Training: Offensive Mobile Application Exploitation, Blackhat USA 2017

This training was focused on the mobile app exploitation for Android and iOS applications.
The training was really good we saw five parts about each SO, (check below the content table).
The speakers were @Din3zh and @prateekg147,
the colleagues were really friendlys and here it's the training certificate :)

Course Outline

Part 1 - iOS Exploitation

Module 1 : Getting Started with iOS Pentesting

  • iOS security model
  • App Signing, Sandboxing and Provisioning
  • Setting up XCode 8
  • Changes in iOS 10
  • Primer to iOS 10 security
  • Exploring the iOS filesystem
  • Intro to Objective-C and Swift
  • What's new in Swift 3 ?
  • Setting up the pentesting environment
  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Getting started with Damn Vulnerable iOS app
  • Binary analysis
  • Finding shared libraries
  • Checking for PIE, ARC
  • Decrypting ipa files
  • Self signing IPA files

Module 2 : Static and Dynamic Analysis of iOS Apps

  • Static Analysis of iOS applications
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Finding url schemes
  • Dynamic Analysis of iOS applications
  • Cycript basics
  • Advanced Runtime Manipulation using Cycript
  • Method Swizzling
  • GDB basic usage
  • Modifying ARM registers

Module 3 : Exploiting iOS Applications

  • Exploiting iOS applications
  • Broken Cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning

Module 4 : Reversing iOS Apps

  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching App Binary
  • Logify

Module 5 : Securing iOS Apps

  • Securing iOS applications
  • Where to look for vulnerabilities in code?
  • Code obfuscation techniques
  • Piracy/Jailbreak checks
  • iMAS, Encrypted Core Data

Part 2 - Android Exploitation

Module 1

  • Why Android
  • Intro to Android
  • Android Security Architecture
  • Android application structure
  • Signing Android applications
  • ADB – Non Root
  • Rooting Android devices
  • ADB - Rooted
  • Understanding Android file system
  • Permission Model Flaws

Module 2

  • Understanding Android Components
  • Introducing Android Emulator
  • Introducing Android AVD

Module 3

  • Proxying Android Traffic
  • Reverse Engineering for Android Apps
  • Smali Labs for Android
  • Dex Analysis and Obfuscation
  • Android App Hooking

Module 4

  • Attack Surfaces for Android applications
  • Exploiting Local Storage
  • Exploiting Weak Cryptography
  • Exploiting Side Channel Data Leakage
  • Root Detection and Bypass
  • Exploiting Weak Authorization mechanism
  • Identifying and Exploiting flawed Broadcast Receivers
  • Identifying and Exploiting flawed Intents
  • Identifying and Exploiting Vulnerable Activity Components
  • Exploiting Backup and Debuggable apps
  • Dynamic Analysis for Android Apps
  • Analysing Proguard, DexGuard and other Obfuscation Techniques

Module 5

  • Exploitation using Drozer
  • Automated source code analysis
  • Exploiting Android embedded applications
https://www.blackhat.com/us-17/training/offensive-mobile-application-exploitation.html
Written on 01 08, 2017