Advanced Mobile Exploitation (AME) – Outline

Outline detalhado do curso

Day 1 Android Basics

  • Introduction to Android
  • Android Architecture
  • Digging into Android kernel

Android Security Model

  • Android Security Architecture
  • Android Permission model
  • Application Sandboxing
  • Bypassing Android Permissions
  • Android Application Components
  • Android Debug Bridge
  • Creating a Simple Android Application

Introduction to ARM™ Exploitation

  • Introduction to ARM™
  • Instruction set and Registers
  • Debugging with GDB
  • Stack Overflows on ARM™
  • Format String vulnerabilities
  • Ret2ZP Attack and ROP
  • Shellcoding on ARM™
  • Exploit Mitigations and Bypasses
  • ARM™ Based rootkits

Setting up the Environment

  • Setting up Android Emulator
  • Setting up a Mobile Pentest Environment

App Kung-fu

  • Application Analysis
  • Reverse Engineering
  • Traffic Interception (Active and Passive) of Android Applications
  • OWASP Top 10 for Android
  • Sniffing Application and phone’s network data
  • Unsecure file storage
  • Having fun with databases

Exploiting Logic and Code flaws in applications

  • Exploiting Content Providers
  • SQL Injection in Android Application
  • Local File Inclusion/Directory Traversal
  • Drive by Exploitation
  • Tapjacking
  • HTML 5 Attacks
  • Phishing Attacks on Android

Exploitation with AFE

  • Introduction to Android Framework for Exploitation
  • Finding application vulnerabilities using AFE
  • Creating a malware + botnet (HTTP and SMS based)
  • Crypt an existing malware/botnet to bypass Android Anti-malwares
  • Extending the framework with custom plugins
  • Cracking Android Applications
  • Hands-on on Vulnerable Social Networking Application
  • Creating and Exploiting custom ROMs
  • Exploiting USB connections with Android

Dex Labs

  • Introduction to Dalvik File Format
  • In-depth to Smali
  • Manipulating smali files and cracking Applications
  • Cracking Application Licenses
  • Dex file manipulation
  • Obfuscating applications with dex obfuscator

Day 2 Android Forensics & Malware Analysis

  • Extracting text messages, voice mails, call logs, contacts and messages
  • Recovering information stored in SD Card
  • Reversing and Analysing Android malwares using Apktool, dex2jar and JD-GUI
  • Introduction to IDA Pro
  • Analysing malwares and exploits using IDA

Further Exploitation

  • Creating custom Bootloaders
  • Android Root Exploits – Recreating the exploit
  • Fuzzing Android components
  • Webkit Exploitation
  • Use After Free vulnerability and exploitation
  • Writing a reliable exploit for Android
  • More ROP Exploitation
  • Finding ROP gadgets and building ROP Chains
  • Using GDB for Android debugging
  • Information Leaks in Android

Being Secure

  • Android in the Enterprise
  • Writing Secure Code
  • Pen test before you publish
  • Writing Python Scripts for automating android pen tests
  • Source Code Auditing for Applications

Day 3 iOS Background

  • Understanding iOS Architecture
  • iOS Security Features
  • iOS Application Overview

iOS Security Model

  • Code Signing
  • Sandboxing
  • Exploit Mitigation
  • Encryption

Setting up the Environment

  • Setting up XCode
  • Setting up iPhone/Simulator

iOS Hello-World

  • iOS Application components
  • Introduction to Objective C
  • Writing a simple Hello World application in your own iDevice/Simulator

iOS App Analysis

  • Reverse Engineering iOS Apps
  • Decrypting Appstore Binaries
  • Locating PIE (Position Independent Executable)
  • Inspecting Binary
  • Manipulating Runtime

Auditing Insecure API

  • Evaluating the Transport Security
  • Abusing Protocol Handlers
  • Insecure Data Storage
  • Attacking iOS keychain

App Assessments

  • Setting up pen testing environment for assessment
  • Passive app assessment
  • Active app assessment
  • Application analysis

App Kungfu

  • Exploiting XSS in Apps (UIWebViews)
  • Attacking XML processor
  • SQL Injection
  • Filesystem Interaction
  • Geolocation
  • Logging
  • Background-ing

Memory Corruption Issues

  • Format strings
  • Object use-after free
  • ROP for iOS
  • Exploit Mitigations in iOS

iOS Forensics

  • Analysis of Backed up data in iTunes
  • Extracting SMS, Call Logs, etc., from an iOS backup
  • Imaging the whole device
  • Being Secure

iOS App compliance checklist

  • Writing Secure Codes
  • Pen test your App before you publish