{"id":3451,"date":"2023-06-15T14:52:58","date_gmt":"2023-06-15T12:52:58","guid":{"rendered":"https:\/\/archive.brucon.org\/2023\/?page_id=3451"},"modified":"2023-06-15T15:16:56","modified_gmt":"2023-06-15T13:16:56","slug":"the-hitchhackers-guide-to-the-mobile-galaxy","status":"publish","type":"page","link":"https:\/\/archive.brucon.org\/2023\/brucon-2023-training\/the-hitchhackers-guide-to-the-mobile-galaxy\/","title":{"rendered":"The Hitchhacker&#8217;s Guide to the Mobile Galaxy"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course Description<\/h2>\n<p><span style=\"font-weight: 400\">The mobile galaxy is dominated by two solar systems: Android and iOS. Grab your towel and embark on a journey through the intricacies of mobile operating systems. Uncover the secrets and vulnerabilities of mobile app planets through static analysis. Ignite the infinite improbability drive and delve deeper with dynamic analysis to gain the skills and knowledge to outwit the Vogons. Establish a Man-in-the-Middle to glide through the network traffic of mobile applications and see them phone home.<\/span><\/p>\n<p><span style=\"font-weight: 400\">In this training, not only the Ultimate Question of Life, the Universe, and Everything will be answered but also most of your questions regarding mobile security. Join us on this galactic adventure of becoming a mobile security expert!<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course contents<\/h2>\n<h3>Day 1<\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">Big Bang of Basics<\/span><\/li>\n<li><span style=\"font-weight: 400\">Getting Ready for Launch<\/span><\/li>\n<li><span style=\"font-weight: 400\">Adventures on Androids<\/span>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Devices &amp; rooting<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Where Android apps live<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How Android apps are made<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How data is stored on Android<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Identifying the attack surface<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Reverse engineering<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hooking with Frida and Objection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Establishing a Man-in-the-Middle<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Day 2<\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">Incidents on iOS<\/span>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Devices &amp; jailbreaking<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How iOS apps are made<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Where iOS apps live<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How data is stored on iOS<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Identifying the attack surface<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hooking with Frida and Objection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Establishing a Man-in-the-Middle<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-weight: 400\">Back to Earth<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">The training will cover controls defined by the <\/span><i><span style=\"font-weight: 400\">Mobile Application Security Verification Standard (MASVS)<\/span><\/i><span style=\"font-weight: 400\"> which is the industry standard for mobile app security.<\/span><\/p>\n<p><span style=\"font-weight: 400\">NVISO has created custom applications that will be used in hands-on exercises. Participants will learn how to identify and\u00a0 exploit common mobile application vulnerabilities.<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Requirements<\/h2>\n<p><span style=\"font-weight: 400\">Students should have a:<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400\">Basic knowledge of Android and\/or iOS<\/span><\/li>\n<li><span style=\"font-weight: 400\">Being comfortable working with the command line<\/span><\/li>\n<\/ul>\n<h2>Hardware\/Software Requirements<\/h2>\n<p><span style=\"font-weight: 400\">Students should bring:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Computer<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Virtualization platform (VMware or VirtualBox)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Virtual machine (Linux recommended, e.g. Kali or Mobexler)<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<\/p>\n<h2>Trainer Biography<\/h2>\n<p><span style=\"font-weight: 400\"><strong>Jeroen Beckers<\/strong> is the mobile solution lead at NVISO, where he is responsible for quality delivery, innovation and methodology for all mobile assessments. He is actively involved in the mobile security community, and shares his knowledge through open-source tools, blogposts, trainings and presentations.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">He is the lead author and instructor of the SANS 575 course <\/span><i><span style=\"font-weight: 400\">iOS and Android Application Security Analysis and Penetration Testing <\/span><\/i><span style=\"font-weight: 400\">and a co-author of the <\/span><i><span style=\"font-weight: 400\">OWASP Mobile Application Security Testing Guide<\/span><\/i><span style=\"font-weight: 400\"> (MASTG) and <\/span><i><span style=\"font-weight: 400\">OWASP Mobile Application Security Verification Standard<\/span><\/i><span style=\"font-weight: 400\"> (MASVS).<\/span>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243; css=&#8221;.vc_custom_1597411551164{padding-top: 50% !important;}&#8221;][vc_single_image image=&#8221;3457&#8243; style=&#8221;vc_box_circle&#8221;][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;1\/6&#8243; css=&#8221;.vc_custom_1597411551164{padding-top: 50% !important;}&#8221;][vc_single_image image=&#8221;3458&#8243; alignment=&#8221;center&#8221; style=&#8221;vc_box_circle&#8221;][\/vc_column][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<span style=\"font-weight: 400\"><strong>Claudia Ully<\/strong> is part of the pentesting team at NVISO and passionate about raising awareness and enthusiasm for cyber security.\u00a0<\/span><span style=\"font-weight: 400\">Her main area of expertise are web and mobile application security. Apart from spotting vulnerabilities in applications, she enjoys helping and training developers and IT staff to better understand and prevent security issues. She loves coming up with creative ways of making learning more fun and helps raise the next generation of mobile security enthusiasts by teaching a university course on mobile application security at the University of Applied Sciences Upper Austria.<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<style type=\"text\/css\">.thegem-button-6a35040ba85807014 .gem-button svg {fill: #ffffff;}.thegem-button-6a35040ba85807014 .gem-button:hover svg {fill: #ffffff;}<\/style><div class=\"gem-button-container gem-button-position-fullwidth thegem-button-6a35040ba85807014    \"  ><a class=\"gem-button gem-button-size-giant gem-button-style-flat gem-button-text-weight-normal\" data-ll-effect=\"drop-right-without-wrap\" style=\"border-radius: 3px;background-color: #b43836;color: #ffffff;\" onmouseleave=\"this.style.backgroundColor='#b43836';this.style.color='#ffffff';\" onmouseenter=\"this.style.backgroundColor='#ef5047';this.style.color='#ffffff';\" href=\"https:\/\/brucon0x0f-training.eventbrite.co.uk\" target=\"_self\">Buy Training Ticket<\/a><\/div> [\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Course Description The mobile galaxy is dominated by two solar systems: Android and iOS. Grab your towel and embark on a journey through the intricacies of mobile operating systems. Uncover the secrets and vulnerabilities of mobile app planets through static analysis. Ignite the infinite improbability drive and delve deeper with dynamic analysis to gain the skills and knowledge to outwit the Vogons. Establish a Man-in-the-Middle to glide through the network traffic of mobile applications&#8230;<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":75,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-3451","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/3451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/comments?post=3451"}],"version-history":[{"count":8,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/3451\/revisions"}],"predecessor-version":[{"id":3462,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/3451\/revisions\/3462"}],"up":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/75"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/media?parent=3451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}