Mobile Hacking II

HotWAN | July 27-28 & 29-30

Overview

This class provides a better understanding of emerging trends and threats in the mobile space. Participants will audit mobile apps, circumvent operating systems, jailbreak / root devices, leverage mobile forensics and perform a variety of network-based attacks.

Schedule

1. Day 1:
• Intro
• Today’s Trends and Emerging Threats
• Mobile Application Auditing
• iOS (Beginner to Advanced) till end of day
2. Day 2:
• Brief Review of Day 1
• Android (Beginner to Advanced) till 2nd Break
• USRP, OpenBTS
• Network Based Fuzzing

Course Modules

• Module 1: Advanced iOS Userland Exploitation
  This module analyzes injector vectors in userland security. Also there will be analysis of several mobile services and how to make use of weaknesses in their implementations, as well as user-driven triggers for a possible code execution. We will be working with a real life example.
• Module 2: Advanced iOS Kernel Exploitation
  This module examines how iOS code signing works and areas of the scheme that could be attacked to run unsigned code. We will also be covering kernel exploitation on iOS and techniques that can be utilized to get around kernel exploit mitigation: namely, kernel/userspace address separation, w^x protection, and kernel address space layout randomization. We will use evasi0n as a real life exploitation example and teach the students how they can create something like it if similar classes of vulnerabilities are discovered.
• Module 3: Advanced iOS Bootloader Exploitation
  This module will be exploiting a low level boot loader across all models -iPhones and iPads. This exploit is ideal for iOS forensic experts.
• Module 4: Baseband Hacking from the Handset
  We will be training how to reverse engineer the Baseband implementation on a smartphone through fuzzing a jailbroken iPhone.
• Module 5: Software Defined Radio Attacks against mobile platforms
  Will be leveraging Base stations for Cellular Interception / Tracking on 2G/3G/4G Networks
• Module 6: Android Exploitation
  This module analyzes various attacks on Android Devices
• Module 7: Advanced Malware for Android
  This module encompasses bypassing anti-malware on smartphones, injection techniques, back channels and reverse engineering on Android Devices
• Module 8: Android Forensics
  This module examines Android systems from a forensic perspective

Requirements

• Mac, Linux, Windows experience helpful.
• Attendees bring their own laptops.

Who Should Take This Course

1. Hackers
2. Mobile Application Auditors
3. Security Professionals involved in Mobile Security

Questions

blake@hotwan.com

What Students Will Be Provided With

White Papers, Presentations, Tools, Images, *Other stuFF

What Students Should Bring

• Often times, Trainers use a Mac Book Pro, running Mountain Lion, 8 Gig of RAM, with the latest VMFusion installed with Xcode. If you have a Mac, use the latest version of VMFusion. Some Trainers may use IDA Pro. If you don’t bring IDA Pro, certain exercises might need to be observed.
• Windows 7 laptops are also supported with the latest version of VMWare. OS X based exercises will need to be observed if you don't bring a Mac to class.
• Around 100 Gig of drive space is needed for 'custom-baked' VM image, tools and other 'stuff'. The VM Image was created as a Workstation 6.5-7.x Virtual Machine.
• We will be using iPhone 4/ 4S /5, iPad 2/3, Nexus S, Galaxy Nexus and USRP N200. Participants should bring their own variety of lab smartphones / tablets and use at their own 'risk'. Though unlikely, one such risk is that your device may get 'bricked' in a lab exercise and may not function ever again. Caution will be given for specific labs.
• Being a hacking class, you will need to turn off your anti-virus / anti-spyware protection mechanisms as they may zap / quarantine / interfere with certain files used in the course lab exercises.
• For more seasoned mobile hackers, bring your already rooted / jailbroken devices to class.

Trainers

HotWAN has sourced content from variety of experts in the mobile space.

David Wang (@planetbeing) is a member of the iPhone Dev Team and Evad3rs. He is a former developer of many iOS jailbreak tools including redsn0w, xpwn, and QuickPwn. He’s worked actively on the latest public jailbreaks for iOS. He has also found and successfully exploited several vulnerabilities in iOS 6, leading to an untethered jailbreak.

Nikias Bassen (@pimskeks) is a member of the Evad3rs and has found several flaws and directory traversals in iDevice services that allowed installation the latest iOS 6 jailbreak. Apart from reverse engineering and security research he founded the company samaraIT and is working as an independent developer for international clients.

Josh Hill (@p0sixninja) former member of the Chronic Dev Team. He has been an iOS Jailbreaker for more than 5 years

Aditya Gupta (@adi1391) is the co-founder of XY Security, an information security firm based in India, which focusses on Mobile Devices security. His main expertise include Android Malware Analysis and Reversing, writing automated security tools and Android App Pentesting.

Subho Halder (@sunnyrockzzs) is the co-founder of XYSecurity, where he focusses on Android security research, product development and iOS App pentesting. He also enjoys giving talks and trainings on Android and iOS Exploitation in international conferences.

Jonathan Stuart (@dent1zt) former BSD developer/commiter, reverse engineer. Specialties: Unix, Linux, OS kernels (ARM, SPARC, MIPS, x86).Experience: 12 years of industry experience finding vulnerabilities and writing exploitation mechanisms for said remote/lal vuln.

Georgia Weidman (@georgiaweidman) is the Founder of Bulb Security LLC. She was the recipient of a DARPA CyberFast Track grant to develop the Smartphone Pentest Framework, a tool for assessing the security posture of mobile devices.

Drew Porter (@IAmRedShift) [Security +, CEH] is a Senior Security Analyst at Stach & Liu,. In this role, he focuses on wireless assessments, hardware security, penetration testing, and cellular research. Prior to joining Stach & Liu, Drew worked as a Mobile Security Exploit Engineer for a defense contractor and a System Security Architect for an EMR Software Company. Drew is a sought after speaker, and has presented at ToorCon, BSides, and ICDW.

Blake Turrentine, CEO of HotWAN