced penetration testers
  • Junior vulnerability researchers
  • Good knowledge and practical experience in penetration testing, including on Android and iOS platforms.
  • Good familiarity and experience with programming languages.
  • Background in Assembly.
  • RT800 is a pre-requisite training-plan for taking this course.
}

40 Hours

Cyber Security

h

Certificate: No

Price: contact us for more details

Leave your details

Course Outline

Objectives

  • Discovering different levels of vulnerabilities on mobile platforms.
  • Learning to exploit advanced vulnerabilities on both Android and iOS applications.
  • Staying on top of the “vulnerability landscape” and being up-to-date on current attacks or potential threats to prepare counter-measures where possible.

Note:

This course is a direct follow-up on RT800 –Vulnerability Research and Exploit Development.

 

Course Outline

Module 1: Android – 20 hours

During this module, students will learn advanced types of Android vulnerabilities and ways to exploit them, in order to take over Android applications. The most complex and interesting attack-scenarios will be discussed, providing the students with means to find critical vulnerabilities in any Android application. By the end of this stage, students will have comprehensive understanding of the Android platform, and its risks and vulnerabilities.

  • Overview
  • The Dalvik VM
  • Java
  • Smali
  • Linux OS security
  • The permissions model
  • Android security
  • Database isolation
  • The emulator
  • Debug bridge
  • Rooting
  • OWASP Top 10 Mobile
  • Static analysis
  • APK
  • Special files
  • Smali disassembling
  • DEX decompilation
  • Code patching
  • Dynamic analysis
  • Monitoring processes
  • Monitoring files
  • Analyzing logs
  • Memory dumps and analysis
  • Smali debugging
  • Traffic analysis
  • Importing SSL certificates & trusted CA’s
  • Bypassing SSL pinning
  • Code analysis
  • Component types
  • Intents structure and filters
  • Component callers authentication
  • Binder interface
  • Pending intents
  • Sticky broadcasts
  • Unprotected content providers
  • Restricted screens access
  • Locating interesting code

 

 

      Module 2 – iOS – 20 hours

      In the following module, students will learn advanced types of iOS vulnerabilities and ways to exploit them, in order to take over Android applications. The most complex and interesting attacks and scenarios will be discussed, providing the students with means to find critical vulnerabilities in any iOS application. This module provides comprehensive understanding of the iOS platform and its unique risks and vulnerabilities.

        • Overview
        • Device architecture
        • Security model
        • File system isolation
        • Application sandbox
        • Objective-C
        • OWASP Top 10 Mobile
        • Preparations
        • Pen-testing environment
        • Lab setup overview
        • Device setup
        • Jailbreaking
        • Cydia installations
        • Laptop installation
        • Static analysis
        • IPA
        • Special files
        • Tampering
        • Investigating with view controllers
        • Binaries
        • Automation
        • Storage analysis
        • Filesystem access
        • Application storages
        • Plists
        • Tampering
        • DB files
        • Snapshots
        • Cookies
        • Logs
        • Cache
        • The keychain
        • Dynamic analysis
        • Class interposing
        • Cycript
        • Header and class dumps
        • Reversing iOS binaries
        • Remote debugging
        • Traffic analysis
        • Importing SSL certificates & trusted CA’s
        • Bypassing SSL pinning