Syllabus_MASPT

The most practical and comprehensive training course on Mobile Security and Penetration TestA bridge to the gap between Web application attack and defense. Web application attack and defense are related  MASPT at a glance:  10 highly practical modules  4 hours of video material  1200+ interactive slides  20 Applications to practice with  Leads to eMAPT certification  Most practical and up-to-date course on Mobile Application Security and Penetration testing  Covers Mobile OSs Security Mechanisms and Implementations  Exposes Android and iOS vulnerabilities in-depth  For Penetration testers, Forensers and Mobile app developers eLearnSecurity has been chosen by students in 120 countries in the world and by leading organizations such as: a number of vulnerable mobile applications. Moreover. Unlike iOS. the Android related modules do not require the possession of an Android device: Android SDK provides all the necessary tools for both Windows and *Nix systems. physical devices such as iPod. strong programming skills are not required. 2 . will give the student the chance to practice and learn things by actually doing them: from decrypting and disassembling applications. included in the training course. iPhone.Mobile Application Security and Penetration Testing (MASPT) is the online training course on Mobile Application Security that gives penetration testers and IT Security professionals the practical skills necessary to understand technical threats and attack vectors targeting Mobile devices. iPad might be necessary. NOTE: In order to go through some of the techniques explained in the iOS related modules. The student will learn how to code simple iOS and Android applications step by step. Although the course uses and explains several snippets of iOS and Android Applications source codes. We also believe this course will be interesting and entertaining for developers who want to know more about security mechanisms and features implemented in mobile OSs such as Android and iOS. The course will walk you through the process of identifying security issues on Android and iOS Applications. Basic mobile application development skills are provided within the training course. Static/Dynamic/Runtime and Network analysis. to writing fully working exploits and malicious applications. using a wide variety of techniques including Reverse Engineering. These will be necessary to fully understand mobile application security and to build real world POC’s and exploits. The MASPT training course benefits the career of Penetration Testers and IT security personnel in charge of defending their organization applications and data. During the study of the training course you will find several labs to practice with. while we explain you all the necessary concepts. During this training course you will have to deal with several guided challenges. With real examples and labs that reflect real-world application vulnerabilities. You will solve these together with us. you know that you learned and understood the concepts behind it properly. 3 . Just don't expect the outdated way of learning by reading pages and pages of theoretical methodologies. Then you are free to practice as long as you want to on these experiments. Your achievements will tell. NO BORING THEORIES ABOUT THE UNIVERSE This course is practical and entertaining. If you can solve a challenge. We show you how attacks work in practice.This course is probably not for you if you are looking for something that:     Teaches you how to jailbreak or root iOS/Android Devices Will give you a certification without any effort You can memorize to pass a multiple-choice test Will not make you think eLearnSecurity courses are very interactive and addictive. Or will I only find out during the exam if I actually learned something? The answer to these questions is very simple. so knowledge and fun is guaranteed. The final deliverable will be a working and reproducible proof of concept that will be reviewed by the training course instructor. You can print your shiny new certificate directly or have it shipped to you internationally. The final exam consists of a hands-on challenge in which the student has to prove the skills acquired during the training course. Once you pass the final exam.Yes. The student will be provided with a real world scenario of two Android applications to analyze and pentest. you will be awarded with the eMAPT "eLearnSecurity Mobile Application Penetration Tester" certification. 4 . The student is provided with a suggested learning path to ensure the maximum success rate and the minimum effort. - Module 1: Mobile Devices Overview Module 2: Mobile OS Architectures & Security Models Module 3: Android: Setting up a test environment Module 4: iOS: Setting up a test environment Module 5: Android: Reverse Engineering & Static Analysis Module 6: iOS: Reverse Engineering & Static Analysis Module 7: Android: Dynamic/Runtime Analysis Module 8: iOS: Dynamic/Runtime Analysis Module 9: Android: Network Analysis Module 10: iOS: Network Analysis 5 . OWASP Top 10 Mobile Risks 1.2.1.1.Malwares 1.User Profiles 1. Why Mobile Security 1.3.2. Taxonomy of Security Threats 1.1.6. Mobile Platforms 1.6.2.iOS 1.3. Malware History 1.3.2.3.Poor Keyboards 1.3.3.5.Web Browsing 1.3.1.4.Physical Security 1.Patching and Updating 6 .In this module we will see which the most used mobile platforms are and why mobile security is so critical nowadays.1. 1. Malware Spreading 1.3.3.3.7. We will enumerate the most important mobile threats and provide a taxonomy useful to fully understand the rest of the training course.6.3.Android 1.1. 2. Android 2.iOS Security Models 2. Components 2.1.iOS Architecture 2.1. Permission Model 2.4.2.2.6.2. DEP/ASLR 2. Sandbox 2.2. Google Bouncer 2.4.1.7.3. Keychain and Encryption 2. Reduced OS 2.2.1.6.2. Privilege Separation and Sandboxing 2. Storage and Database Isolation 2.2.1.1.1.2.3.2.1.3.7.2. 2. File System Isolation 2. iOS 2.5.2.Android Architecture 2.1.2. Memory Management Security Enhancement 2.1.2.2.2.2.2.1.2.Android Security Models 2. Application Signing 2.2.5.2.2.2.3.8.2.1.The second module covers in great details all the security features and mechanisms implemented in the two most important mobile Operating Systems: Android and iOS. Security iOS Overview 2.2.1.2.1.2.Jailbreaking Devices 7 . Code Signing 2.Rooting Devices 2.2.2.1.1.2. Privilege Separation 2. 6.1.2.1.3.Connect Actual Devices via USB 3.Windows OS 3.1.3.10.1.4.SSH 3.Create New Virtual Device 3. Install / Uninstall Application with gdb 3. Browse the Device 3.4.3. An in-depth coverage of how to create and interact with Android Emulated and Actual Devices will help the student build strong foundations necessary to understand attacks and techniques covered in the following modules.1.In this module the student will learn how to create and configure the local environment for the Android SDK and all the Android related tools.1.BusyBox 3.7.Start AVD 3.1.4.9. Android SDK 3. Eclipse IDE 3.4. Move Files from/to the Device 3.1.4.VNC Video and practical sessions included in this module 8 .2.4.1. DDMS File Explorer 3.4.1.1. ADB Shell 3.1.2.3. Interact with the Devices 3.1.4.3. Sqlite3 3.5.Linux OS 3.3.1. List Devices 3. AVD and Actual Devices 3.4.3.4.Run and Interact with Virtual Devices 3.4. Gather Devices Information 3.3.3.3.4. 3. Mount Device Disk 3.Edit Virtual Devices Definitions 3.Android Debug Bridge 3.4.8.Install and Run Custom Application 3. Read Databases 3.1.4.2.1.4.4.2.6.5.5.4.4.4.1.Improve Virtual Devices Performance 3. Windows OS 4.1.5.Xcode IDE 4.2.SSH Access 4.3. Don’t code sign 4.5.1. Library and Caches 4.Extract Files from Devices 4.3.8.Export Installed Apps 4.5.3.5.3. Xcode Organizer 4.SFTP (FTP via SSH) 4.5. Databases 4.4.10. iOS Simulator and Xcode Limitations 4.Explorer Software 4.Databases 4.3.5.5. Interact with Jailbroken Devices 4.3.3.Browse Application Files and Folders 4.2. Mac/Linux OS 4.1. SSH Access 4. install and run them on emulated and actual devices as well as use tools to access and inspect data and files stored on the device.5.1. Create and Run Custom Apps 4.2.1.Plist Files 4. write iOS applications.5.ipa 4.app to .Directory Structure 4. File System and Device Interaction 4.5.2.3.This module focuses on how to configure the Mac OS environment to work with simulated and iDevices.5.3.4.Logs and Cache Files 4.11.bynaricookies 4.Install Applications 4.5. Plist 4. 4.Edit Existing Application Files 4.4.9.7.1.1.Snapshots 4.3.5. The student will learn how to interact with the device.5.5.2.7.3.Run Apps without Developer Account 4.5. SSH via cable (USB) 4.1.5.5.5. Cookies.3.iOS Simulator 4. Self-Signed Certificate 4.3.1.1.5.5.3.1. iOS SDK 4.6.3.5.5.5.1.4.4.Writing an iOS App 4. From . Backups 4.4.3.3.3.6.3.3.2.VNC 4.1.2.3.3.5.5. BigBoss Recommended Tools 4.1.Keychain Dumper Video and practical sessions included in this module 9 . 5. LABS 5.7.Locating Information 6. 6. Moreover the student will be exposed to techniques and tools used for binary decompiling. Plist 6. reading the application source code and gathering hardcoded information. Decompiling and Disassembling . Decompiling iOS Apps: class-dump 6. Smali 5. .App files 6. the student will learn how Android applications are built and packaged in order to effectively reverse engineer them. Decompiling iOS Apps: Otools 6.jar files 5.5. Patching iOS Apps – Simulator Video and practical sessions included in this module 10 . Several tools will be used to access and inspect information contained in the applications binaries. Decompile .2.1.6.6.4.1.3.ipa and .6.apk files 5.2.In the beginning.jar to Source Code 5.6.3. From . Decompiling iOS Apps: IDA 6. Patching Binaries Video and practical sessions included in this module During this module the student will go through the process of decompiling iOS applications. 5. LAB 6.1.apk to .Locating Secrets 5.4.6.7.2.Bypassing Security Controls 5.1. Decompiling/Disassembling Overview 5. DDMS 7. Query a Content Provider 7.2.4.3.3. The student will learn how to subvert the normal execution flow of an application to access restricted information.3.2. LAB: Bypass Security Checks 7.MAT 7. LogCat 7.1.4.3.3.5. Find the Correct URI 7.3.DDMS 7. SQL Injection 7. IPC Mechanisms and App Components 7.2.2. Directory Traversal 7.5. the student will be able to bypass security controls and write exploit applications targeting implementations of Android IPC mechanisms.HPROF 7.3. Example #2 7.Strings 7.Android Tools 7. data and areas.3.5. Example #3 7.5.1.5.4.4.5.4. Example #1 7.3.3.6.3.1.1. Memory Analysis 7.2. Debugging 7.4.3.5.5.5.5. LAB: SQL injection 7. Monkey 7.5. Activity Manager 7.5.5.2. Memory analysis techniques will be covered through the use of different tools for different purposes.2.Inspect HPROF Dump 7.2.3. At the end of this highly practical module.5.Content Providers 7.4.5. LAB: Content Providers Leakage 7.1.Intents 7.During this module the student will learn how to access runtime information on Android devices.3.5.5.5.7.4.1.5.SharedUID Video and practical sessions included in this module 11 .4.5.6. 7.1. 1.1.1. Decrypt Applications Binaries: Clutch 8.Ldid 8.1.1.3.1. 8.8.1.Edit cryptid values 8.7. Bypass the Lock Screen 8.1.4.1.1.Calculating Area to Dump 8.1.Identify ASLR/PIE 8. The aim of this module is to teach the student how applications can be decrypted at runtime as well as how they can be manipulated in order to force the application to run or display restricted areas.1.1.3. GDB 8. MachOView 8.4.7.Debug/Run the App 8. Manually Decrypt Applications Binaries 8.5.During this module the student will become familiar with the most important tools and techniques for dynamic analysis and runtime manipulations on iDevice.4.1.1.3.Objc_msgSend 8.3.3.4.GDB 8.4. Attack Custom Apps: LogMeIn2 8. provided within the module. The student will be guided step by step through the exploitation process of real world iOS applications.4.ARMv6 Processor Registers 8.Runtime Analysis with GDB 8.4. the student will learn how to bypass security controls implemented within the target application.Mere the Dump 8.2.1.3.6.3.1. Attach Cycript to a Process 8.1.2. Interact with Cycript 8.1.3.Attach GDB and Dump the Area 8.1.3.3. Pop up an Alert at runtime 8.3.1.Attack Applications with GDB Video and practical sessions included in this module 12 .1.Cycript 8. By using advanced debugging techniques and tools.2.5.3. Attack Custom Apps: LogMeIn 8.4. Runtime Manipulation 8. Install Cycript 8.7.2.6. Traffic Manipulation Video and practical sessions included in this module This module focuses on specific configurations that allow a user to intercept and sniff all the iOS device communications. Charles 10.2. Proxying Simulators and Actual Devices 10.1.This module focuses on specific configurations that allow a user to intercept and sniff all the Android device communications.5.4.2.1.5.1. Proxying Emulators and Actual Devices 9.2. SSL Traffic on Actual Devices 10.4. Proxying and Intercepting SSL Traffic: Charles 10. Proxying and Intercepting SSL Traffic: Burp 10.3.3. Intercept Application and SSL Traffic 9. The student will learn how to analyze and manipulate the traffic that goes through the Android device. 10.Intercept with Rooted Device and ProxyDroid 9.5. 9. Traffic Sniffing 9. The student will learn how to analyze and manipulate the traffic that goes through the iOS device.3. Traffic Sniffing 10. Burp Video and practical sessions included in this module 13 .1. About eLearnSecurity A leading innovator in the field of practical. Italy 14 . Based in Pisa (Italy). hands-on IT security training. eLearnSecurity © 2014 Via Matteucci 36/38 56124 Pisa. Dubai (UAE) and in San Jose (USA). eLearnSecurity's mission is to advance the career of IT security professionals by providing affordable and comprehensive education and certification. eLearnSecurity is a leading provider of IT security and penetration testing courses including certifications for IT professionals. All eLearnSecurity courses utilize engaging eLearning and the most effective mix of theory. practice and methodology in IT security .all with real-world lessons that students can immediately apply to build relevant skills and keep their organization's data and systems safe.