Offensive Mobile Reversing and Exploitation

This course is designed to introduce beginners as well as advanced security enthusiasts to the world of mobile security using a fast-paced learning approach through intensive hands-on labs. The class starts with a basic introduction to the ARM instruction set and an intro to reverse engineering before moving on to the internals of iOS and Android. We then discuss some of the latest exploitation techniques using real-world bugs (e.g., voucher_swap for iOS 12) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variable, Race conditions). The training then moves on to application security and is based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 written by the authors of this course and a broad range of other real-world applications. Slides and detailed documentation on the labs will be provided to the students for practice after the class.