Skip Main Navigation
Page Content

Save This Event

Event Saved

Mobile Application Exploitation (iOS and Android) 2017

Hackfest Communication

Tuesday, 31 October 2017 at 9:00 AM - Thursday, 2 November 2017 at 5:00 PM (SST)

Mobile Application Exploitation (iOS and Android) 2017

Ticket Information

Ticket Type Sales End Price Fee GST/HST Quantity
Early-Bird - Mobile Application Exploitation (iOS and Android)
Training at Hackfest 2017 on October 31st and November 1-2nd
Ended $1,200.00 $0.00 $179.64
Regular - Mobile Application Exploitation (iOS and Android)
Training at Hackfest 2017 on October 31st and November 1-2nd
21 Oct 2017 $1,500.00 $0.00 $224.55

Who's Going

Loading your connections...

Share Mobile Application Exploitation (iOS and Android) 2017

Event Details

Hackfest is proud to present “Mobile Application Exploitation (iOS and Android)” with Dinesh Shetty and Prateek Gianchandani!

After the introduction of iOS 10 and Android 7 Nougat, We are bringing an updated version of the course with the latest tools & techniques. This will be an introductory course on exploiting iOS and Android applications, suited well for both beginners as well as advanced security enthusiasts. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and other real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. This course will also discuss how an attacker can secure their application using secure coding & obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems.


The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges. The students will be provided with Slides, tools and VMs used during the course.

Training includes

  • Badge for the conference on November 3-4th
  • Lunch (October 31st, November 2-3rd)
  • Coffee breaks

Why chose this course ?

  • Learn mobile hacking for both iOS and Android
  • Understand the process and tools 
  • Have hands-on practice
  • and much more!

Course contents

Part 1 - iOS Exploitation
Module 1 : Getting Started with iOS Pentesting

  • iOS security model
  • App Signing, Sandboxing and Provisioning
  • Setting up XCode 8
  • Changes in iOS 10
  • Primer to iOS 10 security
  • Exploring the iOS filesystem
  • Intro to Objective-C and Swift
  • What's new in Swift 3 ?
  • Setting up the pentesting environment
  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Getting started with Damn Vulnerable iOS app
  • Binary analysis
  • Finding shared libraries
  • Checking for PIE, ARC
  • Decrypting ipa files
  • Self signing IPA files

Module 2 : Static and Dynamic Analysis of iOS Apps

  • Static Analysis of iOS applications
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Finding url schemes
  • Dynamic Analysis of iOS applications
  • Cycript basics
  • Advanced Runtime Manipulation using Cycript
  • Method Swizzling
  • GDB basic usage
  • Modifying ARM registers

Module 3 : Exploiting iOS Applications

  • Exploiting iOS applications
  • Broken Cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning

Module 4 : Reversing iOS Apps

  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching App Binary
  • Logify

Module 5 : Securing iOS Apps

  • Securing iOS applications
  • Where to look for vulnerabilities in code?
  • Code obfuscation techniques
  • Piracy/Jailbreak checks
  • iMAS, Encrypted Core Data

Part 2 - Android Exploitation

Module 1

  • Why Android
  • Intro to Android
  • Android Security Architecture
  • Android application structure
  • Signing Android applications
  • ADB – Non Root
  • Rooting Android devices
  • ADB - Rooted
  • Understanding Android file system
  • Permission Model Flaws

Module 2

  • Understanding Android Components
  • Introducing Android Emulator
  • Introducing Android AVD

Module 3

  • Proxying Android Traffic
  • Reverse Engineering for Android Apps
  • Smali Labs for Android
  • Dex Analysis and Obfuscation
  • Android App Hooking

Module 4

  • Attack Surfaces for Android applications
  • Exploiting Local Storage
  • Exploiting Weak Cryptography
  • Exploiting Side Channel Data Leakage
  • Root Detection and Bypass
  • Exploiting Weak Authorization mechanism
  • Identifying and Exploiting flawed Broadcast Receivers
  • Identifying and Exploiting flawed Intents
  • Identifying and Exploiting Vulnerable Activity Components
  • Exploiting Backup and Debuggable apps
  • Dynamic Analysis for Android Apps
  • Analysing Proguard, DexGuard and other Obfuscation Techniques

Module 5

  • Exploitation using Drozer
  • Automated source code analysis
  • Exploiting Android embedded applications

Technical prerequisites

  • Details will be sent to students before the class begins.

Biographies

Dinesh Shetty leads the Mobile Security Testing Center of Excellence at Security Innovation. He has performed innumerable penetration tests on Web, Mobile and IoT technologies - however his core area of expertise is Mobile and Embedded application pentesting and exploitation. He is an accomplished author and speaker, and his research has been published in multiple security zines and sites like Packet Storm, Exploit-DB, PenTest Magazine, SecurityXploded, ClubHACK Magazine, and Exploit-Id amongst others. Dinesh Shetty has previously presented his work at security conferences around Europe, Boston, New York, Australia, India and a bunch of Middle East and South East Asia countries. He continues to enhance his knowledge by undergoing security trainings and certifications around the world. He maintains an open source intentionally vulnerable Android application called InsecureBankv2 for use by developers and security enthusiasts.
Twitter: https://twitter.com/din3zh
LinkedIn: https://www.linkedin.com/in/dineshshetty1

Prateek Gianchandani, an OWASP member and contributor is currently leading the mobile security team at Cognosec. He is an expert in iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented all around the globe and trained at conferences like Defcon, Blackhat USA, Brucon, Hack in paris, Phdays, Appsec USA etc. In his free time, he blogs at http://highaltitudehacks.com
Twitter: https://twitter.com/prateekg147
LinkedIn: https://www.linkedin.com/in/prateekgianchandani

Have questions about Mobile Application Exploitation (iOS and Android) 2017? Contact Hackfest Communication

Save This Event

Event Saved

When & Where


Hotel Plaza Québec
3031 Boulevard Laurier
Quebec, QC G1V 2M2
Canada

Tuesday, 31 October 2017 at 9:00 AM - Thursday, 2 November 2017 at 5:00 PM (SST)


  Add to my calendar
Mobile Application Exploitation (iOS and Android) 2017
Things to do in Quebec Class Science & Tech

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.