|If you're looking to get some hands-on experience with the tools and techniques used for breaking mobile application, this is the class for you. From exploiting old-school misconfiguration issues using automated tools (Objection, Drozer, etc) to the very latest exploits to simulate malicious applications and complex attacking scenarios, we have got it all covered !|
Detailled outline :
For each platform (Android/iOS) we start by a brief introduction on its internal security mechanisms, and then we continue with a set of hands-on exercises on the most common issues. Each exercise item is structured as follow :
• A brief overview on the mobile component involved in the issue ;
• A case study of the issue on a real world application, and the technical steps to reproduce it ;
• CTF-based exercise to test the gained skill
(Please refer to the attached docuement to this submission which provide an example of this structure).
Each lab item using different technics : from basic static analysis, to dynamic and runtime advanced checks.
Participants will get a web-based access to a pre-configured pentesting environment that includes :
• A virtual machine with set of tools to use directly.
• An access to a cloud-based virtual device for each platform (Android and iOS) to install and test vulnerable apps
No material requirements, or annoying VPN setup is required : a Web browser is the only thing you need to jump right on the hands-on labs.
PS : student will get also an offline version of the lab tools in case they want to use it later.