What's the topic?
Bootcamp D: Exploiting real-world issues on Android/iOS applications (1-Day Bootcamp)
Wed, 07. Sep. 2022, 08:30 - 17:30
| If you're looking to get some hands-on experience with the tools and techniques used for breaking mobile application, this is the class for you. From exploiting old-school misconfiguration issues using automated tools (Objection, Drozer, etc) to the very latest exploits to simulate malicious applications and complex attacking scenarios, we have got it all covered ! Detailled outline : For each platform (Android/iOS) we start by a brief introduction on its internal security mechanisms, and then we continue with a set of hands-on exercises on the most common issues. Each exercise item is structured as follow : • A brief overview on the mobile component involved in the issue ; • A case study of the issue on a real world application, and the technical steps to reproduce it ; • CTF-based exercise to test the gained skill (Please refer to the attached docuement to this submission which provide an example of this structure). Each lab item using different technics : from basic static analysis, to dynamic and runtime advanced checks. Participants will get a web-based access to a pre-configured pentesting environment that includes : • A virtual machine with set of tools to use directly. • An access to a cloud-based virtual device for each platform (Android and iOS) to install and test vulnerable apps No material requirements, or annoying VPN setup is required : a Web browser is the only thing you need to jump right on the hands-on labs. PS : student will get also an offline version of the lab tools in case they want to use it later. |
Speaker:
