Offensive Mobile Reversing and Exploitation

After getting great feedback on our 2-day course for several years, we are finally expanding our course to 4-days with additional coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set followed by some reversing exercises. We then learn how to write simple exploits for the ARM64 environment. Next, we move to Mobile browser security. We then cover iOS and Android internals in further detail. We then discuss some of the exploitation techniques using real-world vulnerabilities (e.g., voucher_swap, checkm8) followed by a walkthrough of how jailbreaks are written. The training then moves on to application security based on exploiting custom applications written by the authors of this course in addition to other real-world applications. We then cover a variety of mitigations deployed in real-world apps and discuss how to bypass them.