Who should attend
Pen testers/security professionals/embedded security enthusiasts and anyone interested in learning IoT device pen testing. You are expected to have a basic knowledge of Mobile Operating Systems, and knowledge of programming languages (Java and C, and Python for scripting) will be an added advantage to grasping things quickly.
Prerequisites
The only requirement for this class is that you bring your own laptop and have admin/root access. During the class, we will give you VPN access to our state-of-the-art hacklab which is hosted in our datacentre in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab, so you don’t need to bring any VMs with you. all you need is to install the VPN client and you are good to go! Also, note that we will use an Ethernet/Wired network for this class. If your laptop does not support this, please carry the correct adaptor to ensure you are able to connect to the wired network.
Course Objectives
Advanced Android and iOS Exploitation: This fast-paced training will familiarise you with the various Android and iOS exploitation techniques, as well as bypassing most of the existing security models in both of the platforms. We will cover topics such as writing your own malware, auditing complicated and protected applications, automated static and dynamic analysis, Dex Exploitation, ARM™, OWASP Mobile, Top 10 and a lot more. Platform Exploitation on which most of the smartphone run these days. In ARM™, we will cover exploitation techniques such as Stack Based Buffer Overflows, Gadget Chaining, ROP and Bypassing protections. Finally, for iOS, we will be looking into the application security auditing, creating a pen test environment, presenting a sandboxing model, code signing, inspecting binaries, use-after-free and much more. We will also be looking into Android rooting and iOS jail breaking exploits, and recreate the scenario from scratch. Students will also be provided with custom exploitation labs, which will be preconfigured and loaded with all the tools and scripts which will be covered during the training.
Course Content
A 3-day Advanced Mobile Exploitation course, focusing on Android and iOS exploitation. If you want to try exploitation on new hardware and find security vulnerabilities, and “0-days” in IoT devices, then Offensive IoT Exploitation is the course for you. At the end of the class, there will be a final CTF challenge where the attendees will have to identify security vulnerabilities and exploit them, in a completely unknown device.