TRAINING 2 – Mobile-Sec Exploitation Breakout


CAPACITY: 12 pax


USD2299 (early bird)

USD3299 (normal)

Early bird registration rate ends on the 30th of September


Every day we see a bunch of new mobile applications being published on the Store, from games, to utilities, to IoT devices clients and so forth, almost every single aspect of our life can be somehow controlled with “an app” like taking a cab ride, buying groceries. We have smart houses, smart fitness devices and smart coffee machines … but is it just smart or is it secure as well? 🙂

The Mobile-Sec Exploitation Breakout training will enable attendees to master various android & iOS application penetration testing techniques and exploitation methods.

The training focuses on practical hands-on exercises on several dedicated vulnerable apps, with the basic theory explained prior to the Do-It- Yourself mind-bending exercises, enabling the attendee to test his acquired skills during the training.

This two day fast paced tightly action packed brain-melting revamped custom tailored flag-ship workshop program will include subjects covered from setting up Android & iOS pentest environment, Identifying and exploiting application vulnerabilities in a variety of mobile application architectures, changes in Android & iOS security features, and complementary subjects viz. Hybrid Mobile Application Pentest.

Who Should Attend

  • Mobile Application Developers
  • Information Security Professionals
  • Mobile Application Vulnerability Analyst /Auditors
  • Mobility, Mobile Security & Operations Team
  • Pen testers and Security professionals interested to get into Mobile Security
  • Bug bounty hunters

Key Learning Objectives

  • Understand the Android, iOS, ecosystem and application architecture
  • Identify specific threats and risks associated with the Android, iOS platform
  • Perform a hands-on penetration test and reverse engineering an Android, iOS mobile apps
  • Attendees will be able to find vulnerabilities in various real world applications for the android, iOS platform.
  • Attendees would be able to audit an android, iOS mobile application for client engagements.

Preequisite Knowledge

Students could be familiar with below topics but not mandatory

• Common security concepts or common web security issues
• Basic knowledge of the Linux OS and network security basics

Hardware / Software Requirements

  • Working Personal laptop (no Netbooks, no Tablets, no corporate laptop due to restriction’s enabled) with Windows 7 64 bit in Host machine installed.
  • Min 250 GB free Hard disk space and 8 GB RAM preferred
  • Genymotion free version installed (!/ )
  • Virtual box installed (
  • Intel / AMD Hardware Virtualization enabled Operating System Jailbroken iphone/ipad for iOS pentest version 8=> required
  • Mac OS X El Capitan with xcode 8.2.1 preferred
  • Laptop with antivirus and firewall disabled.
  • Attendees must have administrator privilege
  • Working USB port and Wifi enabled
  • No VPN installed
  • Update to the latest display drivers

What not to expect:

To become Mobile Ninja overnight.

Although this training would considerably lead to a next level in Mobile Security, people willing to learn new things and research further is expected to continue exploration in Mobile Security.

What Students will be provided:

Custom Android Tamer VM modified image containing all new off the shelf tools, runtime, target apps, scripts, fuzzing payloads etc.

Vulnerable apps for iOS & android, tools etc Customized Mobile Security Testing Checklist Access to Continuous Learning Environment


Basic – Intermediate


Day 1

Module 1: Android Rudiments

Introduction to Android Security
Android Permission Model and Security Architecture File System Overview
Dalvik vs ART runtimes
Android security features

Module 2: Lab setup and in-depth analysis

Lab Environment setup for android pentest
Setting up android emulator
Android Debug Bridge (ADB) basics

Module 3: Rooted vs non rooted

Common exploits for rooting
Types of mobile apps (Web based, Native, Hybrid)

Module 4: Reverse Engineering of Android Application binaries: (static analysis)

Indepth into APK file format Unpacking APKs

The APK file package

Application Components Activity

Decoding XML/Resource Files
APK extraction – Investigating layout, android manifest, permissions Parsing Dex files
Extracting the content of the classes.dex file
Reverse engineering obfuscated android apps & native libraries Decompilation to java & smali code
Using smali for in-depth analysis
Finding hard coded secrets like geolocation, passwords in code Detecting red flags in Android Manifest file 101.
In-Depth with Smali Analysis
Modifying Android applications to reveal sensitive info

Module 5 : Insecure data storage

Exploring installed application files at the /data/data directory The file system security model
Insecure file system permissions
Insecure storage of sensitive data in files

Searching Inside the SDcard
SQLite Database storage & data dumping Sensitive data in application shared preferences Storage of sensitive data at the server side Hard coded Secrets in source code

Sensitive data leakage via insecure log exposure Identifying vulnerable Broadcast Receivers Attacking & exploiting Broadcast Receivers Identifying and exploiting vulnerable Intents Attacking & exploiting intents

Identifying and exploiting vulnerable Activity Components Attacking & exploiting Activity Components
Identifying and exploiting vulnerable content providers Attacking & exploiting content providers

Identifying and exploiting vulnerable services Attacking & exploiting vulnerable services Detecting developer backdoors

Module 6: Data interception and manipulation (dynamic analysis) Active+Passive

Importing SSL certificates & trusted CA’s
Intercepting proxy chaining– Zed Attack Proxy and Burp Insecure session management
Data Interception for SSL applications
Transmission of sensitive information
Exposing insecure traffic
SSL Pinning Bypass & advanced techniques

Module 7 : Analyzing Runtime Analysis

Attacking android Apps from Inside

Memory dumping and analysis
Analysing logs by parsing logcat and ddms Android Hacking 101

Module 8: Exploiting Logic and Code flaws in applications

Local File Inclusion/Path Traversal flaws SQL Injection in Android Application Labs

Module 9: Automated Assessment with Introspy / & Drozer /Mobile Security Framework, Xposed Framework /

Introduction to Drozer and configuration

Post-exploitation using drozer modules

Introduction to Mobile Security Framework (MobSF) and configuration

Automated security assessment using Mobile Security Framework (MobSF)

Hands-on MobSF Framework
Introduction to Xposed Framework & essential modules Hands-on Xposed Framework

Module 10: Android Malware Analysis & Forensics

Introduction to Android Malware Analysis

Android forensics
Extracting hidden strings, messages, logs, and sensitive information

Module 11: Analyze Hybrid HTML5 Applications

Introduction HTML5 Mobile apps
Common Vulnerabilities in HTML5 Android Applications

Module 12: Automatic Analysis for android code review

Tools for trade
Secure coding android guidelines
Defeating Code obfuscation – bypass techniques

Day 2

Module 14: Pentesting android apps in non –rooted devices

Emulator/VM detection & Root detection 101 & corollary Approach & methodology

Tools of the trade


Module 15: iOS Basics Primer – Background

Understanding iOS Architecture iOS Security Features
iOS Application Overview Objective-C vs Swift apps

Swift 4.1 – Wider Aspect

Module 16: iOS Security Model

Code Signing
iOS Simulator vs. Physical iDevice

Module 17: Jailbreaking

What is JailBreaking Cydia
Need for JailBreaking History

Types of JailBreaking Tethered vs Unthered –Semi Common Jailbreak exploits

Security Threats due to JailBreaking

Module 18: Setting up the Environment

Creating a Pentest Lab Environment

Tools of the trade to install
Setting up the iPhone / iPad / Simulator Setting up the Xcode

Module 19: iOS App Analysis – Passive / Static Analysis

IPA (iOS package application) file Architecture Installing apps using itunes
Application Installation Location
Changes in iOS 7/8/9/10

Reverse Engineering iOS Apps

Local Data Storage (SQLite) Plist Storage
Keychain Usage NSUserDefaults Storage

Module 20: Dynamic Analysis/ Data Protection (Transit)

Passive sniffing traffic – inspecting Network traffic

Active sniffing traffic- Proxying traffic interception over HTTP/HTTPS in Simulator and iDevice

Server Communication Public Key Pinning

SSL Pinning
Bypassing SSL Pinning

Module 21: Authentication

Remote Authentication

Module 22: Side Channel Data Leaks

Device Logs Cut-and-Paste Backgrounding Keystroke Logging

Module 23: Injection Flaws

Module 24: Runtime Manipulation

Module 25: Automatic Analysis for Code review

SQL Injection Cross Site Scripting

Tools of the trade
Secure coding guidelines for iOS application iMas
iOS Malwares & forensics
Introduction to iOS malwares & forensics

Module 26: Pentesting using non-jailbreak approach

Jailbreak/piracy detection techniques Common challenges
Tools of trade
Approach & methodology

CTF Time:

Vulnerable application would be given to audit and report findings

Location: Date: November 25, 2018 Time: 9:00 am - 6:00 pm Ravikumar Paghdal