On This Page

Breaking & Hacking Mobile Apps

VULNEX | March 24-25


The course is two days and hands-on with a bunch of labs, so be ready to think, test, and break Apps.

Day 1:
  • Security overview of mobile platforms (Android and iOS) Ð architecture, sandboxing, permissions, storage, and communications.
  • Jail breaking / rooting devices.
  • Attacks on mobile devices (At Transit & At Rest).
  • Attack Lab Setup (Real devices & Emulators, Proxies, etc.).
  • Cross platform technologies & programming languages.
  • Tools of Trade (decompilers, attack & audit frameworks, etc.).

Day 2:
  • OWASP Mobile Top 10 & other common bugs.
  • Reversing Apps -- case study of real Apps.
  • Audit Apps for security.
  • Mobile Malware on the rise.
  • Static & dynamic analysis techniques to discover bugs.

Who Should Take this Course

Penetration testers and InfoSec professionals, offense-driven security staff, and anyone interested in getting up-to-date in mobile security testing.

Student Requirements

  • Basic knowledge running Linux and command line tools.
  • Basic programming: Java, C/C++, Python.

What Students Should Bring

Students will need to bring their own laptop with:
  • Wired or Wireless network card.
  • 4GBs of RAM or more (8GB recommended).
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion).
  • Any jailbroken mobile devices (2 devices) to be used in class (1 Android and 1 iPhone / iPod).
  • We will provide Linux images with all the tools needed.

What Students Will Be Provided With

  • A Linux image with all the tools needed for the class.
  • PDF version of the slide deck.
  • PDF Course Lab write-up.


Simon Roses Femerling holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston), and an Executive MBA from IE Business School (IE, Madrid). Currently, he is the CEO at VULNEX, driving security innovation. Previously, he was at Microsoft, PriceWaterhouseCoopers, and @Stake.

Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products. Simon was awarded with a DARPA Cyber Fast Track (CFT) grand to research on application security. He is a frequent speaker at security industry events including Black Hat, RSA, HITB, OWASP, SOURCE. DeepSec and Microsoft Security Technets. CISSP, CEH & CSSLP. Blog: www.simonroses.com.