What's the topic?

Bootcamp D: Exploiting real-world issues on Android/iOS applications (1-Day Bootcamp)

Wed, 07. Sep. 2022, 08:30 - 17:30

If you're looking to get some hands-on experience with the tools and techniques used for breaking mobile application, this is the class for you. From exploiting old-school misconfiguration issues using automated tools (Objection, Drozer, etc) to the very latest exploits to simulate malicious applications and complex attacking scenarios, we have got it all covered !

Detailled outline :
For each platform (Android/iOS) we start by a brief introduction on its internal security mechanisms, and then we continue with a set of hands-on exercises on the most common issues. Each exercise item is structured as follow :

• A brief overview on the mobile component involved in the issue ;
• A case study of the issue on a real world application, and the technical steps to reproduce it ;
• CTF-based exercise to test the gained skill
(Please refer to the attached docuement to this submission which provide an example of this structure).

Each lab item using different technics : from basic static analysis, to dynamic and runtime advanced checks.
Participants will get a web-based access to a pre-configured pentesting environment that includes :

• A virtual machine with set of tools to use directly.
• An access to a cloud-based virtual device for each platform (Android and iOS) to install and test vulnerable apps

No material requirements, or annoying VPN setup is required : a Web browser is the only thing you need to jump right on the hands-on labs.
PS : student will get also an offline version of the lab tools in case they want to use it later.