Mosse Cyber Security Android and iOS Exploitation


3 days


$3300.00 (inc GST)

This is a fast-paced 3 day course that will familiarise you with various Android and iOS exploitation techniques, and explain how most of the existing security models in both of the platforms are bypassed. Students will be provided custom exploitation labs that will be preconfigured and loaded with the tools and scripts used in the class.


Hardware Requirements:

  • The students are responsible for bringing their laptops to the course.
  • Internet is provided by the training provider.
  • Attendees will have to install a VPN client to connect to the Security lab infrastructure.
  • Attendees are required to have an RDP client (installed by default on all Windows machines) 

Software requirements:

  • Windows XP SP2/3, Windows 7/8 or *Nix
  • Mac OSX 10.5+ (compulsory for iOS Exploitation or a OSX VM)
  • Administrative privileges on your laptop
  • Virtualization Software
  • Custom VM labs will be provided for exploitation
  • SSH Client


Please be advised that this is a reseller course which is not held at DDLS. Students are expected to organise their own meals.

Skills Gained

After attending this course, you will have an understanding of:

  • How Malware is written
  • How to audit complicated and protected applications,
  • Automated static and dynamic analysis,
  • Dex Exploitation,
  • OWASP Mobile Top 10 .

You will also learn about ARM Platform Exploitation including the following -  Stack Based Overflows, Gadget Chaining, ROP, and Bypassing protection mechanisms.

For iOS, you will learn the following:

  • Application security auditing,
  • Creating a penetration testing environment,
  • The sandbox model,
  • Code signing,
  • Inspecting binaries
Key Topics

1. Android and ARM Exploitation

Android Basics

  • Introduction to Android
  • Android Architecture
  • Digging into Android kernel

Android Security Model

  • Android Security Architecture
  • Android Permission model
  • Application Sandboxing
  • Bypassing Android Permissions

HelloWorld : Android

  • Android Application Components
  • Android Debug Bridge
  • Creating a Simple Android Application

Introduction to ARM Exploitation

  • Introduction to ARM
  • Instruction set and Registers
  • Stack Overflows on ARM
  • Format String vulnerabilities
  • Ret2ZP Attack and ROP
  • Shellcoding on ARM
  • Exploit Mitigations and Bypasses
  • ARM Based rootkits

Setting up the Environment

  • Setting up Android Emulator
  • Setting up a Mobile Pentest Environment

App Kung-fu

  • Application Analysis
  • Reverse Engineering
  • Traffic Interception (Active and Passive) of Android Applications
  • OWASP Top 10 for Android
  • Sniffing Application and phone's network data
  • Unsecure file storage
  • Having fun with databases

Exploiting Logic and Code flaws in applications

  • Exploiting Content Providers
  • SQL Injection in Android Application
  • Local File Inclusion/Directory Traversal
  • Drive by Exploitation
  • Tapjacking
  • HTML 5 Attacks
  • Phishing Attacks on Android

Exploitation with AFE

  • Introduction to Android Framework for Exploitation
  • Finding application vulnerabilities using AFE
  • Creating a malware + botnet (HTTP and SMS based)
  • Crypt an existing malware/botnet to bypass Android Anti-malwares
  • Extending the framework with custom plugins
  • Cracking Android Applications
  • Hands-on on Vulnerable Social Networking Application
  • Creating and Exploiting custom ROMs
  • Exploiting USB connections with Android

Dex Labs

  • Introduction to Dalvik File Format
  • In-depth to Smali
  • Manipulating smali files and cracking Applications
  • Cracking Application Licenses
  • Dex file manipulation
  • Obfuscating applications with dex obfuscator


2. Advanced Android and ARM Exploitation

Android Forensics & Malware Analysis

  • Extracting text messages, voice mails, call logs, contacts and messages
  • Recovering information stored in SD Card
  • Reversing and Analysing Android malwares using Apktool, dex2jar and JD-GUI
  • Introduction to IDA Pro
  • Analysing malwares and exploits using IDA

Further Exploitation

  • Creating custom Bootloaders
  • Recovering information stored in SD Card
  • Fuzzing Android components
  • Webkit Exploitation
  • Use After Free vulnerability and exploitation
  • Writing a reliable exploit for Android
  • More ROP Exploitation
  • Finding ROP gadgets and building ROP Chains
  • Using GDB for Android debugging
  • Information Leaks in Android

Being secure

  • Android in the Enterprise
  • Writing Secure Code
  • Pentest before you publish
  • Writing Python Scripts for automating android pentests
  • Source Code Auditing for Applications


3.  iOS Exploitation

iOS Background

  • Understanding iOS Architecture
  • iOS Security Features
  • iOS Application Overview

iOS Security Model

  • Code Signing
  • Sandboxing
  • Exploit Mitigation
  • Encryption

Setting up the Environment

  • Setting up XCode
  • Setting up iPhone/Simulator

iOS Hello-World

  • iOS Application components
  • Introduction to Objective C
  • Writing a simple Hello World application in your own iDevice/Simulator

iOS App Analysis

  • Reverse Engineering iOS Apps
  • Decrypting Appstore Binaries
  • Locating PIE (Position Independent Executable)
  • Inspecting Binary
  • Manipulating Runtime

Auditing Insecure API

  • Evaluating the Transport Security
  • Abusing Protocol Handlers
  • Insecure Data Storage
  • Attacking iOS keychain

App Assessments

  • Setting up pentesting environment for assessment
  • Passive app assessment
  • Active app assessment
  • Application analysis

App KungfuM

  • Exploiting XSS in Apps (UIWebViews)
  • Attacking XML processor
  • SQL Injection
  • Filesystem Interaction
  • Geolocation
  • Logging
  • Background-ing

Memory Corruption Issues

  • Format strings
  • Object use-after free
  • ROP for iOS
  • Exploit Mitigations in iOS

iOS Forensics

  • Analysis of Backed up data in iTunes
  • Extracting SMS, Call Logs, etc., from an iOS backup
  • Imaging the whole device

Being Secure

  • iOS App compliance checklist
  • Writing Secure Codes
  • Pentest your App before you publish
Target Audience

Mobile Developer, Penetration Tester, Technical Project Manager / IT manager

  • Basic understanding of programming.
  • Basic understanding of penetration testing and application security.

The supply of this course by ACTE Pty Ltd (trading as DDLS) is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Course Availability

Please call DDLS on 1800 U LEARN (1800 853 276) or register your interest below.

Pre-Course Requirements

DDLS offers this training through a third party. This arrangement requires DDLS to provide your details to our partner for course registration purposes.