On This Page

Mobile Application Bootcamp - Journeyman Level

SensePost | March 28 - 29



Overview

This journeyman course presents you with hands on introduction into testing mobile applications. The course aims to be as platform agnostic as possible and will provide you with the skills to get started with mobile application security testing. The methodology taught during this course allows students to apply their skills across a wide range of platforms, and provides the knowledge needed to apply security best practices to mobile application development.

Course Topics include:

1. Building Your Own Penetration Testing Platform
Having access to the right tools and platforms is key when testing mobile applications. Here we help students create the ultimate mobile testing platform and delve into hardware and emulators usage, common tools that work and intercepting the stream between mobile device and the Internet.

2. Mobile Application Analysis
Your lab is ready and you want to test the latest mobile phone application for vulnerabilities, but what next? This module starts with how you'd perform information gathering, looking at storage on the device, iOS/Android security and how you can test for weaknesses.

3. Testing Fundamentals
Being methodical when testing any application is key. We discuss authentication, authorisation, session management and storage and how they could all yield potential vulnerabilities.

The class is a mixture of lectures, hands-on and a final CULEX where you get to tear apart real-world mobile applications.

What's new for 2016?
In what is our biggest change to training at Blackhat in over 15 years, we've moved our entire training operation into Amazon's AWS cloud.

This means that each student signing up to our courses gets access to their own training environment, allowing for as much haxory and experimentation, without other students being impacted. We've also strived to make the theory as practical as possible and break away from death by slides.

It means we are able to move our training away from having "theory sections" and "practical sections" to a full course of pure pwnage.

Who Should Take this Course

This course is ideal for those wanting to learn how attackers are compromising mobile platforms and applications, or penetration testers who are new to mobile platform and device penetration testing.

Student Requirements

Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but students should have a solid technical grounding and exposure to basic application development and coding.

Students should ideally have some development understanding and the ability to read code.

What Students Should Bring

Students should bring a laptop that is capable of running Ubuntu, booting from a USB device, access to BIOS settings, has a Ethernet port available (or a USB Ethernet adapter) and a user that has administrator rights. Please do not bring any devices that contain "Corporate" information. If you wish, bring your own mobile devices for testing.

What Students Will Be Provided With

We have developed a training portal that will be made available to all students before they attend Blackhat. This portal allows you to register an account and gain access to the slides used and any prerequisite information we feel would help you get the best out of this course. All content for the course, including tools required and instructions to configure your environment, will be made available via the training portal before you start, which means less time setting up and more time for learning.

Access to this portal will not stop once the course has finished, allowing you to continue learning in the weeks/months after Blackhat.

Trainers

SensePost has been training at Blackhat since 2001. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. From working penetration testers, responsible for numerous tools and vulnerablities, to environments tailored for learning, training is at the core of what we do.