IOS and Android Application Security Analysis and Penetration Testing
This course will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.
Course Key Learnings:
Learn How to Pen Test the Biggest Attack Surface in Your Entire Organization
With the skills you acquire in this course you will be able to evaluate the security weaknesses of built-in and third-party applications. You’ll learn how to bypass platform encryption and manipulate apps to circumvent client-side security techniques. You’ll leverage automated and manual mobile application analysis tools to identify deficiencies in mobile app network traffic, file system storage, and inter-app communication channels. You’ll safely work with mobile malware samples to understand the data exposure and access threats affecting Android and iOS devices, and you’ll learn how to bypass locked screens to exploit lost or stolen devices.
Corellium for Android and iOS Emulation
Throughout the course, students will use the innovative Corellium platform to experience iOS and Android penetration testing in a realistic environment. Corellium allows users to create virtualized iOS and Android devices with full root access even on the latest versions. By using this platform, SEC575 students can immediately test their skills right in their own browser, while still having full SSH/ADB capabilities and access to a range of powerful tools.
Take a Deep Dive into Evaluating Mobile Applications and Operating Systems and Their Associated Infrastructure
Understanding and identifying vulnerabilities and threats to mobile devices is a valuable skill, but it must be paired with the ability to communicate the associated risks. Throughout the course, you’ll review ways to effectively communicate threats to key stakeholders. You’ll learn how to use industry standards such as the OWASP Mobile Application Security Verification Standard (MASVS) to assess an application and understand all the risks so that you can characterize threats for managers and decision-makers.
Your Mobile Devices Are Going to Come Under Attack: Help Your Organization Prepare for the Onslaught
Mobile device deployments introduce new threats to organizations, including advanced malware, data leakage, and the disclosure to attackers of enterprise secrets, intellectual property, and personally identifiable information assets. Further complicating matters, there simply are not enough professionals with the security skills needed to identify and manage secure mobile phone and tablet deployments. By completing this course, you’ll be able to differentiate yourself as someone prepared to evaluate the security of mobile devices, effectively assess and identify flaws in mobile applications, and conduct a mobile device penetration test. These are all critical skills to protect and defend mobile device deployments
Course Content:
Module1: iOS
Overview
In examining the structure of iOS, we will see that it has many security controls built in by default, and that Apple has a very tight grip on both the hardware and software. Next, we will discuss ways to disable different security controls by jailbreaking a device, which allows us to install various tools that can help us during our penetration tests. Since mobile devices contain a lot of sensitive information, we take a look at the internal file structure of both iOS and any installed applications in order to identify issues such as insecure storage of sensitive information, or examine interesting information to be used during a full penetration test. Of course, applications can also be attacked by other applications, which is why we will examine application interaction on iOS. Finally, we will take a look at iOS malware to see how malicious actors try to attack both the platform and the end user.
Topics
Mobile Problems and Opportunities
- Challenges and opportunities for secure mobile phone deployments
- Weaknesses in mobile devices
iOS Architecture
- Architecture of iOS devices
- Analysis of implemented security controls
- iOS application development and publication
- Apples update policy
Jailbreaking iOS Devices
- Legal issues with jailbreaking
- Jailbreaking iOS
- Connecting to jailbroken iOS devices
- Using a jailbroken device effectively: Tools you must have!
iOS Data Storage and File System Architecture
- iOS file system structure
- iOS application data storage
- Examining typical file types on iOS
- Extracting data from iOS backups
iOS Application Interaction
- iOS application interaction through schemes, universal links, and extensions
iOS Malware Threats
- Trends and popularity of mobile device malware
- Analysis of iOS malware targeting non-jailbroken devices
- Examining advanced attacks by nation state actors
iOS Labs
- Using the Corellium platform
- Installing tools on your jailbroken device
- Analyzing file storage on iOS
- Analyzing application interaction
Module2: : Android
Overview
Android is by far the most popular mobile operating system. Devices with Android come in many shapes and sizes, which leads to a lot of fragmentation. In this course section we will take a look at Android internals and all the different security controls that are implemented to keep the user safe. In contrast to iOS, Android is open-source. It also gives developers many different ways to let their applications interact with other applications, including services, intents, broadcast receivers, and content providers. As these interactions define the attack surface of the application, we will take a close look at how they can be properly protected and exploited. Android can give us shell access through Android Debug Bridge tools, but if we really want full access, we still need to root the device by unlocking the bootloader or using a device-specific exploit. Once rooted, we will take a look at the internal file structure of both a typical Android device and installed applications to identify useful information. Finally, we will examine Android malware, which includes many different malware types such as ransomware, mobile banking Trojans, and spyware.
Topics
Android Architecture
- Architecture of Android devices
- Analysis of implemented security controls
- Android app execution: Android Runtime vs. Android Dalvik virtual machine
- Android application development and publication
- Androids update policy
Rooting Android Devices
- Examine different ways to obtain root, including unlocking the bootloader and using exploits
- Installing custom ROMs, bootloaders, and recoveries
- Installing Magisk systemless root
Android Data Storage and File System Architecture
- Android file system structure
- Android application data storage
- Examining typical file types on Android
- Extracting data from Android backups
Android Application Interaction
- Android application interaction through activities, intents, services, and broadcasts
- Protection of application components through permissions and signatures
Android Malware Threats
- Trends and popularity of mobile device malware
- Analysis of Android malware, including ransomware, mobile banking Trojans, and spyware
Android Labs
- Using the Corellium platform
- Android mobile application analysis with Android Debug Bridge (ADB) tools
- Uploading, downloading, and installing applications with ADB
- Analyzing file storage on Android
- Analyzing application interaction
Android Platform Analysis
- iOS and Android permission management models
- Code signing weaknesses on Android
- Android app execution: Android Runtime vs. Android Dalvik virtual machine
- Latest Android and iOS security enhancements
Module3: Static Application Analysis
Overview
One of the core skills you need as a mobile security analyst is the ability to evaluate the risks and threats a mobile app introduces to your organization. The lectures and hands-on exercises presented in this course section will enable you to use your analysis skills to evaluate critical mobile applications to determine the type of access threats and information disclosure threats they represent. We will use automated and manual application assessment tools to statically evaluate iOS and Android apps. Initially, the applications will be easy to understand, but towards the end of the section we will dig into obfuscated applications that are far more difficult to dissect. Finally, we will examine different kinds of application frameworks and how they can be analyzed with specialized tools.
Topics
Static Application Analysis
- Retrieving iOS and Android apps for reverse engineering analysis
- Decompiling Android applications
- Circumventing iOS app encryption
- Header analysis and Objective-C disassembly
- Accelerating iOS disassembly: Hopper and IDA Pro
- Swift iOS apps and reverse-engineering tools
- Android application analysis with MobSF
Reverse-Engineering Obfuscated Applications
- Identifying obfuscation techniques
- Decompiling obfuscated applications
- Effectively annotating reconstructed code with Android Studio
- Decrypting obfuscated content with Simplify
Third-Party Application Frameworks
- Examining .NET-based Xamarin and Unity applications
- Examining HTML5-based PhoneGap applications
- Examining Flutter and React-Native applications
Module4 : Dynamic Mobile Application Analysis and Manipulation
Overview
After performing static analysis on applications in the previous course section, we now move on to dynamic analysis. A skilled analyst combines static and dynamic analysis to evaluate the security posture of an application. Using dynamic instrumentation frameworks, we see how applications can be modified at runtime, how method calls can be intercepted and modified, and how we can gain direct access to the native memory of the device. We will learn about Cycript, Frida, Objection, and method swizzling to fully instrument and examine both Android and iOS applications. The section ends with a look at a consistent system for evaluating and grading the security of mobile applications using the OWASP Mobile Application Security Verification (MASVS) Standard. By identifying these flaws, we can evaluate the mobile phone deployment risk to the organization with practical and useful risk metrics. Whether your role is to implement the penetration test or to source and evaluate the penetration tests of others, understanding these techniques will help you and your organization identify and resolve vulnerabilities before they become incidents.
Topics
Manipulating and Analyzing iOS Applications
- Runtime iOS application manipulation with Cycript and Frida
- iOS method swizzling
- iOS application vulnerability analysis with Objection
- Tracing iOS application behavior and API use
- Extracting secrets with KeychainDumper
- Method hooking with Frida and Objection
Manipulating and Analyzing Android Applications
- Android application manipulation with Apktool
- Reading and modifying Dalvik bytecode
- Adding Android application functionality, from Java to Dalvik bytecode
- Method hooking with Frida and Objection
Mobile Application Security Verification Standard
- Step-by-step recommendations for application analysis
- Taking a methodical approach to application security verification
- Common pitfalls while assessing applications
- Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
- Android and iOS critical data storage: Keychain and Keystore recommendations
Module5: : Penetration Testing
Overview
After analyzing the applications both statically and dynamically, one component is still left untouched: the back-end server. This course section will examine how you can perform Address Resolution Protocol spoofing attacks on a network in order to obtain a man-in-the-middle position, and how Android and iOS try to protect users from having their sensitive information intercepted. We will examine how you can set up a test device to purposely intercept the traffic in order to find vulnerabilities on the back-end server. In some engagements, we will need to access someone elses device, so we will examine whether we can break into a mobile device thats protected with a pin code or biometrics. We will end the section by creating a Remote Access Trojan (RAT) application that can be installed either on a remotely compromised device or on a physically acquired device during a red team engagement in order to target users and gain access to internal networks.
Topics
Intercepting TLS Traffic
- Exploiting HTTPS transactions with man-in-the-middle attacks
- Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks
- Bypassing Android NetworkSecurityConfig and Apple Transport Security
- Bypassing SSL pinning
Man-in-the-Middle Troubleshooting
- Analyzing common issues when performing a man-in-the-middle attack
- Using different setups to obtain a man-in-the-middle position
- Creating custom Frida hooks to bypass SSL pinning
Accessing Locked Devices
- Bruteforcing pincodes on Android and iOS
- Bypassing bruteforce protection
- Abusing Siri to acquire information
- Bypassing biometric authentication
Using Mobile Device Remote Access Trojans
- Building RAT tools for mobile device attacks
- Hiding RATs in legitimate Android apps
- Customizing RATs to evade anti-virus tools
- Integrating the Metasploit Framework into your mobile pen test
- Effective deployment tactics for mobile device Phishing attacks
Module6:: Hands-on Capture-the-Flag Event
Overview
In this final section we will pull together all the concepts and technology covered throughout the course in a comprehensive Capture-the-Flag event. In this hands-on mobile security challenge, you will examine multiple applications and forensic images to identify weaknesses and sources of sensitive information disclosure, and analyze obfuscated malware samples to understand how they work. Youll put the skills you have learned into practice in order to evaluate systems and applications, simulating the realistic environment you will be need to protect when you get back to the office.
International Student Fee: 500 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
- Join Internships and Referral Program (click for details)
- Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
Metasploit for Enterprise Penetration Testing
Wireless Penetration Testing and Ethical Hacking
Hacker Tools, Techniques, and Incident Handling
Enterprise Penetration Testing