Mobile Hacking and Security

Overview:

This Mobile Hacking and Security training exposes the mobile hacking techniques and countermeasures for iOS and Android.

Throughout the 4-day session, you will also get to practise how to analyze and evaluate mobile app threats as well as exploring how the attackers identify weaknesses. This intensive mobile hacking training is designed to equip you with the required knowledge and skills in securing mobile devices, mobile applications and mobile networks of their organization. You will also gain a deeper understanding on how to conduct mobile penetration testing and how to support BYOD infrastructures.

Duration:  04 days
Objectives:

-       Describe the software-defined data center

-       Enable you to understand and communicate the mobile security risks associated with hacking and other exploits

-       Discover real-world mobile hacking techniques and countermeasures

-       Sharpen up your technical skills and learn to fix the mobile application vulnerabilities

-       Learn to perform a mobile penetration testing on own deployment and evaluate mobile security threats and possible exploits

-       Enable you to develop and design a secure mobile application

-       Enable you to tackle real-life scenarios and apply new skills to the job with ease

Intended Audience:

-       Penetration tester, ethical hacker, mobile application developer, information security personnel, anyone who deals with implementation, testing, and securing mobiles devices.

Course outlines:

1. Module 1: Android Basics

  • Introduction
  • Logging into an Android Device
  • Android Architecture
  • Android Application

2. Module 2: Android Penetration Testing Lab Set-up

  • Basic Requirements
  • Android Rooting
  • Tools Installation

3. Module 3: Hello World in Android

  • Introduction to Android Programming
  • Building Android Application
  • Understanding Application Structure in Eclipse
  • Adding functionality to “HelloWorld” application

4. Module 4: Android Security Model

  • Android inbuilt Security Model
  • Understanding Application Sandboxing
  • Android Permission Model
  • Native application security

5. Module 5: Android Applications Penetration Testing

  • Introduction to Android Application Penetration Testing
  • Meeting Android Penetration Testing Challenges
  • Auditing Android Application for OWASP Mobile Top 10 Vulnerabilities
  • Weak Server Side Controls
  • Insecure Data Storage
  • Insufficient Transport Layer Protection
  • Unintended Data Leakage
  • Poor Authorization and Authentication
  • Broken Cryptography
  • Client Side Injection
  • Security Decisions via Untrusted Inputs
  • Improper Session Handling
  • Lack of Binary protections

6. Module 6: Automated Assessments on Android Applications

  • Android Application Penetration Testing Ecosystem
  • Overview of Automated Android Application Penetration Testing Tools
  • Introduction to Drozer
  • SQL Injection with Drozer

7. Module 7: Reverse Engineering

  • Introduction to Reverse Engineering
  • Finding the Secrets of Android Application from command-line
  • Getting familiar with smali
  • Infecting Legitimate Android Application with Malwares
  • Exploiting Android apps using backup techniques

8. Module 8: Secure Coding

  • Introduction to Secure Coding
  • Core Defensive Techniques

9. Module 9: iOS Basics

  • Introduction to iOS
  • Logging into an iDevice
  • Introduction to iOS Architecture
  • iOS Application Basics
  • Introduction to otool
  • Understanding the concept of Automatic Reference Counting
  • ARC Checking in an iOS Application

10. Module 10: iOS Penetration Testing Lab Set-up

  • Basic Requirements
  • Introduction to Jailbreaking
  • Installing the tools

11. Module 11: Setting up Xcode

  • Installing Xcode
  • Introduction to Objective-C
  • Building iOS Application
  • Understanding Application Structure in Xcode
  • Adding functionality to “HelloWorld” application

12. Module 12: iOS Security Model

  • iOS inbuilt Security Model
  • Understanding ASLR and PIE
  • Stack Smashing Protection in Xcode
  • Stack Smashing Protection Checking in Application Binaries

13. Module 13: iOS Application Penetration Testing

  • Introduction to iOS Application Penetration Testing
  • Meeting iOS Application Penetration Testing Challenges
  • Auditing iOS Application for OWASP Mobile Top 10 Vulnerabilities.
  • Weak Server Side Controls
  • Insecure Data Storage
  • Insufficient Transport Layer Protection
  • Unintended Data Leakage
  • Poor Authorization and Authentication
  • Broken Cryptography
  • Client Side Injection
  • Security Decisions via Untrusted Inputs
  • Improper Session Handling
  • Lack of Binary protections

 14. Module 14: Automated Assessments on iOS Applications

  • iOS Application Penetration Testing Ecosystem
  • Overview of Automated iOS Application Penetration Testing Tools
  • Introduction to Snoop-it
  • Traffic analysis with Snoop-it
  • Analyzing keychain with Snoop-it
  • Runtime Analysis with Snoop-it

15. Module 15: Reverse Engineering

  • Introduction to Reverse Engineering
  • Finding the Secrets of iOS Application from command-line
  • HEX Editors
  • Disassemblers
  • Introduction to Hopper
  • Modifying the Assembly with Hopper
  • Patching Application Binaries with Hopper

16. Module 16: BYOD Management

  • Introduction to BYOD
  • Mobile in the enterprise
  • BYOD challenges
  • BYOD Solutions

  • Học tại Hồ Chí Minh

  • Học tại Hà Nội

  • Học trực tuyến


Các khóa học khác