Course Description
The mobile galaxy is dominated by two solar systems: Android and iOS. Grab your towel and embark on a journey through the intricacies of mobile operating systems. Uncover the secrets and vulnerabilities of mobile app planets through static analysis. Ignite the infinite improbability drive and delve deeper with dynamic analysis to gain the skills and knowledge to outwit the Vogons. Establish a Man-in-the-Middle to glide through the network traffic of mobile applications and see them phone home.
In this training, not only the Ultimate Question of Life, the Universe, and Everything will be answered but also most of your questions regarding mobile security. Join us on this galactic adventure of becoming a mobile security expert!
Course contents
Day 1
- Big Bang of Basics
- Getting Ready for Launch
- Adventures on Androids
- Devices & rooting
- Where Android apps live
- How Android apps are made
- How data is stored on Android
- Identifying the attack surface
- Reverse engineering
- Hooking with Frida and Objection
- Establishing a Man-in-the-Middle
Day 2
- Incidents on iOS
- Devices & jailbreaking
- How iOS apps are made
- Where iOS apps live
- How data is stored on iOS
- Identifying the attack surface
- Hooking with Frida and Objection
- Establishing a Man-in-the-Middle
- Back to Earth
The training will cover controls defined by the Mobile Application Security Verification Standard (MASVS) which is the industry standard for mobile app security.
NVISO has created custom applications that will be used in hands-on exercises. Participants will learn how to identify and exploit common mobile application vulnerabilities.
Requirements
Students should have a:
- Basic knowledge of Android and/or iOS
- Being comfortable working with the command line
Hardware/Software Requirements
Students should bring:
- Computer
- Virtualization platform (VMware or VirtualBox)
- Virtual machine (Linux recommended, e.g. Kali or Mobexler)
Trainer Biography
Jeroen Beckers is the mobile solution lead at NVISO, where he is responsible for quality delivery, innovation and methodology for all mobile assessments. He is actively involved in the mobile security community, and shares his knowledge through open-source tools, blogposts, trainings and presentations.
He is the lead author and instructor of the SANS 575 course iOS and Android Application Security Analysis and Penetration Testing and a co-author of the OWASP Mobile Application Security Testing Guide (MASTG) and OWASP Mobile Application Security Verification Standard (MASVS).
Claudia Ully is part of the pentesting team at NVISO and passionate about raising awareness and enthusiasm for cyber security. Her main area of expertise are web and mobile application security. Apart from spotting vulnerabilities in applications, she enjoys helping and training developers and IT staff to better understand and prevent security issues. She loves coming up with creative ways of making learning more fun and helps raise the next generation of mobile security enthusiasts by teaching a university course on mobile application security at the University of Applied Sciences Upper Austria.