Mobile Ethical Hacking

• Legal issues with rooting and jailbreaking
• Jailbreaking iOS
• Android root access through unlocked bootloaders
• Root exploits for Android

• Using a rooted or jailbroken device effectively: Tools you must have!

• Data stored on mobile devices
• Mobile device file system structure
• Decoding sensitive data from database files on iOS and Android
• Extracting data from Android backups

• Trends and popularity of mobile device malware
• Mobile malware command-and-control architecture
• Efficiency of Android ransomware malware threats
• Analysis of iOS malware targeting non-jailbroken devices
• Hands-on analysis of Android malware
• Mobile malware defenses: What works and what doesn't

• Identifying obfuscation techniques
• Decompiling obfuscated applications
• Effectively annotating reconstructed code with Android Studio
• Decrypting obfuscated content with Simplify

• Retrieving iOS and Android apps for reverse engineering analysis
• Decompiling Android applications
• Circumventing iOS app encryption with Dumpdecrypted
• Header analysis and Objective-C disassembly
• Accelerating iOS disassembly: Hopper and IDA Pro
• Swift iOS apps and reverse-engineering tools

• Effective Android application analysis with MobSF

• Examining .NET-based Xamarin applications
• Examining HTML5-based PhoneGap applications

• Runtime iOS application manipulation with Cycript and Frida
• iOS method swizzling
• iOS application vulnerability analysis with Needle
• Tracing iOS application behavior and API use
• Extracting secrets with KeychainDumper
• Method hooking with Frida and Objection

• Android application manipulation with Apktool
• Reading and modifying Dalvik bytecode
• Adding Android application functionality, from Java to Dalvik bytecode
• Android application interaction and intent manipulation with Drozer
• Method hooking with Frida and Objection

• Step-by-step recommendations for application analysis
• Tools and techniques for mobile platform vulnerability identification and evaluation
• Recommended libraries and code examples for developers
• Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
• Android and iOS critical data storage: Keychain and key store recommendations

• Using man-in-the-middle tools against mobile devices
• Sniffing, modifying, and dropping packets as a man-in-the-middle
• Mobile application data injection attacks

• Exploiting HTTPS transactions with man-in-the-middle attacks
• Core pen test technique: TLS impersonation against iOS Mail.app for password harvesting
• Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks
• Bypassing Android's Network Security Config and Apple's Transport Security

• Site impersonation attacks
• Application cross-site scripting exploits
• Remote browser manipulation and control
• Data leakage detection and analysis
• Hands-on attacks: Mobile banking app transaction manipulation

• Building RAT tools for mobile device attacks
• Hiding RATs in legitimate Android apps
• Customizing RATs to evade anti-virus tools
• Integrating the Metasploit Framework into your mobile pen test
• Effective deployment tactics for mobile device Phishing attacks

In this hands-on exercise, you will examine multiple applications and forensic images to identify weaknesses and sources of sensitive information disclosure, and analyze obfuscated malware samples to understand how they work. During this mobile security event you will put into practice the skills you have learned in order to evaluate systems and .defend against attackers