The most practical and comprehensive training

course on Mobile Security and Penetration Test

 A bridge to the gap between

Web application attack and
defense.
Web application attack and defense
are related
MASPT at a glance:
 10 highly practical modules

 4 hours of video material

 1200+ interactive slides

 20 Applications to practice with

 Leads to eMAPT certification

 Most practical and up-to-date

course on Mobile Application
Security and Penetration testing

 Covers Mobile OSs Security

Mechanisms and Implementations

 Exposes Android and iOS

vulnerabilities in-depth

 For Penetration testers, Forensers

and Mobile app developers

eLearnSecurity has been chosen by

students in 120 countries in the
world and by leading organizations
such as:
 Mobile Application Security and Penetration Testing (MASPT) is the online
training course on Mobile Application Security that gives penetration testers and
IT Security professionals the practical skills necessary to understand technical
threats and attack vectors targeting Mobile devices.

The course will walk you through the process of identifying security issues on
Android and iOS Applications, using a wide variety of techniques including
Reverse Engineering, Static/Dynamic/Runtime and Network analysis.

The student will learn how to code simple iOS and Android applications step by
step. These will be necessary to fully understand mobile application security and
to build real world POC’s and exploits.

Moreover, a number of vulnerable mobile applications, included in the training

course, will give the student the chance to practice and learn things by actually
doing them: from decrypting and disassembling applications, to writing fully
working exploits and malicious applications.

The MASPT training course benefits the career of Penetration Testers and IT
security personnel in charge of defending their organization applications and
data. We also believe this course will be interesting and entertaining for
developers who want to know more about security mechanisms and features
implemented in mobile OSs such as Android and iOS.

Although the course uses and explains several snippets of iOS and Android
Applications source codes, strong programming skills are not required. Basic
mobile application development skills are provided within the training course.

NOTE: In order to go through some of the techniques explained in the iOS

related modules, physical devices such as iPod, iPhone, iPad might be
necessary. Unlike iOS, the Android related modules do not require the
possession of an Android device: Android SDK provides all the necessary tools
for both Windows and *Nix systems.

2
 This course is probably not for you if you are looking for something that:

 Teaches you how to jailbreak or root iOS/Android Devices

 Will give you a certification without any effort
 You can memorize to pass a multiple-choice test
 Will not make you think

eLearnSecurity courses are very interactive and addictive. During this training
course you will have to deal with several guided challenges, so knowledge and
fun is guaranteed. Just don't expect the outdated way of learning by reading
pages and pages of theoretical methodologies.

NO BORING THEORIES ABOUT THE UNIVERSE

This course is practical and entertaining. We show you how attacks work in
practice. With real examples and labs that reflect real-world application
vulnerabilities.

Or will I only find out during the exam if I actually learned something?

The answer to these questions is very simple. Your achievements will tell. During
the study of the training course you will find several labs to practice with. You
will solve these together with us, while we explain you all the necessary
concepts. Then you are free to practice as long as you want to on these
experiments. If you can solve a challenge, you know that you learned and
understood the concepts behind it properly.

3
 Yes. The final exam consists of a hands-on challenge in which the student has to
prove the skills acquired during the training course.

The student will be provided with a real world scenario of two Android
applications to analyze and pentest.

The final deliverable will be a working and reproducible proof of concept that
will be reviewed by the training course instructor.

Once you pass the final exam, you will be awarded with the
eMAPT "eLearnSecurity Mobile Application Penetration Tester" certification.

You can print your shiny new certificate directly or have it shipped to you
internationally.

4
 The student is provided with a suggested learning path to ensure the maximum
success rate and the minimum effort.

- Module 1: Mobile Devices Overview

- Module 2: Mobile OS Architectures & Security Models
- Module 3: Android: Setting up a test environment
- Module 4: iOS: Setting up a test environment
- Module 5: Android: Reverse Engineering & Static Analysis
- Module 6: iOS: Reverse Engineering & Static Analysis
- Module 7: Android: Dynamic/Runtime Analysis
- Module 8: iOS: Dynamic/Runtime Analysis
- Module 9: Android: Network Analysis
- Module 10: iOS: Network Analysis

5
 In this module we will see which the
most used mobile platforms are and
why mobile security is so critical
nowadays.
We will enumerate the most
important mobile threats and provide
a taxonomy useful to fully
understand the rest of the training
course.
6
1.1. Mobile Platforms
1.1.1.Android
1.1.2.iOS
1.2. Why Mobile Security
1.3. Taxonomy of Security Threats
1.3.1.OWASP Top 10 Mobile Risks
1.3.2.Physical Security
1.3.3.Poor Keyboards
1.3.4.User Profiles
1.3.5.Web Browsing
1.3.6.Malwares
1.3.6.1. Malware History
1.3.6.2. Malware Spreading
1.3.7.Patching and Updating
The second module covers in great
details all the security features and
mechanisms implemented in the two
most important mobile Operating
Systems: Android and iOS.
2.2. iOS
7
2.1. Android
2.1.1.Android Architecture
2.1.2.Android Security Models
2.1.2.1. Privilege Separation and
Sandboxing
2.1.2.2. File System Isolation
2.1.2.3. Storage and Database Isolation
2.1.2.4. Application Signing
2.1.2.5. Permission Model
2.1.2.6. Memory Management Security
Enhancement
2.1.2.7. Components
2.1.2.8. Google Bouncer
2.1.3.Rooting Devices
2.2.1.iOS Architecture
2.2.2.iOS Security Models
2.2.2.1. Privilege Separation
2.2.2.2. Sandbox
2.2.2.3. Code Signing
2.2.2.4. Keychain and Encryption
2.2.2.5. DEP/ASLR
2.2.2.6. Reduced OS
2.2.2.7. Security iOS Overview
2.2.3.Jailbreaking Devices
In this module the student will learn how
to create and configure the local
environment for the Android SDK and all
the Android related tools.
An in-depth coverage of how to create
and interact with Android Emulated and
Actual Devices will help the student build
strong foundations necessary
understand attacks and techniques
covered in the following modules.
Video and practical sessions included in this module
8
3.1. Android SDK
3.1.1.Windows OS
3.1.2.Linux OS
3.2. Eclipse IDE
3.3. AVD and Actual Devices
3.3.1.Start AVD
3.3.2.Edit Virtual Devices Definitions
3.3.3.Create New Virtual Device
to 3.3.4.Run and Interact with Virtual
Devices
3.3.5.Improve Virtual Devices
Performance
3.3.6.Connect Actual Devices via USB
3.4. Interact with the Devices
3.4.1.Android Debug Bridge
3.4.1.1. List Devices
3.4.1.2. Gather Devices Information
3.4.1.3. ADB Shell
3.4.1.4. Browse the Device
3.4.1.5. Read Databases
3.4.1.6. Move Files from/to the
Device
3.4.1.7. Sqlite3
3.4.1.8. DDMS File Explorer
3.4.1.9. Mount Device Disk
3.4.1.10. Install / Uninstall
Application with gdb
3.4.2.Install and Run Custom Application
3.4.3.BusyBox
3.4.4.SSH
3.4.5.VNC
This module focuses on how to configure
the Mac OS environment to work with
simulated and iDevices.
The student will learn how to interact
with the device, write iOS applications,
install and run them on emulated and
actual devices as well as use tools to
access and inspect data and files stored
on the device.
Video and practical sessions included in this module
9
4.1. iOS SDK
4.1.1.Xcode IDE
4.1.2.iOS Simulator
4.1.3.Writing an iOS App
4.2. iOS Simulator and Xcode Limitations
4.3. File System and Device Interaction
4.3.1.Directory Structure
4.3.2.Plist Files
4.3.3.Databases
4.3.4.Logs and Cache Files
4.3.5.Browse Application Files and Folders
4.3.5.1. Plist
4.3.5.2. Databases
4.3.5.3. Library and Caches
4.3.5.4. Cookies.bynaricookies
4.3.6.Extract Files from Devices
4.3.7.Snapshots
4.3.8.Export Installed Apps
4.3.9.Install Applications
4.3.10. SSH Access
4.3.11. Xcode Organizer
4.4. Backups
4.5. Interact with Jailbroken Devices
4.5.1.SSH Access
4.5.1.1. Windows OS
4.5.1.2. Mac/Linux OS
4.5.1.3. SSH via cable (USB)
4.5.1.4. BigBoss Recommended Tools
4.5.2.SFTP (FTP via SSH)
4.5.3.Explorer Software
4.5.4.VNC
4.5.5.Run Apps without Developer
Account
4.5.5.1. Don’t code sign
4.5.5.2. Self-Signed Certificate
4.5.5.3. Create and Run Custom Apps
4.5.5.4. From .app to .ipa
4.5.6.Edit Existing Application Files
4.5.7.Keychain Dumper
In the beginning, the student will learn
how Android applications are built and
packaged in order to effectively reverse
engineer them.
Moreover the student will be exposed
to techniques and tools used for binary
decompiling, reading the application
source code and gathering hardcoded
information.
Video and practical sessions included in this module
During this module the student will go
through the process of decompiling iOS
applications.
Several tools will be used to access and
inspect information contained in the
applications binaries.
Video and practical sessions included in this module
10
5.1. Decompiling and Disassembling .apk files
5.2. Smali
5.3. Decompile .apk to .jar files
5.4. From .jar to Source Code
5.5. Decompiling/Disassembling Overview
5.6. LABS
5.6.1.Locating Secrets
5.6.2.Bypassing Security Controls
5.7. Patching Binaries
6.1. .ipa and .App files
6.2. Plist
6.3. Decompiling iOS Apps: Otools
6.4. Decompiling iOS Apps: class-dump
6.5. Decompiling iOS Apps: IDA
6.6. LAB
6.6.1.Locating Information
6.7. Patching iOS Apps – Simulator
During this module the student will 7.1. Debugging
learn how to access runtime 7.2. LogCat
information on Android devices. 7.3. DDMS
7.4. Memory Analysis
Memory analysis techniques will be 7.4.1.DDMS
covered through the use of different 7.4.2.HPROF
tools for different purposes. 7.4.3.Strings
7.4.4.Inspect HPROF Dump
The student will learn how to subvert 7.4.5.MAT
the normal execution flow of an 7.5. IPC Mechanisms and App Components
application to access restricted 7.5.1.Intents
information, data and areas. 7.5.2.Android Tools
7.5.2.1. Monkey
At the end of this highly practical 7.5.2.2. Activity Manager
module, the student will be able to 7.5.2.3. LAB: Bypass Security Checks
bypass security controls and write 7.5.3.Content Providers
exploit applications targeting 7.5.3.1. Example #1
implementations of Android IPC 7.5.3.2. Example #2
mechanisms. 7.5.3.3. Example #3
7.5.3.4. Query a Content Provider
7.5.3.5. Find the Correct URI
7.5.3.5.1. LAB: Content Providers
Leakage
7.5.3.6. SQL Injection
7.5.3.6.1. LAB: SQL injection
7.5.3.7. Directory Traversal
7.5.4.SharedUID

Video and practical sessions included in this module

11
During this module the student will
become familiar with the most
important tools and techniques for
dynamic analysis and runtime
manipulations on iDevice.
The aim of this module is to teach the
student how applications can be
decrypted at runtime as well as how
they can be manipulated in order to
force the application to run or display
restricted areas.
The student will be guided step by step
through the exploitation process of real
world iOS applications, provided within
the module.
By using advanced debugging
techniques and tools, the student will
learn how to bypass security controls
implemented within the target
application.
Video and practical sessions included in this module
12
8.1. Manually Decrypt Applications Binaries
8.1.1.GDB
8.1.2.Ldid
8.1.3.Identify ASLR/PIE
8.1.4.Calculating Area to Dump
8.1.5.Attach GDB and Dump the Area
8.1.6.Mere the Dump
8.1.7.Edit cryptid values
8.1.7.1. MachOView
8.1.8.Debug/Run the App
8.2. Decrypt Applications Binaries: Clutch
8.3. Runtime Manipulation
8.3.1.Cycript
8.3.1.1. Install Cycript
8.3.1.2. Attach Cycript to a Process
8.3.1.3. Interact with Cycript
8.3.1.4. Pop up an Alert at runtime
8.3.1.5. Bypass the Lock Screen
8.3.1.6. Attack Custom Apps: LogMeIn
8.3.1.7. Attack Custom Apps: LogMeIn2
8.4. GDB
8.4.1.Objc_msgSend
8.4.2.ARMv6 Processor Registers
8.4.3.Runtime Analysis with GDB
8.4.4.Attack Applications with GDB
This module focuses on specific
configurations that allow a user to
intercept and sniff all the Android
device communications.
The student will learn how to analyze
and manipulate the traffic that goes
through the Android device.
9.1. Traffic Sniffing
9.2. Proxying Emulators and Actual Devices
9.3. Intercept Application and SSL Traffic
9.3.1.Intercept with Rooted Device and
ProxyDroid
9.4. Traffic Manipulation

Video and practical sessions included in this module

This module focuses on specific 10.1. Traffic Sniffing

configurations that allow a user to 10.2. Proxying Simulators and Actual Devices
intercept and sniff all the iOS device 10.3. Proxying and Intercepting SSL Traffic:
communications. Charles
10.4. Proxying and Intercepting SSL Traffic: Burp
The student will learn how to analyze 10.5. SSL Traffic on Actual Devices
and manipulate the traffic that goes 10.5.1. Charles
through the iOS device. 10.5.2. Burp

Video and practical sessions included in this module

13
About eLearnSecurity

A leading innovator in the field of practical, hands-on IT security training.

Based in Pisa (Italy), Dubai (UAE) and in San Jose (USA), eLearnSecurity is a leading
provider of IT security and penetration testing courses including certifications for IT
professionals.

eLearnSecurity's mission is to advance the career of IT security professionals by

providing affordable and comprehensive education and certification.
All eLearnSecurity courses utilize engaging eLearning and the most effective mix of
theory, practice and methodology in IT security - all with real-world lessons that
students can immediately apply to build relevant skills and keep their organization's
data and systems safe.

eLearnSecurity © 2014
Via Matteucci 36/38
56124 Pisa, Italy

14