Offensive Mobile Malware Analysis

This course will focus on providing participants with advanced knowledge and skills required to analyze mobile malware on iOS and Android platforms. The course will cover the latest techniques used by attackers to infect mobile devices and will delve into advanced malware analysis concepts. Participants will learn how to use cutting-edge tools and techniques to analyze mobile malware and detect advanced evasion techniques.

Offensive ARM64 Reversing and Exploitation

In this course, we will start with the ARM instruction set and learn about some of the most important instructions and registers. We will look at some of the security mitigations that are present, and its adaptation in real world devices. We will look at some of the different exploitation categories (Heap Overflow, Use-after-free, Uninitialized stack variable etc), followed by a quick intro to reverse engineering. We will then cover reverse engineering some simple binaries and spend the rest of the course writing exploits.

Practical Mobile Application Exploitation

This training is based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and a wide range of real-world application vulnerabilities. Students will learn about reverse engineering apps and system binaries, performing 1-click exploits, about anti-debugging and obfuscation techniques, bypassing exploit mitigations, and walkthroughs of tools like IDA Pro, Hopper, and Frida.

Offensive Mobile Reversing and Exploitation

Curriculum includes the latest ARM64 instruction set and the information required to get started with reverse engineering ARM binaries. Dive deep into common vulnerabilities in mobile browsers and explore the internals of mobile kernels, along with several kernel security mitigations. With a focus on real-world scenarios, get a basic introduction to the latest bugs and mitigations, including PAC, CoreTrust, and PPL, and common bug categories like UaF and heap overflow. Go into the process of reverse engineering iOS and Android binaries, including both apps and system binaries. Learn how to conduct basic fuzz testing and how to audit iOS and Android apps for security vulnerabilities.