Android and iOS Hands-on Exploitation

- Subho Halder

The training will focus on the latest attack vectors for both Android and iOS platform.We have also created vulnerable labs, as well as live environments, for penetration testing of Android and iOS apps, as well as finding and exploiting the security issues.

The training is more hands-on and less theory, where the participants will get a first-hand experience of finding vulnerabilities using Code Analysis, Debugging, Bypassing Sandbox and the Permission Model, Exploiting known issues, Traffic Interception, Forensics, Abusing protocols and much more.

Daily Class Outline

Day 1: Android Exploitation

Module 1:

Android Basics

• Introduction to Android
• Android Architecture
• Digging into Android kernel

Android Security Model

• Android Security Architecture
• Android Permission model
• Application Sandboxing
• Bypassing Android Permissio
• Android Application Components
• Android Debug Bridge

Module 2:

Introduction to ARM

• Introduction to ARM
• Instruction set and Registers
• Debugging with GDB
• Stack Overflows on ARM
• Shellcoding on ARM
• Android root exploits

Module 3:

Setting up the Environment

• Setting up Android Emulator
• Setting up a Mobile Pentest Environment

App Kung-fu

• Application Analysis
• Reverse Engineering
• Traffic Interception of Android Applications
• OWASP Top 10 for Android
• Sniffing Application and phone's data
• Unsecure file storage
• Having fun with databases

Exploiting Logic and Code flaws in applications

• Exploiting Content Providers
• SQL Injection in Android Application
• Local File Inclusion/Directory Traversal
• Drive by Exploitation
• Tapjacking
• HTML 5 Attacks
• Phishing Attacks on Android

Day 2: Android and iOS Exploitation

Module 4:

Exploitation with AFE

• Introduction to Android Framework for Exploitation
• Finding application vulnerabilities using the framework
• Creating a malware/botnet for analysis
• Crypt an existing malware/botnet to bypass Android Anti- malwares
• Extending the framework with custom plugins

Module 5:

Android Forensics

• Extracting text messages, voice mails, call logs, contacts and messages
• Recovering information stored in SD Card

Further Exploitation

• Android Malwares and Botnets
• Cracking Android Applications
• Vulnerable Social Networking Application (xyShare)
• Creating and Exploiting custom ROMs
• Exploiting USB connections with Android

Being secure

• Android in the Enterprise
• Writing Secure Code
• Pentest before you publish
• Automated Pentesting environment

iOS Exploitation

Module 6:

iOS Background

• Understanding iOS Architecture
• iOS Security Features
• iOS Application Overview iOS Security Model
• Code Signing
• Sandboxing
• Exploit Mitigation
• Encryption

Setting up the Environment

• Setting up XCode
• Setting up iPhone/Simulator

Module 7::

iOS Hello-World

• iOS Application components
• Introduction to Objective C
• Writing a simple Hello World application in your own iDevice/Simulator

iOS App Analysis

• Reverse Engineering iOS Apps
• Decrypting Appstore Binaries
• Locating PIE (Position Independent Executable)
• Inspecting Binary
• Manipulating Runtime

Day 3: iOS Exploitation

Module 8:

Auditing Insecure API

• Evaluating the Transport Security
• Abusing Protocol Handlers
• Insecure Data Storage
• Attacking iOS keychain

App Assessments

• Setting up pentesting environment for assessment
• Passive app assessment
• Active app assessment
• Application analysis

App Kungfu

• Exploiting XSS in Apps (UIWebViews)
• Attacking XML processor
• SQL Injection
• Filesystem Interaction
• Geolocation
• Logging
• Background-ing

Memory Corruption Issues

• Format strings
• Object use-after free

Module 9:

iOS Forensics

• Analysis of Backed up data in iTunes
• Extracting SMS, Call Logs, etc., from an iOS backup
• Imaging the whole device

Being Secure

• iOS App compliance checklist
• Writing Secure Codes
• Pentest your App before you publish