Practical Mobile Application Exploitation

Prerequisite Knowledge -

  • The course covers topics ranging from beginners to advance topics. Basic Linux skills is the only requirement for the course. The Android and iOS kernel exploitation modules will require basic exploit development background.

Requirements -

Laptop with:

  • 8+ GB RAM
  • Students will be provided with access to Linux cloud instances
  • Students will be provided with access to Corellium for iOS hands-on and as such do not need to carry iOS devices
  • Administrative access on the system
  • Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class.


Ever wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job. This course is designed to introduce beginners as well as advanced security enthusiasts to the world of mobile security using a fast-paced learning approach through intensive hands-on labs.

We are bringing an updated version of the course with the latest tools & techniques. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and a wide range of real-world application vulnerabilities in order to give an in- depth knowledge about the different kinds of vulnerabilities in Mobile applications. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems.

Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course. Students will be provided access to Slack channel where the trainers will help prep them for the class, and the students can retain access to it for the foreseeable future.

Key Learning Objectives

  • Reverse engineering iOS and Android binaries (Apps and system binaries)
  • Get PoC applications to perform 1 click exploits on Mobile apps
  • Get an intro to common bug various bug categories on Android and iOS systems
  • Learn to audit iOS and Android apps for security vulnerabilities
  • Understand and bypass anti-debugging and obfuscation techniques
  • Learn manual and automated ways of bypassing exploit mitigations
  • Get a detailed walkthrough on using IDA Pro, Hopper, Frida, etc

Topics Covered / Agenda

Day 1 - IOS Exploitation

Module 1

Getting Started with iOS Security
  • OS security model
  • App Signing, Sandboxing, and Provisioning
  • Primer to iOS 15-16 security
  • Exploring the iOS filesystem
  • Intro to Objective-C and Swift5
  • Setting up the testing environment
  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Sideloading apps
  • Binary protection
  • Checking for PIE, ARC
  • Decrypting IPA files
  • Self-signing IPA files

Module 2

Static and Dynamic Analysis of iOS Apps
  • Static Analysis of iOS applications
  • Finding Secrets in Code
  • Lint Testing
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Exploiting URL schemes
  • Dynamic Analysis of iOS applications
  • Method Swizzling
  • Debugging apps using lldb
  • Modifying ARM registers
  • Basic App Exploitation techniques using Frida
  • Advance App Exploitation techniques using Frida
  • Testing React Native and Flutter Apps

Module 3

iOS application vulnerabilities
  • Exploiting iOS applications
  • Broken Cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client-side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning

Module 4

Reversing iOS Apps
  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching App Binary

Day 2 - Android Exploitation

Module 1

Intro to Android Security
  • Why Android
  • Android Security Architecture
  • Extracting APK files from Google Play
  • Understanding Android application structure
  • Signing Android applications
  • ADB – Non-Root
  • Rooting Android devices
  • ADB – Rooted
  • Understanding the Android file system
  • Permission Model Flaws
  • Attack Surfaces for Android applications

Module 2

  • Understanding Android Components
  • Introducing Android Emulator
  • Introducing Android AVD
  • Setting up Android Pentest Environment

Module 3

Reversing Android apps
  • Process of Android Apps Engineering
  • Reverse Engineering for Android Apps
  • Smali Learning Labs
  • Examining Smali files
  • Smali vs Java
  • Dex Analysis and Obfuscation
  • Reversing Obfuscated Android Applications
  • Patching Android Applications
  • Android App Hooking

Module 4

Static and Dynamic analysis
  • Proxying Android Traffic
  • Exploiting Local Storage
  • Exploiting Weak Cryptography
  • Exploiting Side Channel Data Leakage
  • Multiple Manual and Automated Root Detection and Bypass Techniques
  • Exploiting Weak Authorization mechanism
  • Identifying and Exploiting Android Components
  • Analyzing Proguard, DexGuard, and other Obfuscation Techniques
  • Exploiting Android NDK
  • Multiple Manual and Automated SSL Pinning Bypass techniques

Module 5

Frida and Automated Exploitation
  • Exploiting Crypto using Frida
  • Basic App Exploitation techniques using Frida
  • Dumping Class Information using Frida
  • Dumping Method Information using Frida
  • Viewing and Changing Information using Frida
  • Tracing using Frida
  • Advance App Exploitation techniques using Frida
  • Frida on non-rooted Android