For more information and registration, Please visit: Nullcon Training Registration Page
Title: Zero to One in Mobile Application Hacking
Duration: 2 Days
Dates: 9th – 10th October 2019
This action-packed training course is focused around teaching the attendees with skills required to perform penetration testing of Android & iOS applications in the real world. The training is given using the real world like the application as the target, specially designed for this training purpose.
The course includes extremely unique, real-world vulnerabilities. The attendees will be understanding the concept behind each vulnerability, and then exploiting the vulnerability on the target application. The flow of the course is designed in a way which ensures that the attendees understand each concept and are able to discover and exploit the vulnerabilities themselves. Training includes some of the unique vulnerabilities discovered and exploited on the famous mobile applications.
Vulnerabilities and topics covered in the training include:
- – Static analysis to remote code execution
- – Static analysis to application compromise
- – User detail compromise through broadcast
- – Insecure file storage, leading to full account takeover (Android & iOS)
- – Insecure application components and exploitation
- – Insecure application screens and exploitation
- – Unintended sensitive data leakage
- – Bypassing application logic (logical vulnerability)
- – Deep linking and exploitation
- – Hacking mobile APIs (vulnerabilities in API)
- – Reverse engineering the application
- – Performing static and dynamic analysis of the application
- – Finding and exploiting real-world vulnerabilities
- – Several Frida-tools use cases
- – Bypassing security controls like SSL pinning, root detection, obfuscation, etc
- – Attacking APIs for vulnerabilities
What to bring
- – Laptop with minimum 8GB RAM, 50+ GB free hard disk space.
- – Test device: Android & iOS (Both Rooted/Jailbroken).
- – Basic understanding of mobile applications and how they work.
- – Basic understanding of mobile application vulnerabilities.
Who Should Attend
- – Penetration Testers
- – Security Researchers
- – Mobile App Developers
What to expect
- – A fast-paced, high-end training on mobile application vulnerabilities.
- – Hands-on exploitation of real-world vulnerabilities
What not to expect
- – Linux basic usage
- – Mobile application development
- – Basics of information security like vulnerabilities, exploits, etc.
For more information and registration, Please visit: