Duration: 3 days

Target audience:  This workshop is essential to professionals in information security, mobile security & risk management, loss prevention, corporate security and law enforcement personnel interested in Mobile Security. Personnel who have working knowledge of Android and want to gain experience in the end to end mobile security process can attend this training. 

Training type: classroom or online

Language: English

General information:

The Mobile Application Security Training is a 3-Day complete hands on Class Training taking the expert methods to identify security vulnerabilities in the Mobile Applications. The Training offers security researchers and pentesters, the skillset and the ability to assess and exploit the security of the Smart Phone Applications. This is an ideal training for those wanting to pentest real world applications and find serious security vulnerabilities and 0-Days. After the Course Completion, you would have attained real world petesting skills, ready to exploit any real world mobile application.


• Android/ iOS Pentesting VM’s

• Reference Manuals and Lab Manuals

• Slides & Presentations

• Certificate of Training Completion

• Customized Executables for further learning


• Laptop with minimum 20 GB Hard Disk Space & 4GB RAM

• Virtualbox/ VMWare installed

• Administrative Privileges on the system

• 2 Functional USB Ports

Things you will gain after the training:

• Ability to analyze and pentest any real-world Mobile Application

• Ability to identify the security vulnerabilities in any Mobile Application

• Use various software/tools for penetration testing

• Gain a strong in depth knowledge of Mobile Security with Practical Hands-On Experience

The courseware outline:

Part 1: Android Security

• Module 1

  1. Intro to Android Mobile OS
  2. Android Security Architecture
  3. Android Permission Model
  4. Sandboxing Applications
  5. Setting up the Android Emulator
  6. Setting up a Mobile Pentest Environment

• Module 2

  1. Inspecting Application Certificates & Signatures
  2. Signing/Resigning Android Applications
  3. Application Signatures Verification
  4. Investigating the app permissions through manifest file
  5. Working with the Android Debug Bridge (ADB)
  6. Application Resources Extraction using ADB

• Module 3

  1. Bypassing Android Permissions
  2. Introduction to Drozer
  3. Setting up and Running a Drozer Session
  4. Enumerating Packages and their Activities
  5. Enumerating Content Providers and Services
  6. Enumerating Broadcast Receivers
  7. Using Drozer to find vulnerabilities

• Module 4

  1. Reversing of Android Applications
  2. Understanding and Working with the DEX Files
  3. Understanding and Working with Logcat
  4. Network Traffic Inspection
  5. Passive Intent Sniffing
  6. Exploiting Services
  7. Exploiting Broadcast Receivers
  8. Exploiting Insecure Data Storage
  9. Exploiting Poor Cryptography Implementation
  10. Exploiting Data Leakage vulnerabilities
  11. Exploiting the Debuggable Applications
  12. Understanding Certificate Pinning
  13. Static/Dynamic Analysis of Android Applications
  14. Understanding and Working with different Obfuscation Techniques


Part 2 –iOS Security

• Module 1

  1. The security model of iOS
  2. App Signing and Sandboxing 
  3. XCode 8Setup
  4. Understanding the iOS filesystem
  5. Setting up a Pentesting Environment
  6. Understanding and Working with Cydia
  7. Working with the Exploitable iOS Application
  8. Analyzing the Binaries
  9. Understanding the shared libraries
  10. Checking for the PIE and ARC
  11. ipa files Decryption process
  12. 12. IPA files Self Signing

• Module 2 

  1. Introduction to the Static Analysis of the iOS Apps
  2. Class Information Dumping and Keychain dumping
  3. Insecure local data storage
  4. Understanding the Dynamic Analysis of the IOS Apps

• Module 3

  1. Working with Cycript
  2. Runtime Manipulation
  3. Basics of GDB

• Module 4

  1. iOS app Exploitation
  2. Broken Cryptography
  3. Client-side injection
  4. Jailbreak Checks bypassed
  5. Network Traffic inspection
  6. Network Traffic Manipulation
  7. SSL pinning and means to bypass SSL Pinning

• Module 5

  1. Mitigations and Protecting the IOS Applications
  2. Different obfuscation methods
  3. Checks for Jailbreak
  4. Conclusion