Web Banner
Back to Pre-Conference Training Page

Back to Conference Home Page

Hacking Android, iOS, and IoT Apps by Example

Two-Day Interactive (Classroom) Training - OWASP New Zealand Day 2023

Abstract

This course is a 100% hands-on deep dive into the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS). This course covers - and goes beyond - the OWASP Mobile Top Ten.

Learn about Android, iOS, and IoT app security, by improving your mobile security testing Kung-Fu. Ideal for Penetration Testers, Mobile Developers, and everybody interested in mobile app security.

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra-mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free.

Get a FREE taste for this training, including access to video recording, slides, and vulnerable apps to play with:

Key Topics Covered

  1. Review of Common Flaws in Source Code and at Runtime
  2. Modification of App Behavior Through Code/Configuration Changes
  3. Interception of Network Communication (a/k/a MitM)
  4. Jailbreak/Root Detection Bypasses and App Review from a Privileged Standpoint
  5. Instrumentation (Review and Modification of App Behavior)
  6. CTF Challenges for Attendees to Test Their Skills

Key Takeaways

Course Details

Dates: Tuesday and Wednesday, 4-5 July 2022

Time: 8:45 a.m. to 5:30 p.m. (NZST)

Instructor: Abhishek J.M., 7A Security

Course Fee: NZ $1,000.00 (plus GST and ticketing fees)

Registration Site: https://events.humanitix.com/owaspnz2023-training

Maximum Enrolment: 36 attendees

Prerequisites for This Class

This course has no specific knowledge prerequisites, as it is designed to accommodate students with different skills:

That being said, the more you’ve learned about the following before the class, the more you will be able to get out of it:

Hardware and Software: Attendees should bring:

Who Should Attend

Any mobile developer, penetration tester or person interested in mobile security will benefit from attending this training regardless of the initial skill level.

The course is for beginners, intermediate, and advanced level students. While beginners are introduced to the nuances of mobile app security from scratch, intermediate and advanced level learners get to perfect both their knowledge and skills on the subject. Extra-mile challenges are available in every module to help more advanced students polish their skills.

The course is crafted in such a way that, regardless of your skill level, you will significantly improve your mobile security skills:

What to Expect

A fully practical class that will seriously improve your mobile security knowledge and skills, regardless of the skill level you come in with.

Battle-tested tips and tricks that take your abilities to the next level and that you can apply as soon as you go back to your workplace, making security testing of mobile apps as efficient as possible.

Intensive hands-on exercises that challenge you to deep dive into the world of mobile security.

Lifetime access to training portal (including all future updates), unlimited email support, access to private groups to communicate with other students, mandated, police, IoT and otherwise interesting apps from various countries.

What Not to Expect

This is more than your usual short course: You get lifetime access to a training portal with step-by-step video recordings, slides and lab exercises, including all future updates for free.

The course does not cover: Android or iOS 0-day, exploits against the platforms themselves, ARM exploit writing, writing buffer or heap overflows.

Do not expect the teachers to be talking through slides most of the time: This class is practical not theoretical, the teachers don’t bore you with slides all the time, instead you do exercises all the time and the teachers help you solve the challenges you face as you complete them.

Course Objectives

This course will take any student and make sure that:

Attendees will be provided with:

Upon completing this training, attendees will have learned to:

Course Outline

Day 1 - Hacking Android and IoT Apps by Example

Part 0 - Android Security Crash Course

Part 1 - Static Analysis with Runtime Checks

Part 2 - Dynamic Analysis

Part 3 - Test Your Skills

Day 2 - Hacking iOS and IoT Apps by Example

Part 0 - iOS Security Crash Course

Part 1 - Static Analysis with Runtime Checks

Part 2 - Dynamic Analysis

Part 3 - Test Your Skills

Your Instructor

Photo of Abhishek JM

Abhishek J.M. is a Lead Security Engineer at CRED with primary research focus in mobile security. With years of experience in security, he leads two projects - Adhrit and EVABS - and has presented his work at prominent conferences like BlackHat Asia 2023, BlackHat US 2022, BlackHat Europe 2021, OWASP Seasides 2019, ThreatCon 2019 and BlackHat Asia 2020 where his tool (Adhrit) was featured PortSwiggers The Daily Swig. He has also delivered talks at community Meetups like Cysinfo & bi0s Meetup, and was an assisting trainer at the International Summer School for Information Security and Protection, 2016. As a trainer with 7ASecurity, he has conducted training at notable conferences like the 2012 AppSec New Zealand Conference, 44Con 2020 & 2022, ThreatCon 2021, c0c0n 2019 & 2022, and Shu-ha-ri Labs 2020.