This training offers techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or anyone curious a 100% hands-on 3 days mobile training. The goal is to introduce tools (Adb, Apktool, Jadx, Cycript, Frida, Objection, Hopper, etc.) and techniques to help trainees work faster and in a more efficient way in the mobile (Android and iOS) ecosystem.
Goal is to introduce tools (Adb, Apktool, Jadx, Cycript, Frida, Objection, Hopper, etc.) and techniques to help trainees work faster and in a more efficient way in the mobile (Android and iOS) ecosystem. This is the exact training that you would have liked to have before wasting your precious time trying and failing while trying to assess the security of mobile applications.
* Anyone who want to learn how to assess mobile applications with some prior knowledge on web security
* Intermediate to experienced Pentesters, Bug Hunters, Security Researchers, Security Experts and Security Managers/Architects
“I attended a 3 days mobile hacking online course from RandoriSec, and learned new things about IOS and Android mobile apps security.
Thank you Davy Douhine and Guillaume Lopes for your support and the wonderful contents. It was nice of them to provide all attendees with a private one hour session to answer our questions and to support us with the labs.
Time to practice what I learned” – Mohamed Gazzaz, Head of Cyber Security
* Network and Linux basics
A laptop with:
* 8GB of RAM at least, ideally 16GB
* 50Gb of free space (to install a VM based on Kali that we’ll provide)
* Administrative privileges on your laptop + a way to deactivate anti-virus, HIPS and firewall
* VMWare Player (ideally VMWare Workstation)
* A PDF reader
* A jailbroken iDevice (iPhone/iPad/iPod) running at least iOS10 for the iOS labs (a Corellium virtual device will be provided to do the labs but a physical device will allow to do a few additional labs).
* Security features and iOS architecture
* Techniques: Steps and requirements
* Set-up a testing environment
* Jailbreaks: History and types
* Targeted apps
* iOS virtualization with Corellium
* Code checks
* Needle and MobSF
* Android Ecosystem
* Android Components
* APK Architecture
* Android Manifest
* Decompilation / Disassembling
* Hardcoding secrets
* Code Tampering
* Hooking with Cycript
* Hooking with Frida
* Emulator or physical device
* Access Control
* Root-Emulator Detection
* Shared Preferences
* Internal Storage
* External Storage
* Analyze without a jailbreak
* MiTM all the traffic
* Rvictl, Wireshark and Burpsuite
* How to intercept traffic using BurpSuite
* Certificate Pinning: How it is implemented? How to defeat it?
* Introduction of Frida
* Frida Scripting
* Hooking Native Code