On This Page

Offensive Mobile Exploitation & Reversing

DarkMatter | August 4-5 & August 6-7


Course Outline
Part 1 - iOS Exploitation
Module 1 : Getting Started with iOS Pentesting
  • iOS security model
  • App Signing, Sandboxing and Provisioning
  • Setting up XCode 8
  • Changes in iOS 11
  • Primer to iOS 11 security
  • Exploring the iOS filesystem
  • Intro to Objective-C and Swift4
  • What's new in Swift 4 ?
  • Setting up the pentesting environment
  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Getting started with Damn Vulnerable iOS app
  • Binary analysis
  • Finding shared libraries
  • Checking for PIE, ARC
  • Decrypting ipa files
  • Self signing IPA files

Module 2: iOS exploitation basics

  • How jailbreak exploits are written ?
  • Diffing for Patches
  • Intro to ARM assembly
  • ROP, KASLR and KPP
  • Use after free, Heap overflow basics
  • Reversing the Kernel
  • Code signing bypass techniques
  • Sanbox bypass techniques
  • Exploiting Mach Ports
  • Chaining exploits
  • Patching the Kernel
  • Achieving persistence

Module 3 : Static and Dynamic Analysis of iOS Apps
  • Static Analysis of iOS applications
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Finding url schemes
  • Dynamic Analysis of iOS applications
  • Cycript basics
  • Advanced Runtime Manipulation using Cycript
  • Method Swizzling
  • GDB basic usage
  • Modifying ARM registers
  • Basic App Exploitation techniques using Frida
  • Advance App Exploitation techniques using Frida

Module 4 : iOS application vulnerabilities
  • Exploiting iOS applications
  • Broken Cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning

Module 5 : Reversing iOS Apps
  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching App Binary
  • Logify

Module 6 : Securing iOS Apps
  • Securing iOS applications
  • Where to look for vulnerabilities in code?
  • Code obfuscation techniques
  • Piracy/Jailbreak checks
  • iMAS, Encrypted Core Data

Part 2 - Android Exploitation

Module 1
  • Why Android
  • Intro to Android
  • Android Security Architecture
  • Android application structure
  • Signing Android applications
  • ADB – Non Root
  • Rooting Android devices
  • ADB – Rooted
  • Understanding Android file system
  • Permission Model Flaws
  • Attack Surfaces for Android applications

Module 2
  • Understanding Android Components
  • Introducing Android Emulator
  • Introducing Android AVD

Module 3
  • Proxying Android Traffic
  • Reverse Engineering for Android Apps
  • Smali Learning Labs
  • Smali vs Java
  • Dex Analysis and Obfuscation
  • Android App Hooking

Module 4
  • Exploiting Local Storage
  • Exploiting Weak Cryptography
  • Exploiting Side Channel Data Leakage
  • Manual and Automated Root Detection and Bypass
  • Exploiting Weak Authorization mechanism
  • Identifying and Exploiting flawed Broadcast Receivers
  • Identifying and Exploiting flawed Intents
  • Identifying and Exploiting Vulnerable Activity Components
  • Exploiting Backup and Debuggable apps
  • Analysing Proguard, DexGuard and other Obfuscation Techniques
  • Exploiting Android NDK
  • Manual and Automated SSL Pinning Bypass techniques

Module 5
  • App Exploitation using Drozer
  • Basic App Exploitation techniques using Frida
  • Advance App Exploitation techniques using Frida
  • App Exploitation using AppMon
  • Automated source code analysis
  • Detecting Leaks in Android Apps

Who Should Take this Course

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security

Student Requirements

The course covers topics ranging from beginners to advance topics. Basic Linux skills is the only requirement for the course.

What Students Should Bring

  • 25+ GB free hard disk space
  • 4+ GB RAM
  • VMware player installed on the machine
  • Latest version of Android SDK. To make sure the setup is right, follow all the steps on https://github.com/dineshshetty/Android-InsecureBankv2/blob/master/Usage%20Guide.pdf
  • A jailbroken iPhone/iPad/iPod for iOS testing running iOS 9.0+ is necessary for the iOS hands-on modules
  • If you are using a Mac machine, also download and install the latest version of Xcode.
  • Administrative access on the system
  • External USB access allowed

What Students Will Be Provided With

  • Printed course material and slides for the 2-day class including additional bonus sections
  • Huge list of good reads and articles for learning mobile application security
  • Source code for vulnerable applications
  • Custom VM for hands-on pentesting


Prateek Gianchandani is currently working as a Security Researcher at DarkMatter. He has more than 7 years of experience in security research and penetration testing. His core focus area is mobile exploitation,reversing engineering and embedded device secuirty. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, Blackhat USA, Brucon, Hack in paris, Phdays, Appsec USA etc. In his free time, he blogs at http://highaltitudehacks.com

Dinesh leads the Mobile Security Testing Center of Excellence at Security Innovation. His core area of expertise is Mobile and Embedded application pentesting and exploitation. He is an accomplished author and speaker, and his research has been published in multiple security zines and sites like Packet Storm, Exploit-DB, PenTest Magazine, SecurityXploded, ClubHACK Magazine, and Exploit-Id amongst others. Dinesh Shetty has previously presented his work at security conferences around USA, Europe, Southeast Asia, Australia, India and a bunch of Middle East countries, and continues to enhance his knowledge by undergoing security trainings and certifications around the world. He maintains an open source intentionally vulnerable Android application named InsecureBankv2 for use by developers and security enthusiasts. He has also authored the guide to Hacking iOS Applications that covers all of the known techniques of exploiting iOS applications.