Difference between revisions of "Spring Training 2016 - Mobile Application Exploitation (iOS and Android)"
From BruCON 2017
(→Trainer Biography) |
(→Trainer Biography) |
||
Line 119: | Line 119: | ||
<br> | <br> | ||
+ | [[File:Denish.jpg|thumb|125px]] | ||
As an assistant trainer, Dinesh leads the Mobile Security Testing Center of Excellence at Security Innovation. He has performed innumerable penetration tests on Web, Mobile and VoIP technologies - however his core area of expertise is Mobile and Embedded application pentesting and exploitation. He is an accomplished author and speaker, and his research has been published in multiple security zines and sites like Packet Storm, Exploit-DB, PenTest Magazine, SecurityXploded, ClubHACK Magazine, and Exploit-Id amongst others. Dinesh is a Hall of Fame member of Apple, Adobe, and Barracuda Networks for his identification and responsible disclosure of critical security vulnerabilities in their products, web sites, and web services. Dinesh has previously presented his work at security conferences around Europe, Boston, New York, Australia, India and a bunch of Middle East countries, and continues to enhance his knowledge by undergoing security trainings and certifications around the world. He maintains an open source intentionally vulnerable Android application called InsecureBankv2 for use by developers and security enthusiasts. | As an assistant trainer, Dinesh leads the Mobile Security Testing Center of Excellence at Security Innovation. He has performed innumerable penetration tests on Web, Mobile and VoIP technologies - however his core area of expertise is Mobile and Embedded application pentesting and exploitation. He is an accomplished author and speaker, and his research has been published in multiple security zines and sites like Packet Storm, Exploit-DB, PenTest Magazine, SecurityXploded, ClubHACK Magazine, and Exploit-Id amongst others. Dinesh is a Hall of Fame member of Apple, Adobe, and Barracuda Networks for his identification and responsible disclosure of critical security vulnerabilities in their products, web sites, and web services. Dinesh has previously presented his work at security conferences around Europe, Boston, New York, Australia, India and a bunch of Middle East countries, and continues to enhance his knowledge by undergoing security trainings and certifications around the world. He maintains an open source intentionally vulnerable Android application called InsecureBankv2 for use by developers and security enthusiasts. | ||
Revision as of 15:35, 21 December 2015
Contents
Mobile Application Exploitation (iOS and Android)
A completely hands-on training on exploiting mobile applications for the iOS and Android platform. The training is based on exploiting Damn Vulnerable iOS app and other vulnerable apps which are written by the trainer in order to make you understand the different kinds of vulnerabilities in mobile applications. You can test your skills in the CTF at the end !
Course Description
This course will also discuss how a developer can secure their applications using secure coding and obfuscation techniques. After the workshop, the students will be able to successfully penetration test and secure mobile applications. All the students will get a PDF presentation with all the slides, vulnerable apps used for training, sample source code and all the necessary tools used to pentest mobile applications.
The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges.
Course contents
- Part 1 - iOS Exploitation
- Module 1 : Getting Started with iOS Pentesting
- iOS security model
- App Signing, Sandboxing and Provisioning
- Setting up XCode
- Changes in iOS 8
- Exploring the iOS filesystem
- Intro to Objective-C and Swift
- Setting up the pentesting environment
- Jailbreaking your device
- Cydia, Mobile Substrate
- Getting started with Damn Vulnerable iOS app
- Binary analysis
- Finding shared libraries
- Checking for PIE, ARC
- Decrypting ipa files
- Self signing IPA files
- iOS security model
- Module 2 : Static and Dynamic Analysis of iOS Apps
- Static Analysis of iOS applications
- Dumping class information
- Insecure local data storage
- Dumping Keychain
- Finding url schemes
- Dynamic Analysis of iOS applications
- Cycript basics
- Advanced Runtime Manipulation using Cycript
- Method Swizzling
- GDB basic usage
- Modifying ARM registers
- Static Analysis of iOS applications
- Module 3 : Exploiting iOS Applications
- Exploiting iOS applications
- Broken Cryptography
- Side channel data leakage
- Sensitive information disclosure
- Exploiting URL schemes
- Client side injection
- Bypassing jailbreak, piracy checks
- Inspecting Network traffic
- Traffic interception over HTTP, HTTPs
- Manipulating network traffic
- Bypassing SSL pinning
- Exploiting iOS applications
- Module 4 : Reversing iOS Apps
- Introduction to Hopper
- Disassembling methods
- Modifying assembly instructions
- Patching App Binary
- Logify
- Module 5 : Securing iOS Apps
- Securing iOS applications
- Where to look for vulnerabilities in code?
- Code obfuscation techniques
- Piracy/Jailbreak checks
- iMAS, Encrypted Core Data
- Module 1 : Getting Started with iOS Pentesting
- Part 2 - Android Exploitation
- Module 1
- Why Android
- Intro to Android
- Android Security Architecture
- Android application structure
- Signing Android applications
- ADB – Non Root
- Rooting Android devices
- ADB - Rooted
- Understanding Android file system
- Permission Model Flaws
- Module 2
- Understanding Android Components
- Introducing Android Emulator
- Introducing Android AVD
- Module 3
- Proxying Android Traffic
- Reverse Engineering for Android Apps
- Smali Labs for Android
- Dex Analysis and Obfuscation
- Android App Hooking
- Module 4
- Attack Surfaces for Android applications
- Exploiting Local Storage
- Exploiting Weak Cryptography
- Exploiting Side Channel Data Leakage
- Root Detection and Bypass
- Exploiting Weak Authorization mechanism
- Identifying and Exploiting flawed Broadcast Receivers
- Identifying and Exploiting flawed Intents
- Identifying and Exploiting Vulnerable Activity Components
- Exploiting Backup and Debuggable apps
- Dynamic Analysis for Android Apps
- Analysing Proguard, DexGuard and other Obfuscation Techniques
- Module 5
- Exploitation using Drozer
- Automated source code analysis
- Exploiting Android embedded applications
- Module 1
Target audience
This course is for penetration testers, mobile developers or anyone keen to learn mobile application security
Hardware/software Requirements
- Laptop with Genymotion installed.
- 20+ GB free hard disk space
- 3+ GB RAM
- A jailbroken iPhone/iPad/iPod for iOS testing. Please get in touch with us if you are having issues arranging it. (training[at]brucon.org)
Trainer Biography
Prateek Gianchandani, an OWASP member and contributor has been working in the infosec industry for about 5 years. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at Conferences like Defcon, Blackhat USA, Brucon, Hack in paris, Phdays etc.
As an assistant trainer, Dinesh leads the Mobile Security Testing Center of Excellence at Security Innovation. He has performed innumerable penetration tests on Web, Mobile and VoIP technologies - however his core area of expertise is Mobile and Embedded application pentesting and exploitation. He is an accomplished author and speaker, and his research has been published in multiple security zines and sites like Packet Storm, Exploit-DB, PenTest Magazine, SecurityXploded, ClubHACK Magazine, and Exploit-Id amongst others. Dinesh is a Hall of Fame member of Apple, Adobe, and Barracuda Networks for his identification and responsible disclosure of critical security vulnerabilities in their products, web sites, and web services. Dinesh has previously presented his work at security conferences around Europe, Boston, New York, Australia, India and a bunch of Middle East countries, and continues to enhance his knowledge by undergoing security trainings and certifications around the world. He maintains an open source intentionally vulnerable Android application called InsecureBankv2 for use by developers and security enthusiasts.
Links :
Wed. 20 - 22 April 2016 (09:00 - 17:00) (3-day)