A Journey Into Mobile Application Hacking (iOS & Android)

This course will show you how to do mobile assessments from absolute scratch. It's great for mobile app developers and AppSec engineers who want to know how attackers could target their applications. The course consists of two days of which 60% is practical. Designed, developed and delivered by the team behind one of the most commonly used mobile application hacking tools known as Objection. The course will cover Android and iOS with a playground of apps that you can hack to your heart's content. 

QuickStart Class

This class is FREE! Unlock your team's capacity to deliver better, more secure products and services by arming them with the knowledge and skills to maximize their use of the Corellium Virtual Hardware platform. This class is for new and prospective users interested in using virtual mobile and IoT devices for their security, R&D, testing, and teaching work.

Intro to Mobile AppSec and Pen-Test Tools for iOS and Android

Students will gain first-hand knowledge of tools, tactics and techniques used to discover mobile app vulnerabilities. Includes a crash-course on the OWASP Mobile App Verification Standard (MSAVS) V1-V8 test cases with live demos. Class is live and virtual, with an open Q&A format. It's also custom scheduled for private audiences.

Intro to iOS Kernel Tools for Vulnerability Researchers

An overview of using the Corellium platform to dig deeper into the inner workings of the Apple iOS operating system through a vulnerability research and validation lens. Students will get first-hand knowledge of tactics and techniques used to discover vulnerabilities and research new exploits. Class is live and virtual, with an open Q&A format. It's also custom scheduled for private audiences.

Practical Security Testing for iOS and Android

Freshly updated in 2023 to include platform changes and advances in mobile applications, this hands-on 4-day course will teach students how to conduct comprehensive security assessments of mobile applications for modern Android and iOS platforms. The course starts off by familiarizing students with the Android and iOS platforms and respective security models. From there, students will learn how to build a test environment and how to statically analyze application packages and binaries. 

FOR518: Mac and iOS Forensic Analysis and Incident Response

FOR518 provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.

Tryout Labs

This lab is FREE! Explore the thrilling world of Android Userland Exploitation! Delve into key topics such as exploiting memory corruptions and creating an exploit for heap overflow vulnerability. This hands-on teaser offers limited-time access to Corellium mobile devices and focused labs, providing a glimpse into our comprehensive Android Userland Fuzzing and Exploitation course.

Android Userland Fuzzing and Exploitation

Introduction to the world of Android user-land exploitation techniques used by threat actors. Covers the basics of ARM assembly language and reversing the Android Native component. Learn how to find functions that can be harnessed and fuzzed to identify 0day vulnerabilities. Analyze crashes found by your fuzzer and how to exploit them. Learn about Android Userland exploitation and review the tools needed to build reliable and weaponized exploits.

SEC568: Combating Supply Chain Attacks with Product Security Testing

Think Red, Act Blue - Attackers are using new methods of compromising software supply chains that bypass traditional security controls across multiple attack surfaces. SEC568 offers comprehensive training, equipping you with the technical expertise to conduct precise product security assessments and risk analysis. Gain the knowledge and skills needed to protect your digital assets in a rapidly changing threat landscape. Course includes using Corellium for providing virtual Android devices to students.

SEC575: iOS and Android App Security Analysis and Penetration Testing

SEC575 will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

Offensive Mobile Malware Analysis

This course will focus on providing participants with advanced knowledge and skills required to analyze mobile malware on iOS and Android platforms. The course will cover the latest techniques used by attackers to infect mobile devices and will delve into advanced malware analysis concepts. Participants will learn how to use cutting-edge tools and techniques to analyze mobile malware and detect advanced evasion techniques.

Offensive ARM64 Reversing and Exploitation

In this course, we will start with the ARM instruction set and learn about some of the most important instructions and registers. We will look at some of the security mitigations that are present, and its adaptation in real world devices. We will look at some of the different exploitation categories (Heap Overflow, Use-after-free, Uninitialized stack variable etc), followed by a quick intro to reverse engineering. We will then cover reverse engineering some simple binaries and spend the rest of the course writing exploits.

Practical Mobile Application Exploitation

This training is based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and a wide range of real-world application vulnerabilities. Students will learn about reverse engineering apps and system binaries, performing 1-click exploits, about anti-debugging and obfuscation techniques, bypassing exploit mitigations, and walkthroughs of tools like IDA Pro, Hopper, and Frida.

Offensive Mobile Reversing and Exploitation

Curriculum includes the latest ARM64 instruction set and the information required to get started with reverse engineering ARM binaries. Dive deep into common vulnerabilities in mobile browsers and explore the internals of mobile kernels, along with several kernel security mitigations. With a focus on real-world scenarios, get a basic introduction to the latest bugs and mitigations, including PAC, CoreTrust, and PPL, and common bug categories like UaF and heap overflow. Go into the process of reverse engineering iOS and Android binaries, including both apps and system binaries. Learn how to conduct basic fuzz testing and how to audit iOS and Android apps for security vulnerabilities.