From BruCON 2015
Jump to: navigation, search
(Created page with "=Lessons in Mobile Penetration Testing by Zach Lanier= T This class is designed to provide students with an introduction to penetration testing, reverse engineering, and explo...")
 
Line 1: Line 1:
 
=Lessons in Mobile Penetration Testing by Zach Lanier=
 
=Lessons in Mobile Penetration Testing by Zach Lanier=
T
 
 
This class is designed to provide students with an introduction to penetration testing, reverse engineering, and exploitation on modern mobile platforms. The instructor will cover the security architecture of popular mobile platforms and mobile applications, investigate their weaknesses and vulnerabilities, and give students hands-on experience in analyzing and attacking them. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on mobile platforms such as Android, iOS, and Blackberry.
 
This class is designed to provide students with an introduction to penetration testing, reverse engineering, and exploitation on modern mobile platforms. The instructor will cover the security architecture of popular mobile platforms and mobile applications, investigate their weaknesses and vulnerabilities, and give students hands-on experience in analyzing and attacking them. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on mobile platforms such as Android, iOS, and Blackberry.
 
 
  
 
On day one, students will be brought up to speed with penetration testing on mobile platforms, exploring the differences and similarities between mobile and conventional pentesting. Students will be introduced to dynamic and static analysis tools and techniques for gaining the information necessary to reverse engineer, discover vulnerabilities, and plan their attacks against Android, iOS, or BlackBerry applications.
 
On day one, students will be brought up to speed with penetration testing on mobile platforms, exploring the differences and similarities between mobile and conventional pentesting. Students will be introduced to dynamic and static analysis tools and techniques for gaining the information necessary to reverse engineer, discover vulnerabilities, and plan their attacks against Android, iOS, or BlackBerry applications.
 
 
  
 
On day two, the training will dive a bit further into practical bug hunting, reverse engineering methods, and exploitation techniques, including replicating case studies from the instructors' experiences in real-world mobile application pentests. Students will also get hands-on experience through several labs including reverse engineering of the top Android security applications, exploiting native code vulnerabilities on the ARM architecture, and developing jailbreak/privilege escalation exploits from scratch and deploying them on real devices.
 
On day two, the training will dive a bit further into practical bug hunting, reverse engineering methods, and exploitation techniques, including replicating case studies from the instructors' experiences in real-world mobile application pentests. Students will also get hands-on experience through several labs including reverse engineering of the top Android security applications, exploiting native code vulnerabilities on the ARM architecture, and developing jailbreak/privilege escalation exploits from scratch and deploying them on real devices.
  
 +
==Requirements==
 +
*  Laptop capable of running a VMware Virtual Machine
 +
*  Dual core CPU, 2GB+ of RAM recommended
 +
*  At least 12GB disk space available
 +
*  At least one free USB 2.0 port
 +
*  This training course has a strong emphasis on the Android platform, so an actual Android device is recommended, but not strictly required.
 +
*  Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)
  
 
+
==Course Outline==
 
 
 
 
Requirements
 
 
 
 
 
 
 
 
 
 
 
•  Laptop capable of running a VMware Virtual Machine
 
 
 
•  Dual core CPU, 2GB+ of RAM recommended
 
 
 
•  At least 12GB disk space available
 
 
 
•  At least one free USB 2.0 port
 
 
 
•  This training course has a strong emphasis on the Android platform, so an actual Android device is recommended, but not strictly required.
 
 
 
•  Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)
 
 
 
 
 
 
 
 
 
 
 
Course Outline
 
 
 
 
 
  
 
Day 1
 
Day 1
  
1. Introduction
+
* Introduction
 
+
* Conventional attacks / penetration testing, and why mobile is different
2. Conventional attacks / penetration testing, and why mobile is different
+
* Building an Attack Methodology
 
+
* Static Analysis Techniques
3. Building an Attack Methodology
+
** Tools used
 
+
** How to identify issues for each platform and what to look for
4. Static Analysis Techniques
+
* Dynamic Analysis Techniques
 
+
** Runtime issues, artifacts, etc.
    * Tools used
+
** Network issues, man-in-the-middle
 
+
* Reverse Engineering Lab (Pt 1.)
    * How to identify issues for each platform and what to look for
+
** Extracting "secrets" and useful data
 
+
** Patching and rebuilding apps
5. Dynamic Analysis Techniques
 
 
 
    * Runtime issues, artifacts, etc.
 
 
 
    * Network issues, man-in-the-middle
 
 
 
6. Reverse Engineering Lab (Pt 1.)
 
 
 
    * Extracting "secrets" and useful data
 
 
 
    * Patching and rebuilding apps
 
 
 
 
 
  
 
Day 2
 
Day 2
 
+
* Application Auditing
1. Application Auditing
+
* Reverse Engineering Lab (Pt. 2)
 
+
** Reversing advanced protection techniques
2. Reverse Engineering Lab (Pt. 2)
+
** Deeper bug hunting
 
+
** Native code threats and vulnerabilities
    * Reversing advanced protection techniques
+
* Intro to ARM Exploitation
 
+
** Exploit mitigation across platforms
    * Deeper bug hunting
+
** Real-world vulnerabilities
 
+
** Exploiting a vulnerable mobile app
    * Native code threats and vulnerabilities
+
* Jailbreak/privilege Escalation Lab
 
+
** Platform-level vulnerabilities
3. Intro to ARM Exploitation
+
** Kernel-level vulnerabilities
 
+
** Writing your own jailbreak
    * Exploit mitigation across platforms
+
** Post-exploitation persistence
 
+
* Findings Review
    * Real-world vulnerabilities
 
 
 
    * Exploiting a vulnerable mobile app
 
 
 
4. Jailbreak/privilege Escalation Lab
 
 
 
    * Platform-level vulnerabilities
 
 
 
    * Kernel-level vulnerabilities
 
 
 
    * Writing your own jailbreak
 
 
 
    * Post-exploitation persistence
 
 
 
5. Findings Review
 
 
 
More info : TBD
 
  
 
== Trainer Biography ==
 
== Trainer Biography ==
[[File:INSERT PHOTO|200px|thumb|left]] INSERT BIO
+
[[File:Zach_Lanier.png|200px|thumb|left]] Zach Lanier is a Security Researcher with Accuvant, specializing in network, mobile, and web application security. Prior to joining Accuvant, Zach served as Security Researcher with Veracode, Principal Consultant with Intrepidus Group, Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. He has spoken at a variety of security conferences, including INFILTRATE, ShmooCon, and SecTor, and is a co-leader of the OWASP Mobile Security Project. Zach likes Android, vegan food, and cats (but not as food).
  
  
[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/#!/tbd tbd]
+
You can find out more from Zach on [http://n0where.org http://n0where.org]
  
[url url]
+
[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/#!/quine @quine]
  
  
 +
''24 & 25 September (09:00 - 17:00)''
  
''24 & 25 September (09:00 - 17:00)''
 
  
ADD REGISTRATION BUTTON
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
 
[[Training|Back to Training Overview]]
 
[[Training|Back to Training Overview]]

Revision as of 10:26, 12 April 2013

Lessons in Mobile Penetration Testing by Zach Lanier

This class is designed to provide students with an introduction to penetration testing, reverse engineering, and exploitation on modern mobile platforms. The instructor will cover the security architecture of popular mobile platforms and mobile applications, investigate their weaknesses and vulnerabilities, and give students hands-on experience in analyzing and attacking them. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on mobile platforms such as Android, iOS, and Blackberry.

On day one, students will be brought up to speed with penetration testing on mobile platforms, exploring the differences and similarities between mobile and conventional pentesting. Students will be introduced to dynamic and static analysis tools and techniques for gaining the information necessary to reverse engineer, discover vulnerabilities, and plan their attacks against Android, iOS, or BlackBerry applications.

On day two, the training will dive a bit further into practical bug hunting, reverse engineering methods, and exploitation techniques, including replicating case studies from the instructors' experiences in real-world mobile application pentests. Students will also get hands-on experience through several labs including reverse engineering of the top Android security applications, exploiting native code vulnerabilities on the ARM architecture, and developing jailbreak/privilege escalation exploits from scratch and deploying them on real devices.

Requirements

  • Laptop capable of running a VMware Virtual Machine
  • Dual core CPU, 2GB+ of RAM recommended
  • At least 12GB disk space available
  • At least one free USB 2.0 port
  • This training course has a strong emphasis on the Android platform, so an actual Android device is recommended, but not strictly required.
  • Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)

Course Outline

Day 1

  • Introduction
  • Conventional attacks / penetration testing, and why mobile is different
  • Building an Attack Methodology
  • Static Analysis Techniques
    • Tools used
    • How to identify issues for each platform and what to look for
  • Dynamic Analysis Techniques
    • Runtime issues, artifacts, etc.
    • Network issues, man-in-the-middle
  • Reverse Engineering Lab (Pt 1.)
    • Extracting "secrets" and useful data
    • Patching and rebuilding apps

Day 2

  • Application Auditing
  • Reverse Engineering Lab (Pt. 2)
    • Reversing advanced protection techniques
    • Deeper bug hunting
    • Native code threats and vulnerabilities
  • Intro to ARM Exploitation
    • Exploit mitigation across platforms
    • Real-world vulnerabilities
    • Exploiting a vulnerable mobile app
  • Jailbreak/privilege Escalation Lab
    • Platform-level vulnerabilities
    • Kernel-level vulnerabilities
    • Writing your own jailbreak
    • Post-exploitation persistence
  • Findings Review

Trainer Biography

Zach Lanier.png
Zach Lanier is a Security Researcher with Accuvant, specializing in network, mobile, and web application security. Prior to joining Accuvant, Zach served as Security Researcher with Veracode, Principal Consultant with Intrepidus Group, Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. He has spoken at a variety of security conferences, including INFILTRATE, ShmooCon, and SecTor, and is a co-leader of the OWASP Mobile Security Project. Zach likes Android, vegan food, and cats (but not as food).


You can find out more from Zach on http://n0where.org

300px-twitter-icon.jpg @quine


24 & 25 September (09:00 - 17:00)


Register.jpg

Back to Training Overview