Hacking Android and IoT apps by example
This course is the culmination of years of experience gained via practical penetration testing of mobile applications as well as countless hours spent in research. We have structured this course around the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. This course provides participants with actionable skills that can be applied immediately from day 1.
Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. As we try to keep both new and advanced students happy, the course is very comprehensive and we have not met any student able to complete all challenges during the class, therefore training continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.
Each day starts with a brief introduction to the mobile platform for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.
Day 1: Focused specifically on Android: We start with understanding applications and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands on exercises and CTF-style challenges.
Part 2 – Dynamic Analysis
– Monitoring data: LogCat, Insecure file storage, Android Keystore, etc. – The art of MitM: Intercepting Network Communications
– The art of Instrumentation: Hooking with Xposed
– App behaviour monitoring at runtime
– Defeating Certificate Pinning and root detection at runtime – Modifying app behaviour at runtime
Part 3 – Test Your Skills
– CTF time, including finding IoT vulnerabilities through app analysis