Training Classes

This class is FREE! Unlock your team's capacity to deliver better, more secure products and services by arming them with the knowledge and skills to maximize their use of the Corellium Virtual Hardware platform. This class is for new and prospective users interested in using virtual mobile and IoT devices for their security, R&D, testing, and teaching work.

Students will gain first-hand knowledge of tools, tactics and techniques used to discover mobile app vulnerabilities. Includes a crash-course on the OWASP Mobile App Verification Standard (MSAVS) V1-V8 test cases with live demos. Class is live and virtual, with an open Q&A format. It's also custom scheduled for private audiences.

An overview of using the Corellium platform to dig deeper into the inner workings of the Apple iOS operating system through a vulnerability research and validation lens. Students will get first-hand knowledge of tactics and techniques used to discover vulnerabilities and research new exploits. Class is live and virtual, with an open Q&A format. It's also custom scheduled for private audiences.

This lab is FREE! Explore the thrilling world of Android Userland Exploitation! Delve into key topics such as exploiting memory corruptions and creating an exploit for heap overflow vulnerability. This hands-on teaser offers limited-time access to Corellium mobile devices and focused labs, providing a glimpse into our comprehensive Android Userland Fuzzing and Exploitation course.

Introduction to the world of Android user-land exploitation techniques used by threat actors. Covers the basics of ARM assembly language and reversing the Android Native component. Learn how to find functions that can be harnessed and fuzzed to identify 0day vulnerabilities. Analyze crashes found by your fuzzer and how to exploit them. Learn about Android Userland exploitation and review the tools needed to build reliable and weaponized exploits.

Think Red, Act Blue - Attackers are using new methods of compromising software supply chains that bypass traditional security controls across multiple attack surfaces. SEC568 offers comprehensive training, equipping you with the technical expertise to conduct precise product security assessments and risk analysis. Gain the knowledge and skills needed to protect your digital assets in a rapidly changing threat landscape. Course includes using Corellium for providing virtual Android devices to students.

SEC575 will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

This course will focus on providing participants with advanced knowledge and skills required to analyze mobile malware on iOS and Android platforms. The course will cover the latest techniques used by attackers to infect mobile devices and will delve into advanced malware analysis concepts. Participants will learn how to use cutting-edge tools and techniques to analyze mobile malware and detect advanced evasion techniques.

In this course, we will start with the ARM instruction set and learn about some of the most important instructions and registers. We will look at some of the security mitigations that are present, and its adaptation in real world devices. We will look at some of the different exploitation categories (Heap Overflow, Use-after-free, Uninitialized stack variable etc), followed by a quick intro to reverse engineering. We will then cover reverse engineering some simple binaries and spend the rest of the course writing exploits.

This training is based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and a wide range of real-world application vulnerabilities. Students will learn about reverse engineering apps and system binaries, performing 1-click exploits, about anti-debugging and obfuscation techniques, bypassing exploit mitigations, and walkthroughs of tools like IDA Pro, Hopper, and Frida.

Curriculum includes the latest ARM64 instruction set and the information required to get started with reverse engineering ARM binaries. Dive deep into common vulnerabilities in mobile browsers and explore the internals of mobile kernels, along with several kernel security mitigations. With a focus on real-world scenarios, get a basic introduction to the latest bugs and mitigations, including PAC, CoreTrust, and PPL, and common bug categories like UaF and heap overflow. Go into the process of reverse engineering iOS and Android binaries, including both apps and system binaries. Learn how to conduct basic fuzz testing and how to audit iOS and Android apps for security vulnerabilities.