Offensive Mobile Reversing and Exploitation

After sold out classes as multiple conferences over the last few years, we have revamped the material to include a host of new tools and techniques. This course is designed to introduce beginners as well as advanced security enthusiasts to the world of mobile security using a fast-paced learning approach through intensive hands-on labs. The class starts with a basic introduction to the ARM instruction set and an intro to reverse engineering before moving on to the internals of iOS and Android. We then discuss some of the latest exploitation techniques using real-world bugs (e.g., voucher_swap for iOS 12) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variable, Race conditions). The training then moves on to application security and is based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, Android-InsecurePass Password Manager written by the authors of this course and a broad range of other real-world applications. Slides and detailed documentation on the labs will be provided to the students for practice after the class. After the training, the attendees will: Reverse engineer iOS and Android binaries (Apps and system binaries) Be able to audit iOS and Android apps for security vulnerabilities Understand and bypass anti-debugging and obfuscation techniques Get a quick walkthrough on using IDA Pro, Hopper, Frida, etc Get an understanding of ARM64 instruction set (including ARM 8.3) Learn the fundamentals of iOS IPC (XPC, Mach) Get an intro to some common bug categories UaF, Heap overflow, etc Understand how jailbreaks and exploits are written (including iOS 12) Understand some of the latest bugs and mitigations (PAC, CoreTrust, Code Signing)