[TRAINING] Mobile Hacking

By Davy Douhine | April 27, 2020

Security conferences are an excellent way to access top-notch quality trainings but with all this actual mess they are cancelled or postponed. However, life keeps going and we still need to train in order to improve our skills.

So, we are pleased to announce that we are going to offer our Mobile Hacking training in an online form!

Of course, we prefer to have real interactions with the attendees because we think it’s the best way to give trainings but as nodoby actually knows when this will be possible again, we want to try our best to continue to train whoever wants to learn mobile security.

Our online trainings are not based on videos but on real live sessions with the trainers. Of course attendees will have slides and labs access to train on their own but they’ll also have interactive session with the trainers to do the labs together and ask questions. A big thank you to Corellium for making this possible.

Contact us if you’re interested: sales@randorisec.fr

Here is the pitch of the training:

Guillaume Lopes and Davy Douhine, senior pentesters, will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious a 100% hands-on 3 days mobile training. Goal is to introduce tools (Adb, Apktool, Jadx, Cycript, Frida, Hopper, Needle, etc.) and techniques to help you to work faster and in a more efficient way in the mobile (Android and iOS) ecosystem. This is the exact training that you would have liked to have before wasting your precious time trying and failing while trying to assess the security of mobile applications.


A VM will be provided to the attendees with the pre-installed tools to cover most of the labs.
A Corellium access (iOS virtualisation) will be provided.

Who Should Attend

Anyone who want to learn how to assess mobile applications with some prior knowledge on web security.
Intermediate to experienced Pentesters, Bug Hunters, Security Researchers, Security Experts and Security Managers/Architects.

Key Learning Objectives

  • Introduce the OWASP MSTG (Mobile Security Testing Guide) and the MASVS (Mobile Application Security Verification Standard)
  • Learn Android and iOS security basics
  • Know how to build an Android and iOS pentest toolset
  • Learn how to review the codebase of a mobile application (aka static analysis)
  • Run the mobile application on a rooted device (to check data security issues)
  • Inspect the app via instrumentation and manipulate the runtime (aka runtime analysis)
  • Man in The Middle all the network communications (aka inspect the traffic)

Prerequisite Knowledge

Network and linux basics

Hardware / Software Requirements

A laptop with:

  • 8GB of RAM at least, ideally 16GB
  • 50Gb of free space (to install a VM based on Kali that we’ll provide)
  • Administrative privileges on your laptop + a way to deactivate anti-virus, HIPS and firewall
  • VMWare Player (ideally VMWare Workstation)
  • A PDF reader

Agenda

Basics and Static Analysis

  • iOS Basics
    • Security features and iOS architecture
    • Techniques: Steps and requirements
    • Set-up a testing environment
    • Tools
    • Jailbreaks: History and types
    • Targeted apps
    • iOS virtualization with Corellium
  • iOS Static Analysis
    • Code checks
    • Needle and MobSF
  • Android Basics
    • Android Ecosystem
    • Sandboxing
    • Android Components
    • APK Architecture
    • Android Manifest
  • Android Static Analysis
    • Decompilation / Disassembling
    • Hardcoding secrets
    • Code Tampering
    • Tools

Dynamic analysis

  • iOS Dynamic Analysis
    • Caching
    • Logs
    • Backups
    • Plist
    • SQLite
    • Hooking with Cycript
    • Hooking with Frida
    • Objection
  • Android Dynamic Analysis
    • Emulator or physical device
    • Access Control
    • LogCat
    • Root-Emulator Detection
    • Debugging
  • Android Data Storage
    • Databases
    • Shared Preferences
    • Internal Storage
    • External Storage
  • iOS Dynamic Analysis - continued
    • Analyze without a jailbreak
    • iOS Network Security
    • MiTM all the traffic
    • Rvictl, Wireshark and Burpsuite
  • Android Network Security
    • How to intercept traffic using BurpSuite
    • Certificate Pinning: How it is implemented? How to defeat it?
  • Android Hooking
    • Introduction of Frida
    • Frida Scripting
    • Hooking Native Code