- Delhi 2019
- Zero to One in Mobile Application Hacking
Trainer Name: Abhinav Mishra
Title: Zero to One in Mobile Application Hacking
Duration: 2 Days
Dates: 9th - 10th October 2019
This action-packed training course is focused around teaching the attendees with skills required to perform penetration testing of Android & iOS applications in the real world. The training is given using the real world like the application as the target, specially designed for this training purpose.
The course includes extremely unique, real-world vulnerabilities. The attendees will be understanding the concept behind each vulnerability, and then exploiting the vulnerability on the target application. The flow of the course is designed in a way which ensures that the attendees understand each concept and are able to discover and exploit the vulnerabilities themselves. Training includes some of the unique vulnerabilities discovered and exploited on the famous mobile applications.
Vulnerabilities and topics covered in the training include:
- Static analysis to remote code execution
- Static analysis to application compromise
- User detail compromise through broadcast
- Insecure file storage, leading to full account takeover (Android & iOS)
- Insecure application components and exploitation
- Insecure application screens and exploitation
- Unintended sensitive data leakage
- Bypassing application logic (logical vulnerability)
- Deep linking and exploitation
- Hacking mobile APIs (vulnerabilities in API)
- Reverse engineering the application
- Performing static and dynamic analysis of the application
- Finding and exploiting real-world vulnerabilities
- Several Frida-tools use cases
- Bypassing security controls like SSL pinning, root detection, obfuscation, etc
- Attacking APIs for vulnerabilities
What to bring
- Laptop with minimum 8GB RAM, 50+ GB free hard disk space.
- Test device: Android & iOS (Both Rooted/Jailbroken).
- Basic understanding of mobile applications and how they work.
- Basic understanding of mobile application vulnerabilities.
Who Should Attend
- Penetration Testers
- Security Researchers
- Mobile App Developers
What to expect
- A fast-paced, high-end training on mobile application vulnerabilities.
- Hands-on exploitation of real-world vulnerabilities
What not to expect
- Linux basic usage
- Mobile application development
- Basics of information security like vulnerabilities, exploits, etc.
ENCIPHERS has been a fast-growing, information security firm, providing services like Penetration testing, Infosec consultancy, and high-end training. The team at ENCIPHERS has a combined experience of around 15+ years in training and penetration testing. ENCIPHERS has given training to the information security teams of Big4 Consultancy firms, Fortune 500 companies, etc.
Primary trainer in this training will be Abhinav Mishra. With an experience of around 8+ years in penetration testing of web/mobile/infrastructure, Abhinav loves sharing the knowledge and expertise he has gained, through training. Abhinav has trained the security teams of Big4 companies to startups to students. Abhinav also holds numerous accolades and rewards for finding security issues through responsible disclosure/bugbounty programs. Abhinav is the founder of ENCIPHERS, an information security consultancy and training firm based out of India.