3-Day Training | 24-26 May

Advanced Android and iOS Hands-on Exploitation [HITB2021AMS Virtual]

Duration 3 days
Seats Available 15
Difficulty intermediate

$3,299.00

Register Now

Overview

DATE: 24-26 May 2021  

TIME: 09:00 to 17:00 CEST/GMT+2

Date Day Time Duration
24 May Monday 0900-17:00 CEST/GMT+2 8 Hours
25 May Tuesday 0900-17:00 CEST/GMT+2 8 Hours
26 May Wednesday 0900-17:00 CEST/GMT+2 8 Hours
(Course timing not suitable? Let us know!)

Get bonus pre-configured training VM with class labs and tools for your own practice, plus an exclusive group invitation to post-training consultation for 12 months with trainer!


Advanced Android & iOS Hands-on Exploitation by Attify is a practical lab-focused training class that teaches you the tools and tactics to identify and exploit vulnerabilities in modern Android and iOS applications. Students get to learn a step-by-step proven approach of how to dissect, analyze, and exploit mobile applications. This class is a 2021 version of a class that we teach many times a year since 2013. We keep the contents updated by creating relevant labs of vulnerabilities that we see in the wild or are common occurrence in our engagements.

The class is split in two sections: Android and iOS. And for both the sections, we start with the underlying foundations and gradually build a firm and solid understanding of the platform that we are working with. We use an approach of learning-by-doing i.e. all the concepts are accompanied by a demonstration or a lab to understand two things: a) what happens on the surface and b) what happens behind the scenes. Throughout the class, the instructor helps you see a scenario from different perspectives, thus enabling you to develop skills such as pattern-recognition and intuitiveness with which you could discover vulnerabilities faster and better.

During the 3 days, you’ll work with various tools and techniques to reverse, analyze and exploit applications of all different types. Some topics that you’ll learn include: Tracing data flow, Transit Data Analysis, Assessing Data Handling, IPC component vulnerabilities, Webviews , Exploiting Deep Links, Backdooring and Binary Reversing, Native component analysis, Dynamic instrumentation, Debugging etc. For the targets, you will use both real-world and  custom-built vulnerable apps.

In the last few hours of the class, we will cover: Future Direction and Research possibilities to show you how you could use this knowledge and skillset in different ways. Apart from it being a standalone technical training class, students often use the momentum that they gain with the class to accelerate their careers.

Either you are looking to get your hands dirty for the very first time or you want to sharpen your mobile pentesting skills, this class is well-suited for both.

 

Students will receive the following:
  • A downloadable pre-configured training virtual machine with class labs and tools. Additional labs for later practice are also included.
  • Invite to an exclusive discussion group w/ 12-month access to ask queries and participate in discussions post-training with others who have taken the training, and the course instructor/author.
  • 1000+ training slides
  • Lab details, workbook, references etc.

Key Learning Objectives

  • Understand the intricacies of Android and iOS applications
  • Reverse engineer and analyze apps and binaries
  • Analyze and capture data storage: on device, temporary, in transit
  • Use a combination of static and dynamic analysis to find vulnerabilities
  • Perform dynamic instrumentation and write scripts to reveal keys and other secrets
  • Learn working with tools such as Apktool, ADB, Ghidra, Frida, Objection etc.
  • Develop a “hacker” mindset

Who Should Attend

  • Android and iOS application security enthusiasts
  • Security researchers, Pentesters and Red Teamers
  • Bug Bounty hunters
  • Mobile app developers wanting to see what’s on the other side
  • Mobile app testers who want to build better test cases

Hardware / Software Requirements

  • VMWare, VirtualBox
  • Minimum 6 GB RAM
  • 40 GB Free Disk space
  • Genymotion/Rooted Android device
  • Jailbroken iOS device (10+)
  • Additional setup instructions will be provided prior to the class

Agenda

Expand All

Day 1

• Android: In/Out
• Platform Security
• Runtime and Virtualization
• Inside an APK
• ADB, AM, PM
• Reverse Engineering
• Code Patching
• Data Handling
• Activity, Services, Intents, and Broadcasts

Day 2

• Understanding Entry points
• Tracing data flow
• URI: Identification and Exploitation
• Content Providers
• Deep Links
• Frida Fu
• Native analysis
• Platform-specific issues
• iOS In/Out
• Inside an IPA
• Code Signing, Entitlements and Profiles
• Objective-C and Swift basics

Day 3

• Reversing and Patching iOS binaries
• Data Handling issues
• Debugging and Runtime Manipulation
• Analyzing iOS Network
• Webview: types and issues
• iOS Frida Fu
• Case Studies
• Structuring a mobile pentest/research
• Future Direction and Research possibilities

Sign Up For an Account

to track your favorites

Sign Up

Want a Training Not Seen Here?

Write to Us

Contact Us