Offensive Mobile Malware Analysis

On-Site Live Group Training / Virtual Live Group Training

Hands-on Mobile Malware Analysis Training

Master the essential skills and techniques required to reverse engineer malware on both iOS and Android systems, from initial identification to in-depth understanding of malware behavior and artifact detection. Learn static and dynamic analysis techniques, enabling participants to dissect malware code, examine its functionality, and uncover hidden behaviors.

What You Will Learn

The Offensive Mobile Malware Analysis course is designed to give a proper understanding of malware threats aimed at iOS and Android platforms. With a focus on mobile OS internals, mobile device vulnerabilities, attack vectors, and security mitigations, this course provides hands-on experience and practical insights. The curriculum begins with an in-depth exploration of iOS and Android architectures, focusing on their security features and platform specific APIs. Participants gain a comprehensive understanding of the challenges posed by modern mobile malware, including obfuscation, anti-detection techniques, and exploit delivery. The course covers sandboxing and the attack surface available from a sandboxed app, and later also discusses creation of jailbreaks and exploits. It also offers a comprehensive insight into reversing Objective-C, Swift, Java, Kotlin and Smali code, as well as native Android and iOS binaries. The curriculum also covers advanced Frida techniques, such as custom tracing, profiling, and advanced memory inspection, with practical application in real-world scenarios. Through case studies of prominent malware like Pegasus, Joker, MasterFred, Hermit, and Cerberus and several custom malware samples designed for the course, the course sheds light on reverse engineering, advanced forensics techniques, and extracting and analyzing forensic artifacts. It concludes with insights into future research opportunities.

On attending this course, you will get:

Certificate of completion for the Training program
Source code for custom malwares
All Frida Scripts used during the course
Students will be provided with access to Corellium for iOS and Android hands-on for the duration of the course
Students will be provided access to cloud instances for the duration of the course
Slack access for the class and after for regular mobile security discussions

Key Objectives

ARM Instruction set (includes updates from ARMv9)
iOS and Android Security Model
Setting up your own Malware Research Environment
Corellium for Malware Research
Understand how jailbreaks and exploits are written
Reversing Objective-C, Swift, Java, Kotlin, and Smali code
Reversing Native Android and iOS Binaries
Frida for Runtime Analysis
Advanced Frida Techniques (Advanced Memory Inspection, Custom Tracing and Profiling, Inspecting Real-world applications using Frida)
Case Study of Public Malware (Pegasus, Cerberus, MasterFred, etc)
Case Study of Custom Malware designed for the course
iOS and Android Forensics Techniques
Inspecting Crash Logs
Extraction and Analysis of Forensic Artifacts
Conclusion and Future Research

Duration

2 Days

Ways to Learn

Live Virtual

Live On-Site

Who Should Attend?

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security.

laptop Requirements

Laptop with: 8+ GB RAM and 40 GB hard disk space
Students will be provided with access to Linux cloud instances
Students will be provided with access to Corellium for Android and iOS hands-on and as such do not need to carry physical devices
Administrative access on the system is required

Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

Module 1: Introduction to Reverse Engineering in iOS and Android

Key Concepts and Terminologies
Introduction to Hopper/Ghidra
Introduction to the ARM 64 instruction set
Disassembling methods
Modifying assembly instructions
Deciphering Mangled Swift Symbols
Identifying Native Code
Understanding the Program flow
Identifying Cross-Platform mobile frameworks

Module 2: Intro to iOS Security

iOS security model
App Signing, Sandboxing, and Provisioning
iOS App Groups
Primer to iOS 17-18 security
Xcode Primer
Address Sanitizer
Exploring the iOS filesystem
What’s in a Code Signature ?
Entitlements explained
How Sandboxing works on iOS
Sandbox profiles
Setting up lldb for Debugging
lldb basic and advanced usage
Setting up the testing environment
Jailbreaking your device
What’s in a Rootless Jailbreak ?
Jailbreak Bootstraps
Sideloading apps
Binary protection measures
Decrypting IPA files
Self-signing iOS binaries

Module 3: Into to Android Security

Android Security Architecture
Extracting APK files from Google Play
Understanding Android application structure
Signing Android applications
Understanding Android ADB
Understanding the Android file system
Permission Model Flaws
Attack Surfaces for Android applications

Module 4: Frida in-depth

Overview of Frida and its capabilities
Setting up the Frida environment
Frida usage and commands
Frida-trace and handlers
Frida hooking techniques
Frida on native code
Frida memory manipulation techniques
Analyzing messaging apps using Frida
Invoking custom functions with Frida

Module 5: Reversing iOS and Android apps

Introduction to Objective-C and Swift
Reversing Objective-C, Swift, Kotlin and Java Binaries
Reversing Obfuscated Code
Reversing malicious iOS daemons
Inspecting IPC traffic
Understanding different stages of a Malware
Device Acquisition techniques
Using Custom IOCs
Case Study of Public iOS Malware
Process of Android Apps Engineering
Reverse Engineering for Android Apps
Smali Learning Labs
Examining Smali files
Smali vs Java
Dex Analysis and Obfuscation
Reversing Obfuscated Android Applications
Case Study of Popular Android Malwares
Patching Android Applications
Android App Hooking
Understanding the Program flow
Identifying Cross-Platform mobile frameworks

Module 6: Static and Dynamic analysis

Proxying iOS and Android Traffic
Introduction to Certificate Transparency
Exploiting Local Storage
Exploiting Weak Cryptography
Multiple Manual and Automated Root Detection and Bypass Techniques
Analyzing Proguard, DexGuard, and other Obfuscation Techniques
Multiple Manual and Automated SSL Pinning Bypass techniques

Module 7: Mobile Verification and Security Assessment

Inspecting Crash Logs
Extraction and Analysis of Forensic Artifacts
Introduction to the Mobile Verification Toolkit (MVT) for mobile app verification and security assessment.
Using MVT for analyzing mobile apps, identifying vulnerabilities, and performing security assessments.
Hands-on practice with MVT tools and techniques for mobile security assessment.
Engaging in practical labs and case studies of Public Malwares.
Identifying Malware artifacts from Filesystem and Backups

Prerequisites

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pentesting fundamentals
Working knowledge of Malware analysis fundamentals on any platform
Basic working knowledge of Android and iOS platforms
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required

Certified Mobile Malware Reverse Engineer (CMMRE)

This course prepares you for the Certified Mobile Malware Reverse Engineer (CMMRE) certification exam, a hands-on assessment specifically designed to test your ability to reverse engineer, and analyze complex real-world malwares found in mobile applications.

Exam Duration : 48 hours

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Interactive discussion in a mobile security training session at BlackHat

Trainer engaging with attendees in a mobile security training.

Participants in a mobile security training session watching a presentation.

Classroom setup during a mobile security training session.

Participants taking notes during a mobile security training session.

Group interaction in a mobile security training session.

Trainer presenting on mobile security to a group using a projector.

Participants viewing a slide presentation on mobile security.

Training session with participants using laptops in a mobile security course.

Wide view of a mobile security training session with attendees.

Participants listening during a mobile security training session.

Close-up of participants at a mobile security training session.

Trainer presenting to participants in a mobile security training session.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

OUR MODES OF TRAINING

Perfect for Teams in Multiple Locations

Real-time interaction with our expert trainers over Zoom
Customizable content tailored to your team’s needs
Continued support after the training

Perfect for Teams in One Location

Real-time interaction with our expert trainers at an onsite location
Customizable content tailored to your team’s needs
Continued support after the training

FAQ

What are the different formats in which the courses are offered?

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

Is prior experience in mobile security necessary to enroll in the training program?

While prior experience is helpful, the course is designed to accommodate various skill levels. It provides a structured learning path, starting from foundational concepts and progressing to advanced techniques.

Can i share the purchased course material with other people?

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

Where can i find the Certificate of Course Completion?

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

Do i need to setup any Labs in order to perform the Labs in the training?

For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

How long does it take to get the results after submitting the Report?

Once you submit your report, one of the members of our review board will review the report and provide with the results in 3 business days.

How Much Does it Cost to Retake the Certification Exam?

The fee to retake the certification exam is USD $119. To schedule your re-examination, simply email info@8ksec.io and our logistics team will be in touch.

Where can i find the schedule of your Virtual/Live Training classes?

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve, and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY

Get the latest news & updates