8ksec logo

OFFENSIVE MOBILE REVERSING AND EXPLOITATION​

HomepageTrainings / OFFENSIVE MOBILE REVERSING AND EXPLOITATION

Private Trainings

Training Details

  • Training Length – 4 Days
  • Venue – Virtual / On-Site 

 

 What Will Students Learn

  • Get an understanding of ARM64 instruction set (including ARM 8.3)
  • Understand the Browser Security mitigations on Mobile Devices
  • Understand some common vulnerabilities in Mobile Browsers and learn and how to exploit them
  • Learn the internals of iOS and Android Kernel along with several Kernel security mitigations
  • Understand some of the latest bugs and mitigations (PAC, CoreTrust, PPL, etc)
  • Get an intro to some common bug categories UaF, Heap overflow, etc
  • Understand how jailbreaks and exploits are written (including iOS 13)
  • Reverse engineer iOS and Android binaries (Apps and system binaries)
  • Do basic fuzz testing of iOS and Android apps
  • Learn how to audit iOS and Android apps for security vulnerabilities
  • Understand and bypass anti-debugging and obfuscation techniques
  • Get a quick walkthrough on using IDA Pro, Hopper, Frida, etc

Course Description

After running sold-out trainings at multiple conferences over the last few years, we are back with an updated version of our course which now covers ARM64, mobile browser security, and detailed Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set and calling conventions followed by some reverse engineering exercises. We then learn how to craft simple exploits for the ARM64 environment. Next, we move to Mobile browser security, understand some of the browser mitigations followed by writing some simple exploits for the mobile browser. We then cover iOS and Android internals in further detail. We then discuss some of the exploitation techniques using real-world vulnerabilities (e.g., voucher_swap, checkm8, etc) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variable, Race conditions). The training then moves on to application security based on exploiting the Damn Vulnerable iOS app, Android-InsecureBankv2, and InsecurePass application written by the authors of this course in addition to a broad range of other real-world applications. We also cover a variety of mitigations deployed in real-world apps and discuss how to bypass them. Slides, videos and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course.

Who Should Take This Course

  • This course is for penetration testers, mobile developers, or anyone keen to learn mobile application security, and wants to get started in OS exploitation.

Lorem Ipsum Dolor Sit Amet, Consectetur

Lorem Ipsum Dolor Sit Amet, Consectetur Lorem Ipsum Dolor Sit Amet, Consectetur

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Sample video Content

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim. Praesent egestas, urna quis auctor iaculis, lacus tortor porta ligula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim. Praesent egestas, urna quis auctor iaculis, lacus tortor porta ligula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim. Praesent egestas, urna quis auctor iaculis, lacus tortor porta ligula.

Lorem Ipsum

Lorem Ipsum Dolor Sit Amet,

Lorem Ipsum Dolort,

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum Dolort, Ipsum Dolort,

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum Dolort, Ipsum

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum Dolort,

Lorem Ipsum

Lorem Ipsum Dolor Sit Amet,

Lorem Ipsum Dolort,

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

CONTACT US

Please share with us the project requirements and the goals you want to achieve,  and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY

Lorem Ipsum

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing eli

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing eli

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique,

leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. leo sit amet. Proin tristique, leo sit amet.

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. elit. Proin tristique, leo sit amet. Proin tristique, leo sit amet. leo sit amet. Proin tristique, leo sit amet.

TESTIMONIALS

What Client Says About Us

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sagittis mauris ac enim sagittis dignissim.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tristique, leo sit amet aliquet sollicitudin, nulla mi viverra mi, a sodales magna sem quis sem. Phasellus finibus lectus ac ligula gravida vulputate.