Simulator

Simulator

Preview unavailable

You must log in or sign up to view this lesson.

LoginSign up

Advanced Android and iOS Hands-on Exploitation

Buy nowLearn more

Introduction to the Class

  • Thanks for Joining2
  • How to get the most out of this training

Android Internals

  • Introduction to Android
  • Android Ecosystem and Research Opportunities
  • Building Blocks
  • Linux Kernel
  • HAL, ART and API1
  • Android Basics

Lab Setup

  • Setting up the Lab
  • Android Studio - Overview
  • Genymotion Introduction
  • Installing VM

Android: Interacting and Exploring

  • ADB: Introduction and Usage1
  • Package Manager
  • Android File System5

Deconstructing Android apps

  • Application Journey
  • Inside an APK
  • Reversing Android apps: Overview1
  • Sample Android App
  • AndroidManifest.xml
  • Decompiling using JADx
  • APKTool and Intro to Smali
  • Patching Android Binaries2

Exploiting Android Components

  • Android Apps Components
  • Introduction to Activities and Intents
  • Demo App using Activities and Intents1
  • Exploiting Activities1
  • How to find vulnerabilities
  • Unlocking Premium Components
  • Android Fragments Introduction
  • Exploiting Fragments
  • Exported Behavior of Android IPC Components

Intent Filters, Broadcasts Receivers and Deep Links

  • Intent-Filters1
  • Broadcast Receivers - Introduction
  • Exploiting a Dynamic Broadcast Receiver
  • Exploiting Intent Filters based vulnerabilities
  • Introduction to DeepLinks
  • Exploiting Deep Links6
  • Exploiting Deep Links - 22

Data Handling in Android applications

  • Data Storage - Introduction
  • What are Shared Preferences?
  • Assessing a Vault application
  • Decrypting sensitive data stored in Shared Preferences
  • Introduction to SQLite
  • Working with SQLite4
  • Introduction to Firebase
  • Identifying Firebase vulnerabilities
  • Introduction to Content Providers
  • Content Provider Security overview
  • Find and Query Content Providers
  • Introduction to Drozer
  • Exploiting Leaking Content Providers
  • Permission exploitation using Insecure Content Provider
  • Sniffing data in Broadcasts
  • introduction to External Data Storage
  • Analyzing Applock Vault app
  • Analyzing pin implementation1
  • Hex manipulation to safely store vault content

Network Security

  • Network Security approach
  • Network Security in Android
  • Introduction to Proxying
  • Setting up network proxy with Android device
  • Analyzing malware application traffic
  • Intercepting SSL traffic
  • Android Certificate/Key pinning
  • Bypassing SSL pinning using Binary modification
  • Android Webviews

Dynamic Process Instrumentation

  • Dynamic Instrumentation - What, Why and How
  • Frida 101
  • Frida setup for Android
  • Frida REPL and JS
  • Using Frida API
  • Frida + Python for app enumeration
  • Tracing instruction and method calls
  • Method Hooking
  • Accessing and Manipulating variables
  • Invoking functions
  • Method Overloading
  • Using Frida for SSL traffic analysis
  • Introduction to Objection1
  • Objection for app analysis
  • Native Library Analysis2
  • Debugging Native Libraries

iOS : Getting Started

  • Introduction to the iOS section
  • iOS outline
  • iOS - 1000 ft view
  • iOS Platform and Application security fundamentals
  • Jailbreaking

Interacting with iOS

  • Application Signing1
  • Lab Setup: iOS Device
  • Lab Setup: Host
  • Exploring iOS File System

Dev Foundations

  • Dev Foundations overview
  • Xcode Deep Dive
  • Obj-C Internals
  • Swift
  • Models, Views and Controllers
  • Delegates and Protocols1
  • Frameworks and Packages
  • Models Views and Controllers

iOS App Deep Dive

  • App Distribution
  • Dumping iOS apps
  • App Encryption
  • MachO binary
  • Information Property List
  • Frameworks and Assets
  • Intents and Application Extensions
  • Code Signing Deep Dive
  • Simulator

Data Handling in iOS apps

  • App Inspection: Data
  • Bundle
  • Data Storage Types
  • Data Protection API
  • Data Security Tools
  • Using Frida for File System tracing
  • User Defaults
  • Plist
  • Bypassing App Restricitons
  • Core Data
  • Cookies
  • Keychain
  • Keychain-II
  • Pasteboard
  • Cache
  • Memory

iOS Networking

  • Introduction to iOS Networking
  • Network traffic capture in iOS
  • Intercepting secure communication
  • Inspecting iOS Network Data
  • iOS webview
  • Remote Virtual Interfaces

iOS Binary Exploitation

  • Binary Inspection
  • Dissecting MachO
  • Classes and Methods
  • Reversing iOS Binaries for analysis
  • Binary Analysis using Ghidra for iOS
  • iOS Binary Patching
  • iOS App Repackaging

iOS Instrumentation and Debugging

  • Instrumentation & Debugging1
  • iOS Process Exploration
  • Object property modification
  • Tracing Program Execution - I
  • Tracing Program Execution - II
  • Manipulating runtime - Part I
  • Manipulating runtime - Part II
  • Intro to Debugging
  • ARM Calling Convention
  • Runtime Manipulation with Debugging - Part 1
  • Runtime Manipulation with Debugging - Part 2
  • Runtime Manipulation w: Instrumentation
  • Anti-Debugging Protection
  • THEOS : Introduction & Setup
  • Hooking into SpringBoard
  • Writing Theos Patches
  • Permanent security patches

Classroom Project

  • Classroom Project