> > > AME Detailed outline

Advanced Mobile Exploitation (AME)

Course Description Schedule Course Outline

Detailed Course Outline

Day 1

Android Basics
•Introduction to Android
•Android Architecture
•Digging into Android kernel

Android Security Model
•Android Security Architecture
•Android Permission model
•Application Sandboxing
•Bypassing Android Permissions
•Android Application Components
•Android Debug Bridge
•Creating a Simple Android Application

Introduction to ARM™ Exploitation
•Introduction to ARM™
•Instruction set and Registers
•Debugging with GDB
•Stack Overflows on ARM™
•Format String vulnerabilities
•Ret2ZP Attack and ROP
•Shellcoding on ARM™
•Exploit Mitigations and Bypasses
•ARM™ Based rootkits

Setting up the Environment
•Setting up Android Emulator
•Setting up a Mobile Pentest Environment

App Kung-fu
•Application Analysis
•Reverse Engineering
•Traffic Interception (Active and Passive) of Android Applications
•OWASP Top 10 for Android
•Sniffing Application and phone’s network data
•Unsecure file storage
•Having fun with databases

Exploiting Logic and Code flaws in applications
•Exploiting Content Providers
•SQL Injection in Android Application
•Local File Inclusion/Directory Traversal
•Drive by Exploitation
•HTML 5 Attacks
•Phishing Attacks on Android

Exploitation with AFE
•Introduction to Android Framework for Exploitation
•Finding application vulnerabilities using AFE
•Creating a malware + botnet (HTTP and SMS based)
•Crypt an existing malware/botnet to bypass Android Anti-malwares
•Extending the framework with custom plugins
•Cracking Android Applications
•Hands-on on Vulnerable Social Networking Application
•Creating and Exploiting custom ROMs
•Exploiting USB connections with Android

Dex Labs
•Introduction to Dalvik File Format
•In-depth to Smali
•Manipulating smali files and cracking Applications
•Cracking Application Licenses
•Dex file manipulation
•Obfuscating applications with dex obfuscator

Day 2

Android Forensics & Malware Analysis
•Extracting text messages, voice mails, call logs, contacts and messages
•Recovering information stored in SD Card
•Reversing and Analysing Android malwares using Apktool, dex2jar and JD-GUI
•Introduction to IDA Pro
•Analysing malwares and exploits using IDA

Further Exploitation
•Creating custom Bootloaders
•Android Root Exploits – Recreating the exploit
•Fuzzing Android components
•Webkit Exploitation
•Use After Free vulnerability and exploitation
•Writing a reliable exploit for Android
•More ROP Exploitation
•Finding ROP gadgets and building ROP Chains
•Using GDB for Android debugging
•Information Leaks in Android

Being Secure
•Android in the Enterprise
•Writing Secure Code
•Pen test before you publish
•Writing Python Scripts for automating android pen tests
•Source Code Auditing for Applications

Day 3

iOS Background
•Understanding iOS Architecture
•iOS Security Features
•iOS Application Overview

iOS Security Model
•Code Signing
•Exploit Mitigation

Setting up the Environment
•Setting up XCode
•Setting up iPhone/Simulator

iOS Hello-World
•iOS Application components
•Introduction to Objective C
•Writing a simple Hello World application in your own iDevice/Simulator
iOS App Analysis

•Reverse Engineering iOS Apps
•Decrypting Appstore Binaries
•Locating PIE (Position Independent Executable)
•Inspecting Binary
•Manipulating Runtime
Auditing Insecure API

•Evaluating the Transport Security
•Abusing Protocol Handlers
•Insecure Data Storage
•Attacking iOS keychain

App Assessments
•Setting up pen testing environment for assessment
•Passive app assessment
•Active app assessment
•Application analysis

App Kungfu
•Exploiting XSS in Apps (UIWebViews)
•Attacking XML processor
•SQL Injection
•Filesystem Interaction

Memory Corruption Issues
•Format strings
•Object use-after free
•ROP for iOS
•Exploit Mitigations in iOS

iOS Forensics
•Analysis of Backed up data in iTunes
•Extracting SMS, Call Logs, etc., from an iOS backup
•Imaging the whole device
•Being Secure

iOS App compliance checklist
•Writing Secure Codes
•Pen test your App before you publish