Detailed Course Outline
Day 1 Android Basics
- Introduction to Android
- Android Architecture
- Digging into Android kernel
Android Security Model
- Android Security Architecture
- Android Permission model
- Application Sandboxing
- Bypassing Android Permissions
- Android Application Components
- Android Debug Bridge
- Creating a Simple Android Application
Introduction to ARM™ Exploitation
- Introduction to ARM™
- Instruction set and Registers
- Debugging with GDB
- Stack Overflows on ARM™
- Format String vulnerabilities
- Ret2ZP Attack and ROP
- Shellcoding on ARM™
- Exploit Mitigations and Bypasses
- ARM™ Based rootkits
Setting up the Environment
- Setting up Android Emulator
- Setting up a Mobile Pentest Environment
App Kung-fu
- Application Analysis
- Reverse Engineering
- Traffic Interception (Active and Passive) of Android Applications
- OWASP Top 10 for Android
- Sniffing Application and phone’s network data
- Unsecure file storage
- Having fun with databases
Exploiting Logic and Code flaws in applications
- Exploiting Content Providers
- SQL Injection in Android Application
- Local File Inclusion/Directory Traversal
- Drive by Exploitation
- Tapjacking
- HTML 5 Attacks
- Phishing Attacks on Android
Exploitation with AFE
- Introduction to Android Framework for Exploitation
- Finding application vulnerabilities using AFE
- Creating a malware + botnet (HTTP and SMS based)
- Crypt an existing malware/botnet to bypass Android Anti-malwares
- Extending the framework with custom plugins
- Cracking Android Applications
- Hands-on on Vulnerable Social Networking Application
- Creating and Exploiting custom ROMs
- Exploiting USB connections with Android
Dex Labs
- Introduction to Dalvik File Format
- In-depth to Smali
- Manipulating smali files and cracking Applications
- Cracking Application Licenses
- Dex file manipulation
- Obfuscating applications with dex obfuscator
Day 2 Android Forensics & Malware Analysis
- Extracting text messages, voice mails, call logs, contacts and messages
- Recovering information stored in SD Card
- Reversing and Analysing Android malwares using Apktool, dex2jar and JD-GUI
- Introduction to IDA Pro
- Analysing malwares and exploits using IDA
Further Exploitation
- Creating custom Bootloaders
- Android Root Exploits – Recreating the exploit
- Fuzzing Android components
- Webkit Exploitation
- Use After Free vulnerability and exploitation
- Writing a reliable exploit for Android
- More ROP Exploitation
- Finding ROP gadgets and building ROP Chains
- Using GDB for Android debugging
- Information Leaks in Android
Being Secure
- Android in the Enterprise
- Writing Secure Code
- Pen test before you publish
- Writing Python Scripts for automating android pen tests
- Source Code Auditing for Applications
Day 3 iOS Background
- Understanding iOS Architecture
- iOS Security Features
- iOS Application Overview
iOS Security Model
- Code Signing
- Sandboxing
- Exploit Mitigation
- Encryption
Setting up the Environment
- Setting up XCode
- Setting up iPhone/Simulator
iOS Hello-World
- iOS Application components
- Introduction to Objective C
- Writing a simple Hello World application in your own iDevice/Simulator
iOS App Analysis
- Reverse Engineering iOS Apps
- Decrypting Appstore Binaries
- Locating PIE (Position Independent Executable)
- Inspecting Binary
- Manipulating Runtime
Auditing Insecure API
- Evaluating the Transport Security
- Abusing Protocol Handlers
- Insecure Data Storage
- Attacking iOS keychain
App Assessments
- Setting up pen testing environment for assessment
- Passive app assessment
- Active app assessment
- Application analysis
App Kungfu
- Exploiting XSS in Apps (UIWebViews)
- Attacking XML processor
- SQL Injection
- Filesystem Interaction
- Geolocation
- Logging
- Background-ing
Memory Corruption Issues
- Format strings
- Object use-after free
- ROP for iOS
- Exploit Mitigations in iOS
iOS Forensics
- Analysis of Backed up data in iTunes
- Extracting SMS, Call Logs, etc., from an iOS backup
- Imaging the whole device
- Being Secure
iOS App compliance checklist
- Writing Secure Codes
- Pen test your App before you publish