Offensive Mobile Malware Analysis

On-Site Live Group Training / Virtual Live Group Training

Hands-on Mobile Malware Analysis Training

Master the essential skills and techniques required to reverse engineer malware on both iOS and Android systems, from initial identification to in-depth understanding of malware behavior and artifact detection. Learn static and dynamic analysis techniques, enabling participants to dissect malware code, examine its functionality, and uncover hidden behaviors.

What You Will Learn

The Offensive Mobile Malware Analysis course is designed to give a proper understanding of malware threats aimed at iOS and Android platforms. With a focus on mobile OS internals, mobile device vulnerabilities, attack vectors, and security mitigations, this course provides hands-on experience and practical insights. The curriculum begins with an in-depth exploration of iOS and Android architectures, focusing on their security features and platform specific APIs. Participants gain a comprehensive understanding of the challenges posed by modern mobile malware, including obfuscation, anti-detection techniques, and exploit delivery. The course covers sandboxing and the attack surface available from a sandboxed app, and later also discusses creation of jailbreaks and exploits. It also offers a comprehensive insight into reversing Objective-C, Swift, Java, Kotlin and Smali code, as well as native Android and iOS binaries. The curriculum also covers advanced Frida techniques, such as custom tracing, profiling, and advanced memory inspection, with practical application in real-world scenarios. Through case studies of prominent malware like Pegasus, Joker, MasterFred, Hermit, and Cerberus and several custom malware samples designed for the course, the course sheds light on reverse engineering, advanced forensics techniques, and extracting and analyzing forensic artifacts. It concludes with insights into future research opportunities.

On attending this course, you will get:

  • Certificate of completion for the Training program
  • Source code for custom malwares
  • All Frida Scripts used during the course
  • Students will be provided with access to Corellium for iOS and Android hands-on for the duration of the course
  • Students will be provided access to cloud instances for the duration of the course
  • Slack access for the class and after for regular mobile security discussions

Key Objectives

  • ARM Instruction set (includes updates from ARMv9)
  • iOS and Android Security Model
  • Setting up your own Malware Research Environment
  • Corellium for Malware Research
  • Understand how jailbreaks and exploits are written
  • Reversing Objective-C, Swift, Java, Kotlin, and Smali code
  • Reversing Native Android and iOS Binaries
  • Frida for Runtime Analysis
  • Advanced Frida Techniques (Advanced Memory Inspection, Custom Tracing and Profiling, Inspecting Real-world applications using Frida)
  • Case Study of Public Malware (Pegasus, Cerberus, MasterFred, etc)
  • Case Study of Custom Malware designed for the course
  • iOS and Android Forensics Techniques
  • Inspecting Crash Logs
  • Extraction and Analysis of Forensic Artifacts
  • Conclusion and Future Research

Duration

2 Days

Ways to Learn

Who Should Attend?

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security.

laptop Requirements

  • Laptop with: 8+ GB RAM and 40 GB hard disk space
  • Students will be provided with access to Linux cloud instances
  • Students will be provided with access to Corellium for Android and iOS hands-on and as such do not need to carry physical devices
  • Administrative access on the system is required

Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

  • Key Concepts and Terminologies
  • Introduction to Hopper/Ghidra
  • Introduction to the ARM 64 instruction set
  • Disassembling methods
  • Modifying assembly instructions
  • Deciphering Mangled Swift Symbols
  • Identifying Native Code 
  • Understanding the Program flow
  • Identifying Cross-Platform mobile frameworks
  • iOS security model
  • App Signing, Sandboxing, and Provisioning
  • iOS App Groups
  • Primer to iOS 17-18 security
  • Xcode Primer 
  • Address Sanitizer
  • Exploring the iOS filesystem
  • What’s in a Code Signature ?
  • Entitlements explained
  • How Sandboxing works on iOS
  • Sandbox profiles
  • Setting up lldb for Debugging
  • lldb basic and advanced usage
  • Setting up the testing environment
  • Jailbreaking your device
  • What’s in a Rootless Jailbreak ?
  • Jailbreak Bootstraps
  • Sideloading apps
  • Binary protection measures
  • Decrypting IPA files
  • Self-signing iOS binaries
  • Android Security Architecture
  • Extracting APK files from Google Play
  • Understanding Android application structure
  • Signing Android applications
  • Understanding Android ADB
  • Understanding the Android file system
  • Permission Model Flaws
  • Attack Surfaces for Android applications
  • Overview of Frida and its capabilities
  • Setting up the Frida environment
  • Frida usage and commands
  • Frida-trace and handlers
  • Frida hooking techniques
  • Frida on native code
  • Frida memory manipulation techniques
  • Analyzing messaging apps using Frida
  • Invoking custom functions with Frida
  • Introduction to Objective-C and Swift
  • Reversing Objective-C, Swift, Kotlin and Java Binaries
  • Reversing Obfuscated Code 
  • Reversing malicious iOS daemons
  • Inspecting IPC traffic
  • Understanding different stages of a Malware
  • Device Acquisition techniques
  • Using Custom IOCs
  • Case Study of Public iOS Malware
  • Process of Android Apps Engineering
  • Reverse Engineering for Android Apps
  • Smali Learning Labs
  • Examining Smali files
  • Smali vs Java
  • Dex Analysis and Obfuscation
  • Reversing Obfuscated Android Applications
  • Case Study of Popular Android Malwares
  • Patching Android Applications
  • Android App Hooking
  • Understanding the Program flow
  • Identifying Cross-Platform mobile frameworks
  • Proxying iOS and Android Traffic
  • Introduction to Certificate Transparency
  • Exploiting Local Storage
  • Exploiting Weak Cryptography
  • Multiple Manual and Automated Root Detection and Bypass Techniques
  • Analyzing Proguard, DexGuard, and other Obfuscation Techniques
  • Multiple Manual and Automated SSL Pinning Bypass techniques
  • Inspecting Crash Logs
  • Extraction and Analysis of Forensic Artifacts
  • Introduction to the Mobile Verification Toolkit (MVT) for mobile app verification and security assessment.
  • Using MVT for analyzing mobile apps, identifying vulnerabilities, and performing security assessments.
  • Hands-on practice with MVT tools and techniques for mobile security assessment.
  • Engaging in practical labs and case studies of Public Malwares.
  • Identifying Malware artifacts from Filesystem and Backups

Prerequisites

To successfully participate in this course, attendees should possess the following:

  • Working knowledge of cybersecurity and pentesting fundamentals
  • Working knowledge of Malware analysis fundamentals on any platform
  • Basic working knowledge of Android and iOS platforms
  • Basic Linux skills and command-line proficiency
  • Understanding of fundamental programming concepts and looping structures in at least one higher-level language  (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
  • Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required

Certified Mobile Malware Reverse Engineer (CMMRE)

This course prepares you for the Certified Mobile Malware Reverse Engineer (CMMRE) certification exam, a hands-on assessment specifically designed to test your ability to reverse engineer, and analyze complex real-world malwares found in mobile applications.

Exam Duration : 48 hours

CMMR_logo

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

Take Your Skills To The Next Level

OUR MODES OF TRAINING

LIVE VIRTUAL

GET IN TOUCH FOR PRICING

Perfect for Teams in Multiple Locations
 
  • Real-time interaction with our expert trainers over Zoom
  • Customizable content tailored to your team’s needs
  • Continued support after the training

LIVE ON-SITE

GET IN TOUCH FOR PRICING

Perfect for Teams in One Location
 
  • Real-time interaction with our expert trainers at an onsite location
  • Customizable content tailored to your team’s needs
  • Continued support after the training

FAQ

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

While prior experience is helpful, the course is designed to accommodate various skill levels. It provides a structured learning path, starting from foundational concepts and progressing to advanced techniques.

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

Once you submit your report, one of the members of our review board will review the report and provide with the results in 3 business days.

The fee to retake the certification exam is USD $119. To schedule your re-examination, simply email info@8ksec.io and our logistics team will be in touch.

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve,  and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY