iOS and Android Application Security Analysis and Penetration Testing in Riyadh, Jeddah, Saudi Arabia, Dubai, UAE

This course will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

Course Key Learnings:

Learn How to Pen Test the Biggest Attack Surface in Your Entire Organization

With the skills you acquire in this course you will be able to evaluate the security weaknesses of built-in and third-party applications. You’ll learn how to bypass platform encryption and manipulate apps to circumvent client-side security techniques. You’ll leverage automated and manual mobile application analysis tools to identify deficiencies in mobile app network traffic, file system storage, and inter-app communication channels. You’ll safely work with mobile malware samples to understand the data exposure and access threats affecting Android and iOS devices, and you’ll learn how to bypass locked screens to exploit lost or stolen devices.

Corellium for Android and iOS Emulation

Throughout the course, students will use the innovative Corellium platform to experience iOS and Android penetration testing in a realistic environment. Corellium allows users to create virtualized iOS and Android devices with full root access even on the latest versions. By using this platform, SEC575 students can immediately test their skills right in their own browser, while still having full SSH/ADB capabilities and access to a range of powerful tools.

Take a Deep Dive into Evaluating Mobile Applications and Operating Systems and Their Associated Infrastructure

Understanding and identifying vulnerabilities and threats to mobile devices is a valuable skill, but it must be paired with the ability to communicate the associated risks. Throughout the course, you’ll review ways to effectively communicate threats to key stakeholders. You’ll learn how to use industry standards such as the OWASP Mobile Application Security Verification Standard (MASVS) to assess an application and understand all the risks so that you can characterize threats for managers and decision-makers.

Your Mobile Devices Are Going to Come Under Attack: Help Your Organization Prepare for the Onslaught

Mobile device deployments introduce new threats to organizations, including advanced malware, data leakage, and the disclosure to attackers of enterprise secrets, intellectual property, and personally identifiable information assets. Further complicating matters, there simply are not enough professionals with the security skills needed to identify and manage secure mobile phone and tablet deployments. By completing this course, you’ll be able to differentiate yourself as someone prepared to evaluate the security of mobile devices, effectively assess and identify flaws in mobile applications, and conduct a mobile device penetration test. These are all critical skills to protect and defend mobile device deployments

Course Content:

Module1: iOS

Overview

In examining the structure of iOS, we will see that it has many security controls built in by default, and that Apple has a very tight grip on both the hardware and software. Next, we will discuss ways to disable different security controls by jailbreaking a device, which allows us to install various tools that can help us during our penetration tests. Since mobile devices contain a lot of sensitive information, we take a look at the internal file structure of both iOS and any installed applications in order to identify issues such as insecure storage of sensitive information, or examine interesting information to be used during a full penetration test. Of course, applications can also be attacked by other applications, which is why we will examine application interaction on iOS. Finally, we will take a look at iOS malware to see how malicious actors try to attack both the platform and the end user.

Topics

Mobile Problems and Opportunities

Challenges and opportunities for secure mobile phone deployments
Weaknesses in mobile devices

iOS Architecture

Architecture of iOS devices
Analysis of implemented security controls
iOS application development and publication
Apples update policy

Jailbreaking iOS Devices

Legal issues with jailbreaking
Jailbreaking iOS
Connecting to jailbroken iOS devices
Using a jailbroken device effectively: Tools you must have!

iOS Data Storage and File System Architecture

iOS file system structure
iOS application data storage
Examining typical file types on iOS
Extracting data from iOS backups

iOS Application Interaction

iOS application interaction through schemes, universal links, and extensions

iOS Malware Threats

Trends and popularity of mobile device malware
Analysis of iOS malware targeting non-jailbroken devices
Examining advanced attacks by nation state actors

iOS Labs

Using the Corellium platform
Installing tools on your jailbroken device
Analyzing file storage on iOS
Analyzing application interaction

Module2: : Android

Overview

Android is by far the most popular mobile operating system. Devices with Android come in many shapes and sizes, which leads to a lot of fragmentation. In this course section we will take a look at Android internals and all the different security controls that are implemented to keep the user safe. In contrast to iOS, Android is open-source. It also gives developers many different ways to let their applications interact with other applications, including services, intents, broadcast receivers, and content providers. As these interactions define the attack surface of the application, we will take a close look at how they can be properly protected and exploited. Android can give us shell access through Android Debug Bridge tools, but if we really want full access, we still need to root the device by unlocking the bootloader or using a device-specific exploit. Once rooted, we will take a look at the internal file structure of both a typical Android device and installed applications to identify useful information. Finally, we will examine Android malware, which includes many different malware types such as ransomware, mobile banking Trojans, and spyware.

Topics

Android Architecture

Architecture of Android devices
Analysis of implemented security controls
Android app execution: Android Runtime vs. Android Dalvik virtual machine
Android application development and publication
Androids update policy

Rooting Android Devices

Examine different ways to obtain root, including unlocking the bootloader and using exploits
Installing custom ROMs, bootloaders, and recoveries
Installing Magisk systemless root

Android Data Storage and File System Architecture

Android file system structure
Android application data storage
Examining typical file types on Android
Extracting data from Android backups

Android Application Interaction

Android application interaction through activities, intents, services, and broadcasts
Protection of application components through permissions and signatures

Android Malware Threats

Trends and popularity of mobile device malware
Analysis of Android malware, including ransomware, mobile banking Trojans, and spyware

Android Labs

Using the Corellium platform
Android mobile application analysis with Android Debug Bridge (ADB) tools
Uploading, downloading, and installing applications with ADB
Analyzing file storage on Android
Analyzing application interaction

Android Platform Analysis

iOS and Android permission management models
Code signing weaknesses on Android
Android app execution: Android Runtime vs. Android Dalvik virtual machine
Latest Android and iOS security enhancements

Module3: Static Application Analysis

Overview

One of the core skills you need as a mobile security analyst is the ability to evaluate the risks and threats a mobile app introduces to your organization. The lectures and hands-on exercises presented in this course section will enable you to use your analysis skills to evaluate critical mobile applications to determine the type of access threats and information disclosure threats they represent. We will use automated and manual application assessment tools to statically evaluate iOS and Android apps. Initially, the applications will be easy to understand, but towards the end of the section we will dig into obfuscated applications that are far more difficult to dissect. Finally, we will examine different kinds of application frameworks and how they can be analyzed with specialized tools.

Topics

Static Application Analysis

Retrieving iOS and Android apps for reverse engineering analysis
Decompiling Android applications
Circumventing iOS app encryption
Header analysis and Objective-C disassembly
Accelerating iOS disassembly: Hopper and IDA Pro
Swift iOS apps and reverse-engineering tools
Android application analysis with MobSF

Reverse-Engineering Obfuscated Applications

Identifying obfuscation techniques
Decompiling obfuscated applications
Effectively annotating reconstructed code with Android Studio
Decrypting obfuscated content with Simplify

Third-Party Application Frameworks

Examining .NET-based Xamarin and Unity applications
Examining HTML5-based PhoneGap applications
Examining Flutter and React-Native applications

Module4 : Dynamic Mobile Application Analysis and Manipulation

Overview

After performing static analysis on applications in the previous course section, we now move on to dynamic analysis. A skilled analyst combines static and dynamic analysis to evaluate the security posture of an application. Using dynamic instrumentation frameworks, we see how applications can be modified at runtime, how method calls can be intercepted and modified, and how we can gain direct access to the native memory of the device. We will learn about Cycript, Frida, Objection, and method swizzling to fully instrument and examine both Android and iOS applications. The section ends with a look at a consistent system for evaluating and grading the security of mobile applications using the OWASP Mobile Application Security Verification (MASVS) Standard. By identifying these flaws, we can evaluate the mobile phone deployment risk to the organization with practical and useful risk metrics. Whether your role is to implement the penetration test or to source and evaluate the penetration tests of others, understanding these techniques will help you and your organization identify and resolve vulnerabilities before they become incidents.

Topics

Manipulating and Analyzing iOS Applications

Runtime iOS application manipulation with Cycript and Frida
iOS method swizzling
iOS application vulnerability analysis with Objection
Tracing iOS application behavior and API use
Extracting secrets with KeychainDumper
Method hooking with Frida and Objection

Manipulating and Analyzing Android Applications

Android application manipulation with Apktool
Reading and modifying Dalvik bytecode
Adding Android application functionality, from Java to Dalvik bytecode
Method hooking with Frida and Objection

Mobile Application Security Verification Standard

Step-by-step recommendations for application analysis
Taking a methodical approach to application security verification
Common pitfalls while assessing applications
Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
Android and iOS critical data storage: Keychain and Keystore recommendations

Module5: : Penetration Testing

Overview

After analyzing the applications both statically and dynamically, one component is still left untouched: the back-end server. This course section will examine how you can perform Address Resolution Protocol spoofing attacks on a network in order to obtain a man-in-the-middle position, and how Android and iOS try to protect users from having their sensitive information intercepted. We will examine how you can set up a test device to purposely intercept the traffic in order to find vulnerabilities on the back-end server. In some engagements, we will need to access someone elses device, so we will examine whether we can break into a mobile device thats protected with a pin code or biometrics. We will end the section by creating a Remote Access Trojan (RAT) application that can be installed either on a remotely compromised device or on a physically acquired device during a red team engagement in order to target users and gain access to internal networks.

Topics

Intercepting TLS Traffic

Exploiting HTTPS transactions with man-in-the-middle attacks
Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks
Bypassing Android NetworkSecurityConfig and Apple Transport Security
Bypassing SSL pinning

Man-in-the-Middle Troubleshooting

Analyzing common issues when performing a man-in-the-middle attack
Using different setups to obtain a man-in-the-middle position
Creating custom Frida hooks to bypass SSL pinning

Accessing Locked Devices

Bruteforcing pincodes on Android and iOS
Bypassing bruteforce protection
Abusing Siri to acquire information
Bypassing biometric authentication

Using Mobile Device Remote Access Trojans

Building RAT tools for mobile device attacks
Hiding RATs in legitimate Android apps
Customizing RATs to evade anti-virus tools
Integrating the Metasploit Framework into your mobile pen test
Effective deployment tactics for mobile device Phishing attacks

Module6:: Hands-on Capture-the-Flag Event

Overview

In this final section we will pull together all the concepts and technology covered throughout the course in a comprehensive Capture-the-Flag event. In this hands-on mobile security challenge, you will examine multiple applications and forensic images to identify weaknesses and sources of sensitive information disclosure, and analyze obfuscated malware samples to understand how they work. Youll put the skills you have learned into practice in order to evaluate systems and applications, simulating the realistic environment you will be need to protect when you get back to the office.

International Student Fee: 500 US$

Job Interview Preparation (Soft Skills Questions & Answers)

Your FREE eLEARNING Courses (Click Here)

Internships, Freelance and Full-Time Work opportunities

Flexible Class Options