SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Spring Training 2016 - Mobile Application Exploitation (iOS and Android)"

Difference between revisions of "Spring Training 2016 - Mobile Application Exploitation (iOS and Android)"

From BruCON 2016

Jump to: navigation, search
(Trainer Biography)
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=Mobile Application Exploitation (iOS and Android)=
 
=Mobile Application Exploitation (iOS and Android)=
 +
A completely hands-on training on exploiting mobile applications for the iOS and Android platform. The training is based on exploiting Damn Vulnerable iOS app and other vulnerable apps which are written by the trainer in order to make you understand the different kinds of vulnerabilities in mobile applications. You can test your skills in the CTF at the end !
  
 
===Course Description===
 
===Course Description===
This will be a completely hands on training on exploiting mobile applications for the iOS and Android platform. The training will be based on exploiting Damn Vulnerable iOS app and other vulnerable apps which are written by the trainer in order to make people understand the different kinds of vulnerabilities in mobile applications.
 
 
 
This course will also discuss how a developer can secure their applications using secure coding and obfuscation techniques. After the workshop, the students will be able to successfully penetration test and secure mobile applications. All the students will get a PDF presentation with all the slides, vulnerable apps used for training, sample source code and all the necessary tools used to pentest mobile applications.
 
This course will also discuss how a developer can secure their applications using secure coding and obfuscation techniques. After the workshop, the students will be able to successfully penetration test and secure mobile applications. All the students will get a PDF presentation with all the slides, vulnerable apps used for training, sample source code and all the necessary tools used to pentest mobile applications.
  
Line 9: Line 8:
  
 
= Course contents =
 
= Course contents =
* Module 1 - Getting Started with iOS Pentesting
+
* Part 1 - iOS Exploitation
** iOS security model
+
** Module 1 : Getting Started with iOS Pentesting  
*** App Signing, Sandboxing and Provisioning
+
*** iOS security model  
*** Setting up XCode
+
**** App Signing, Sandboxing and Provisioning  
*** Changes in iOS 8
+
**** Setting up XCode  
*** Exploring the iOS filesystem  
+
**** Changes in iOS 8  
** Intro to Objective-C and Swift
+
**** Exploring the iOS filesystem  
** Setting up the pentesting environment
+
**** Intro to Objective-C and Swift  
*** Jailbreaking your device
+
*** Setting up the pentesting environment  
*** Cydia, Mobile Substrate
+
**** Jailbreaking your device  
*** Getting started with Damn Vulnerable iOS app
+
**** Cydia, Mobile Substrate  
*** Binary analysis
+
**** Getting started with Damn Vulnerable iOS app  
*** Finding shared libraries
+
**** Binary analysis  
*** Checking for PIE, ARC
+
**** Finding shared libraries  
*** Decrypting IPA files  
+
**** Checking for PIE, ARC  
*** Self signing IPA files
+
**** Decrypting ipa files  
** Android Exploitation
+
**** Self signing IPA files  
*** Android Security Architecture
+
** Module 2 : Static and Dynamic Analysis of iOS Apps
*** Permission Model Flaws
+
*** Static Analysis of iOS applications
*** API level vulnerabilities
+
**** Dumping class information
*** Rooting for Pentesters Lab
+
**** Insecure local data storage
*** Android ART and DVM Insecurities
+
**** Dumping Keychain
* Module 2 Android App for Security professionals
+
**** Finding url schemes
** Reverse Engineering for Android Apps
+
*** Dynamic Analysis of iOS applications
** Smali Labs for Android
+
**** Cycript basics
** Dex Analysis and Obfuscation
+
**** Advanced Runtime Manipulation using Cycript
** Android App Hooking  
+
**** Method Swizzling
* Module 3 - Application Specific vulnerabilities
+
**** GDB basic usage
** Attack Surfaces for Android applications
+
**** Modifying ARM registers
** Exploiting Side Channel Data Leakage
+
** Module 3 : Exploiting iOS Applications
** Exploiting and identifying vulnerable IPCs
+
*** Exploiting iOS applications
** Exploiting Backup and Debuggable apps
+
**** Broken Cryptography
** Exploiting Exported Components
+
**** Side channel data leakage
** Dynamic Analysis for Android Apps
+
**** Sensitive information disclosure
** Analysing Proguard, DexGuard and other Obfuscation Techniques
+
**** Exploiting URL schemes
* Module 4 - Fuzzing for Android
+
**** Client side injection
** Platform setup for Android fuzzing
+
**** Bypassing jailbreak, piracy checks
** Identifying vulnerable endpoints
+
*** Inspecting Network traffic
** Fuzzing Android components
+
**** Traffic interception over HTTP, HTTPs
** Crash to Exploit
+
**** Manipulating network traffic
* Module 5 - ARM for Android Exploitation
+
**** Bypassing SSL pinning
** Getting familiar with Android ARM
+
** Module 4 : Reversing iOS Apps
** Exploit Mitigation and Protections
+
*** Introduction to Hopper
** Heap Manipulation
+
*** Disassembling methods
** ROP Labs for Android
+
*** Modifying assembly instructions
** Writing your own reliable exploit
+
*** Patching App Binary
** Race Condition vulnerabilities
+
*** Logify
** Hardware Exploitation Techniques
+
** Module 5 : Securing iOS Apps
 +
*** Securing iOS applications
 +
*** Where to look for vulnerabilities in code?
 +
*** Code obfuscation techniques
 +
*** Piracy/Jailbreak checks
 +
*** iMAS, Encrypted Core Data
 +
* Part 2 - Android Exploitation  
 +
** Module 1
 +
*** Why Android
 +
*** Intro to Android
 +
*** Android Security Architecture  
 +
*** Android application structure
 +
*** Signing Android applications
 +
*** ADB – Non Root
 +
*** Rooting Android devices
 +
*** ADB - Rooted
 +
*** Understanding Android file system
 +
*** Permission Model Flaws  
 +
** Module 2
 +
*** Understanding Android Components
 +
*** Introducing Android Emulator
 +
*** Introducing Android AVD
 +
** Module 3
 +
*** Proxying Android Traffic
 +
*** Reverse Engineering for Android Apps  
 +
*** Smali Labs for Android  
 +
*** Dex Analysis and Obfuscation  
 +
*** Android App Hooking  
 +
** Module 4
 +
*** Attack Surfaces for Android applications  
 +
*** Exploiting Local Storage
 +
*** Exploiting Weak Cryptography
 +
*** Exploiting Side Channel Data Leakage  
 +
*** Root Detection and Bypass
 +
*** Exploiting Weak Authorization mechanism
 +
*** Identifying and Exploiting flawed Broadcast Receivers
 +
*** Identifying and Exploiting flawed Intents
 +
*** Identifying and Exploiting Vulnerable Activity Components
 +
*** Exploiting Backup and Debuggable apps  
 +
*** Dynamic Analysis for Android Apps  
 +
*** Analysing Proguard, DexGuard and other Obfuscation Techniques  
 +
** Module 5
 +
*** Exploitation using Drozer
 +
*** Automated source code analysis
 +
*** Exploiting Android embedded applications
  
 
= Target audience =
 
= Target audience =
Line 64: Line 107:
 
= Hardware/software Requirements =
 
= Hardware/software Requirements =
  
* Bring your own laptop. A Macbook Air or Pro is preferable for running Xcode. Genymotion should be installed on the laptop
+
* Laptop with Genymotion installed.
 
* 20+ GB free hard disk space
 
* 20+ GB free hard disk space
 
* 3+ GB RAM
 
* 3+ GB RAM
* Xcode installed on the laptop to save time during training

+
* A jailbroken iPhone/iPad/iPod for iOS testing. Please get in touch with us if you are having issues arranging it. (training[at]brucon.org)
* A jailbroken iPhone/iPad/iPod for iOS testing if possible.
 
  
 
=Trainer Biography=
 
=Trainer Biography=
[[File:.jpg|thumb|125px]]
+
[[File:Prateek.Gianchandani.jpg|thumb|125px]]
 
Prateek Gianchandani, an OWASP member and contributor has been working in the infosec industry for about 5 years. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at Conferences like Defcon, Blackhat USA, Brucon, Hack in paris, Phdays etc.
 
Prateek Gianchandani, an OWASP member and contributor has been working in the infosec industry for about 5 years. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at Conferences like Defcon, Blackhat USA, Brucon, Hack in paris, Phdays etc.
  
 
<br>[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/prateekg147 @prateekg147]
 
<br>[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/prateekg147 @prateekg147]
 +
 +
<br>
 +
[[File:Anto_Joseph.jpg|thumb|125px]]
 +
As an assistant trainer, Anto Joseph will join Prateek. He is a Security Engineer for Citrix with 4 + years of expertise in Mobile , Systems and Web . He is a strong supporter of Free & Open Information Security Education. His area of interest includes Web,Mobile and Systems. He is currently researching on Android and IOT Security . His research has been accepted into various security conferences like c0c0n 2015 , XorConf 2015 , GroundZero 2015, Hack in Paris 2016, Hack in the Box Amsterdam etc and has good expertise in Practical Security.
 +
 +
<br>[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/antojosep007 @antojosep007]
 +
 
Links :  
 
Links :  
* [http://highaltitudehacks.com/ High Altitude Hacks]
+
* [http://highaltitudehacks.com/ Patreek's Website]
''Mon. 20 - 22 April 2016 (09:00 - 17:00) (3-day)''
+
* [https://github.com/antojoseph Anto's code / GitHUB]
 +
''Wed. 20 - 22 April 2016 (09:00 - 17:00) (3-day)''
  
 
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
 
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
 
[[Training|Back to Training Overview]]
 
[[Training|Back to Training Overview]]

Latest revision as of 14:02, 4 April 2016

Mobile Application Exploitation (iOS and Android)

A completely hands-on training on exploiting mobile applications for the iOS and Android platform. The training is based on exploiting Damn Vulnerable iOS app and other vulnerable apps which are written by the trainer in order to make you understand the different kinds of vulnerabilities in mobile applications. You can test your skills in the CTF at the end !

Course Description

This course will also discuss how a developer can secure their applications using secure coding and obfuscation techniques. After the workshop, the students will be able to successfully penetration test and secure mobile applications. All the students will get a PDF presentation with all the slides, vulnerable apps used for training, sample source code and all the necessary tools used to pentest mobile applications.

The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges.

Course contents

  • Part 1 - iOS Exploitation
    • Module 1 : Getting Started with iOS Pentesting
      • iOS security model
        • App Signing, Sandboxing and Provisioning
        • Setting up XCode
        • Changes in iOS 8
        • Exploring the iOS filesystem
        • Intro to Objective-C and Swift
      • Setting up the pentesting environment
        • Jailbreaking your device
        • Cydia, Mobile Substrate
        • Getting started with Damn Vulnerable iOS app
        • Binary analysis
        • Finding shared libraries
        • Checking for PIE, ARC
        • Decrypting ipa files
        • Self signing IPA files
    • Module 2 : Static and Dynamic Analysis of iOS Apps
      • Static Analysis of iOS applications
        • Dumping class information
        • Insecure local data storage
        • Dumping Keychain
        • Finding url schemes
      • Dynamic Analysis of iOS applications
        • Cycript basics
        • Advanced Runtime Manipulation using Cycript
        • Method Swizzling
        • GDB basic usage
        • Modifying ARM registers
    • Module 3 : Exploiting iOS Applications
      • Exploiting iOS applications
        • Broken Cryptography
        • Side channel data leakage
        • Sensitive information disclosure
        • Exploiting URL schemes
        • Client side injection
        • Bypassing jailbreak, piracy checks
      • Inspecting Network traffic
        • Traffic interception over HTTP, HTTPs
        • Manipulating network traffic
        • Bypassing SSL pinning
    • Module 4 : Reversing iOS Apps
      • Introduction to Hopper
      • Disassembling methods
      • Modifying assembly instructions
      • Patching App Binary
      • Logify
    • Module 5 : Securing iOS Apps
      • Securing iOS applications
      • Where to look for vulnerabilities in code?
      • Code obfuscation techniques
      • Piracy/Jailbreak checks
      • iMAS, Encrypted Core Data
  • Part 2 - Android Exploitation
    • Module 1
      • Why Android
      • Intro to Android
      • Android Security Architecture
      • Android application structure
      • Signing Android applications
      • ADB – Non Root
      • Rooting Android devices
      • ADB - Rooted
      • Understanding Android file system
      • Permission Model Flaws
    • Module 2
      • Understanding Android Components
      • Introducing Android Emulator
      • Introducing Android AVD
    • Module 3
      • Proxying Android Traffic
      • Reverse Engineering for Android Apps
      • Smali Labs for Android
      • Dex Analysis and Obfuscation
      • Android App Hooking
    • Module 4
      • Attack Surfaces for Android applications
      • Exploiting Local Storage
      • Exploiting Weak Cryptography
      • Exploiting Side Channel Data Leakage
      • Root Detection and Bypass
      • Exploiting Weak Authorization mechanism
      • Identifying and Exploiting flawed Broadcast Receivers
      • Identifying and Exploiting flawed Intents
      • Identifying and Exploiting Vulnerable Activity Components
      • Exploiting Backup and Debuggable apps
      • Dynamic Analysis for Android Apps
      • Analysing Proguard, DexGuard and other Obfuscation Techniques
    • Module 5
      • Exploitation using Drozer
      • Automated source code analysis
      • Exploiting Android embedded applications

Target audience

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security

Hardware/software Requirements

  • Laptop with Genymotion installed.
  • 20+ GB free hard disk space
  • 3+ GB RAM
  • A jailbroken iPhone/iPad/iPod for iOS testing. Please get in touch with us if you are having issues arranging it. (training[at]brucon.org)

Trainer Biography

Prateek.Gianchandani.jpg

Prateek Gianchandani, an OWASP member and contributor has been working in the infosec industry for about 5 years. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at Conferences like Defcon, Blackhat USA, Brucon, Hack in paris, Phdays etc.


300px-twitter-icon.jpg @prateekg147


Anto Joseph.jpg

As an assistant trainer, Anto Joseph will join Prateek. He is a Security Engineer for Citrix with 4 + years of expertise in Mobile , Systems and Web . He is a strong supporter of Free & Open Information Security Education. His area of interest includes Web,Mobile and Systems. He is currently researching on Android and IOT Security . His research has been accepted into various security conferences like c0c0n 2015 , XorConf 2015 , GroundZero 2015, Hack in Paris 2016, Hack in the Box Amsterdam etc and has good expertise in Practical Security.


300px-twitter-icon.jpg @antojosep007

Links :

Wed. 20 - 22 April 2016 (09:00 - 17:00) (3-day)

Register.jpg

Back to Training Overview