Visão Geral

Imagine uma superfície de ataque espalhada por toda a sua organização e nas mãos de todos os usuários. Ele se move regularmente de um lugar para outro, armazena dados altamente confidenciais e críticos e possui inúmeras tecnologias sem fio diferentes, todas prontas para ataques. Infelizmente, tal superfície já existe hoje: os dispositivos móveis. Esses dispositivos constituem a maior superfície de ataque na maioria das organizações, mas essas mesmas organizações muitas vezes não possuem as habilidades necessárias para avaliá-los.

SEC575: Análise de segurança de aplicativos iOS e Android e teste de penetração foi projetado para fornecer a você as habilidades necessárias para compreender os pontos fortes e fracos de segurança dos dispositivos Apple iOS e Android, incluindo Android 12 e iOS 15. Os dispositivos móveis não são mais uma tecnologia conveniente – eles são uma ferramenta essencial transportada ou usada por usuários em todo o mundo, muitas vezes substituindo os computadores convencionais para as necessidades diárias de dados corporativos. Você pode ver essa tendência em empresas, hospitais, bancos, escolas e lojas de varejo em todo o mundo. Os usuários dependem de dispositivos móveis hoje mais do que nunca – nós sabemos disso, e os bandidos também. SEC575 examina toda a gama desses dispositivos.

Pre-Requisitos

• Experiência com programação em qualquer linguagem é altamente recomendada. No mínimo, os alunos são aconselhados a ler conceitos básicos de programação, como declarações condicionais, variáveis, loops e funções. Idealmente, os alunos têm alguma experiência com Java ou JavaScript. Os conceitos básicos de programação não serão abordados neste curso.
• Os alunos devem ter uma experiência básica de trabalho com Linux e comandos de terminal.
• Os alunos devem estar familiarizados com conceitos de testes de penetração, como aqueles ensinados em SANS SEC504: Ferramentas, técnicas e tratamento de incidentes de hackers.

Materiais

Conteúdo Programatico

iOS

Mobile Problems and Opportunities

1. Challenges and opportunities for secure mobile phone deployments
2. Weaknesses in mobile devices

iOS Architecture

1. Architecture of iOS devices
2. Analysis of implemented security controls
3. iOS application development and publication
4. Apples update policy

Jailbreaking iOS Devices

1. Legal issues with jailbreaking
2. Jailbreaking iOS
3. Connecting to jailbroken iOS devices
4. Using a jailbroken device effectively: Tools you must have!

iOS Data Storage and File System Architecture

1. iOS file system structure
2. iOS application data storage
3. Examining typical file types on iOS
4. Extracting data from iOS backups

iOS Application Interaction

1. iOS application interaction through schemes, universal links, and extensions

iOS Malware Threats

1. Trends and popularity of mobile device malware
2. Analysis of iOS malware targeting non-jailbroken devices
3. Examining advanced attacks by nation state actors

iOS Labs

1. Using the Corellium platform
2. Installing tools on your jailbroken device
3. Analyzing file storage on iOS
4. Analyzing application interaction

Android

Android Architecture

1. Architecture of Android devices
2. Analysis of implemented security controls
3. Android app execution: Android Runtime vs. Android Dalvik virtual machine
4. Android application development and publication
5. Androids update policy

Rooting Android Devices

1. Examine different ways to obtain root, including unlocking the bootloader and using exploits
2. Installing custom ROMs, bootloaders, and recoveries
3. Installing Magisk systemless root

Android Data Storage and File System Architecture

1. Android file system structure
2. Android application data storage
3. Examining typical file types on Android
4. Extracting data from Android backups

Android Application Interaction

1. Android application interaction through activities, intents, services, and broadcasts
2. Protection of application components through permissions and signatures

Android Malware Threats

1. Trends and popularity of mobile device malware
2. Analysis of Android malware, including ransomware, mobile banking Trojans, and spyware

Android Labs

1. Using the Corellium platform
2. Android mobile application analysis with Android Debug Bridge (ADB) tools
3. Uploading, downloading, and installing applications with ADB
4. Analyzing file storage on Android
5. Analyzing application interaction

Android Platform Analysis

1. iOS and Android permission management models
2. Code signing weaknesses on Android
3. Android app execution: Android Runtime vs. Android Dalvik virtual machine
4. Latest Android and iOS security enhancements

Static Application Analysis

Static Application Analysis

1. Retrieving iOS and Android apps for reverse engineering analysis
2. Decompiling Android applications
3. Circumventing iOS app encryption
4. Header analysis and Objective-C disassembly
5. Accelerating iOS disassembly: Hopper and IDA Pro
6. Swift iOS apps and reverse-engineering tools
7. Android application analysis with MobSF

Reverse-Engineering Obfuscated Applications

1. Identifying obfuscation techniques
2. Decompiling obfuscated applications
3. Effectively annotating reconstructed code with Android Studio
4. Decrypting obfuscated content with Simplify

Third-Party Application Frameworks

1. Examining .NET-based Xamarin and Unity applications
2. Examining HTML5-based PhoneGap applications
3. Examining Flutter and React-Native applications

Dynamic Mobile Application Analysis and Manipulation

Manipulating and Analyzing iOS Applications

1. Runtime iOS application manipulation with Cycript and Frida
2. iOS method swizzling
3. iOS application vulnerability analysis with Objection
4. Tracing iOS application behavior and API use
5. Extracting secrets with KeychainDumper
6. Method hooking with Frida and Objection

Manipulating and Analyzing Android Applications

1. Android application manipulation with Apktool
2. Reading and modifying Dalvik bytecode
3. Adding Android application functionality, from Java to Dalvik bytecode
4. Method hooking with Frida and Objection

Mobile Application Security Verification Standard

1. Step-by-step recommendations for application analysis
2. Taking a methodical approach to application security verification
3. Common pitfalls while assessing applications
4. Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
5. Android and iOS critical data storage: Keychain and Keystore recommendations

Penetration Testing

Intercepting TLS Traffic

1. Exploiting HTTPS transactions with man-in-the-middle attacks
2. Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks
3. Bypassing Android NetworkSecurityConfig and Apple Transport Security
4. Bypassing SSL pinning

Man-in-the-Middle Troubleshooting

1. Analyzing common issues when performing a man-in-the-middle attack
2. Using different setups to obtain a man-in-the-middle position
3. Creating custom Frida hooks to bypass SSL pinning

Accessing Locked Devices

1. Bruteforcing pincodes on Android and iOS
2. Bypassing bruteforce protection
3. Abusing Siri to acquire information
4. Bypassing biometric authentication

Using Mobile Device Remote Access Trojans

1. Building RAT tools for mobile device attacks
2. Hiding RATs in legitimate Android apps
3. Customizing RATs to evade anti-virus tools
4. Integrating the Metasploit Framework into your mobile pen test
5. Effective deployment tactics for mobile device Phishing attacks

Hands-on Capture-the-Flag Event