From BruCON 2016
Lessons in Mobile Penetration Testing by Zach Lanier
This class is designed to provide students with an introduction to penetration testing, reverse engineering, and exploitation on modern mobile platforms. The instructor will cover the security architecture of popular mobile platforms and mobile applications, investigate their weaknesses and vulnerabilities, and give students hands-on experience in analyzing and attacking them. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on mobile platforms such as Android, iOS, and Blackberry.
On day one, students will be brought up to speed with penetration testing on mobile platforms, exploring the differences and similarities between mobile and conventional pentesting. Students will be introduced to dynamic and static analysis tools and techniques for gaining the information necessary to reverse engineer, discover vulnerabilities, and plan their attacks against Android, iOS, or BlackBerry applications.
On day two, the training will dive a bit further into practical bug hunting, reverse engineering methods, and exploitation techniques, including replicating case studies from the instructors' experiences in real-world mobile application pentests. Students will also get hands-on experience through several labs including reverse engineering of the top Android security applications, exploiting native code vulnerabilities on the ARM architecture, and developing jailbreak/privilege escalation exploits from scratch and deploying them on real devices.
- Laptop capable of running a VMware Virtual Machine
- Dual core CPU, 2GB+ of RAM recommended
- At least 12GB disk space available
- At least one free USB 2.0 port
- This training course has a strong emphasis on the Android platform, so an actual Android device is recommended, but not strictly required.
- Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)
- Conventional attacks / penetration testing, and why mobile is different
- Building an Attack Methodology
- Static Analysis Techniques
- Tools used
- How to identify issues for each platform and what to look for
- Dynamic Analysis Techniques
- Runtime issues, artifacts, etc.
- Network issues, man-in-the-middle
- Reverse Engineering Lab (Pt 1.)
- Extracting "secrets" and useful data
- Patching and rebuilding apps
- Application Auditing
- Reverse Engineering Lab (Pt. 2)
- Reversing advanced protection techniques
- Deeper bug hunting
- Native code threats and vulnerabilities
- Intro to ARM Exploitation
- Exploit mitigation across platforms
- Real-world vulnerabilities
- Exploiting a vulnerable mobile app
- Jailbreak/privilege Escalation Lab
- Platform-level vulnerabilities
- Kernel-level vulnerabilities
- Writing your own jailbreak
- Post-exploitation persistence
- Findings Review
You can find out more from Zach on http://n0where.org
24 & 25 September (09:00 - 17:00)