SEC575.1: Device Architecture and Common Mobile Threats

Mobile Problems and Opportunities

• Challenges and opportunities for secure mobile phone deployments
• Weaknesses in mobile devices
• Exploiting weaknesses in mobile apps: Bank account hijacking exercise

Mobile Device Platform Analysis

• iOS and Android permission management models
• Code signing weaknesses on Android
• Inter-app communication channels on iOS
• Android app execution: Android Runtime vs. Android Dalvik virtual machine
• Android Nougat security benefits

Wearable Platforms

• Application isolation and data sharing for Apple Watch
• Network connectivity and Android Wear apps
• Data exfiltration in WatchOS
• Weaknesses in wearable device authentication controls
• Deficiencies in Android Wear and storage encryption

Mobile Device Lab Analysis Tools

• Using iOS and Android emulators
• Android mobile application analysis with Android Debug Bridge (ADB) tools
• Uploading, downloading, and installing applications with ADB
• Application testing with the iOS Simulator

Mobile Device Malware Threats

• Trends and popularity of mobile device malware
• Mobile malware command and control architecture
• Efficiency of Android ransomware malware threats
• Analysis of iOS malware targeting non-jailbroken devices
• Hands-on analysis of Android malware
• Mobile malware defenses: What works and what doesn't

SEC575.2: Mobile Platform Access and Application Analysis

Unlocking, Rooting, and Jailbreaking Mobile Devices

• Legal issues with rooting and jailbreaking
• Jailbreaking iOS
• Android root access through unlocked bootloaders
• Root exploits for Android
• Debugging and rooting Android Wear devices
• Using a rooted or jailbroken device effectively: Tools you must have!

Mobile Phone Data Storage and File System Architecture

• Data stored on mobile devices
• Mobile device file system structure
• Decoding sensitive data from database files on iOS and Android
• Extracting data from Android backups
• Using file system artifacts for location disclosure attacks beyond GPS coordinates
• Hands-on attacks against password management apps

Network Activity Monitoring

• Mobile application network capture and data extraction
• Capturing iOS cellular/4G network traffic
• Transparent network proxying for data capture
• Encrypted data capture manipulation
• Extracting files and sensitive content from network captures
• Recovering sensitive data from popular cloud storage providers

Static Application Analysis

• Retrieving iOS and Android apps for reverse engineering analysis
• Decompiling Android applications including Android Wear
• Circumventing iOS app encryption with Dumpdecrypted and Rasticrac
• Header analysis and Objective-C disassembly
• Accelerating iOS disassembly: Hopper and IDA Pro
• Swift iOS apps and reverse engineering tools

SEC575.3: Mobile Application Reverse Engineering

Automated Application Analysis Systems

• iOS application vulnerability analysis with Needle
• Structured iOS application header analysis
• Tracing iOS application behavior and API use
• Effective Android application analysis with Androwarn
• Android application interaction and Intent manipulation with Drozer
• Extracting secrets with KeychainDumper

Reverse Engineering Obfuscated Applications

• Identifying obfuscation techniques
• Decompiling obfuscated applications
• Effective reconstructed code annotation with Android Studio
• Decrypting obfuscated content with Simplify

Application Report Cards

• Step-by-step recommendations for application analysis
• Tools and techniques for mobile platform vulnerability identification and evaluation
• Recommended libraries and code examples for developers
• Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
• Android and iOS critical data storage: Keychain and key store recommendations

 SEC575.4: Penetration Testing Mobile Devices, Part 1

Manipulating Application Behavior

• Runtime iOS application manipulation with Cycript
• iOS method swizzling
• Android application manipulation with Apktool
• Reading and modifying Dalvik bytecode
• Adding Android application functionality, from Java to Dalvik bytecode

Using Mobile Device Remote Access Trojans

• Building RAT tools for mobile device attacks
• Hiding RATs in legitimate Android apps
• Customizing RATs to evade anti-virus tools
• Integrating the Metasploit Framework into your mobile pen test
• Effective deployment tactics for mobile device Phishing attacks

Wireless Network Probe Mapping

• Monitoring network probing activity
• Visualizing network discovery and search
• Wireless anonymity attacks
• Exploiting iOS and Android wireless network scanning characteristics

Weak Wireless Attacks

• Wireless network scanning and assessment
• Exploiting weak wireless infrastructure
• Monitoring mobile device network scanning
• Exploiting "Google WiFi" and iPad or iPhone captive portal detection
• Secure network impersonation

Enterprise Wireless Security Attacks

• Exploiting WPA2 Enterprise networks with certificate impersonation
• Manipulating enterprise wireless authentication protocols
• RADIUS server impersonation attacks

 SEC575.5: Penetration Testing Mobile Devices, Part 2

Network Manipulation Attacks

• Using man-in-the-middle tools against mobile devices
• Sniffing, modifying, and dropping packets as man-in-the-middle
• Mobile application data injection attacks

Sidejacking Attacks

• Identifying mobile applications vulnerable to sidejacking
• Using sidejacking effectively in a penetration test
• Hands-on exploitation of popular mobile applications

SSL/TLS Attacks

• Exploiting HTTPS transactions with man-in-the-middle attacks
• Core pen test technique: TLS impersonation against iOS Mail.app for password harvesting
• Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks

Client-Side Injection Attacks

• Android WebView and JavaScript injection for remote code execution
• Harvesting session cookies through Android browser vulnerabilities with Metasploit
• Using the Spec.js library for mobile browser vulnerability detection and exploit delivery

Web Framework Attacks

• Site impersonation attacks
• Application cross-site scripting exploits
• Remote browser manipulation and control
• Data leakage detection and analysis
• Hands-on attacks: Mobile banking app transaction manipulation

Back-end Application Support Attacks

• Exploiting SQL injection in mobile application frameworks
• Leveraging client-side injection attacks
• Getting end-to-end control of mobile application server resources