Mobile Hacking II

HotWAN | July 27-28 & 29-30

Overview

This class provides a better understanding of emerging trends and threats in the mobile space. Participants will audit mobile apps, circumvent operating systems, jailbreak / root devices, leverage mobile forensics and perform a variety of network-based attacks.

Other topics covered:

• iOS / Android / ARM Internals
• Android Exploit Development
• iPhone & iPad Modifications
• Harnessing the Power of Gnuradio and OpenBTS for Man-In-The-Middle Interception, Payload Injection, Fuzzing & Malware Analysis

Schedule

1. Day 1:
• Intro
• Today’s Trends and Emerging Threats
• Mobile Application Auditing
• iOS (Beginner to Advanced) till end of day
2. Day 2:
• Brief Review of Day 1
• Android (Beginner to Advanced) till 2nd Break
• USRP, OpenBTS
• Network Based Fuzzing

Course Modules

• Module 1: Advanced iOS Userland Exploitation
  This module analyzes injector vectors in userland security. Also there will be analysis of several mobile services and how to make use of weaknesses in their implementations, as well as user-driven triggers for a possible code execution. We will be working with a real life example.
• Module 2: Advanced iOS Kernel Exploitation
  This module examines how iOS code signing works and areas of the scheme that could be attacked to run unsigned code. We will also be covering kernel exploitation on iOS and techniques that can be utilized to get around kernel exploit mitigation: namely, kernel/userspace address separation, w^x protection, and kernel address space layout randomization. We will use evasi0n as a real life exploitation example and teach the students how they can create something like it if similar classes of vulnerabilities are discovered.
• Module 3: Advanced iOS Bootloader Exploitation
  This module will be exploiting a low level boot loader across all models -iPhones and iPads. This exploit is ideal for iOS forensic experts.
• Module 4: Baseband Hacking from the Handset
  We will be training how to reverse engineer the Baseband implementation on a smartphone through fuzzing a jailbroken iPhone.
• Module 5: Software Defined Radio Attacks against mobile platforms
  Will be leveraging Base stations for Cellular Interception / Tracking on 2G/3G/4G Networks
• Module 6: Android Exploitation
  This module analyzes various attacks on Android Devices
• Module 7: Advanced Malware for Android
  This module encompasses bypassing anti-malware on smartphones, injection techniques, back channels and reverse engineering on Android Devices
• Module 8: Android Forensics
  This module examines Android systems from a forensic perspective

Requirements

• Mac, Windows and Linux experience helpful

Questions

blake@hotwan.com

What Students Will Be Provided With

White Papers, Presentations, Tools, Images

What Students Should Bring

• The Trainer uses a Mac Book Pro, running Mountain Lion, 8 Gig of RAM, with the latest VMFusion installed with Xcode. If you have a Mac, use the latest version of VMFusion. Trainers may use IDA Pro. If you don’t bring IDA Pro, certain exercises might need to be observed.
• Windows 7 laptops are also supported with the latest version of VMWare. OS X based exercises will need to be observed if you don't bring a Mac to class.
• Around 100 Gig of drive space is needed for 'custom-baked' VM image, tools and other 'stuff'. The VM Image was created as a Workstation 6.5-7.x Virtual Machine.
• We will be using iPhone 4/ 4S /5, iPad 2/3, Nexus S, Galaxy Nexus and USRP N200. Participants should bring their own variety of lab smartphones / tablets and use at their own 'risk'. Though unlikely, one such risk is that your device may get 'bricked' in a lab exercise and may not function ever again. Caution will be given for specific labs.
• Being a hacking class, you will need to turn off your anti-virus / anti-spyware protection mechanisms as they may zap / quarantine / interfere with certain files used in the course lab exercises.
• For more seasoned mobile hackers, bring your already rooted / jailbroken devices to class.

Trainers

HotWAN has sourced content from variety of experts in the mobile space.

David Wang (@planetbeing) is a member of the iPhone Dev Team and Evad3rs. He is a former developer of many iOS jailbreak tools including redsn0w, xpwn, and QuickPwn. He’s worked actively on the latest public jailbreaks for iOS. He has also found and successfully exploited several vulnerabilities in iOS 6, leading to an untethered jailbreak.

Nikias Bassen (@pimskeks) is a member of the Evad3rs and has found several flaws and directory traversals in iDevice services that allowed installation the latest iOS 6 jailbreak. Apart from reverse engineering and security research he founded the company samaraIT and is working as an independent developer for international clients.

Josh Hill (@p0sixninja) former member of the Chronic Dev Team. He has been an iOS Jailbreaker for more than 5 years

Axelle Apvrille (@cryptax) is a Mobile Malware Expert with a background in reverse engineering and Software Defined Radio using USRPs

Aditya Gupta (@adi1391) is the co-founder of XY Security, an information security firm based in India, which focusses on Mobile Devices security. His main expertise include Android Malware Analysis and Reversing, writing automated security tools and Android App Pentesting.

Subho Halder (@sunnyrockzzs) is the co-founder of XYSecurity, where he focusses on Android security research, product development and iOS App pentesting. He also enjoys giving talks and trainings on Android and iOS Exploitation in international conferences.

Shawn Valle is the secure mobile computing lead at The MITRE Corporation’s cyber security division. His areas of expertise include mobile computing, cyber security, enterprise software, and identity management systems.

Georgia Weidman (@georgiaweidman) is the Founder of Bulb Security LLC. She was the recipient of a DARPA CyberFast Track grant to develop the Smartphone Pentest Framework, a tool for assessing the security posture of mobile devices.

Drew Porter (Security +, CEH) is a Senior Security Analyst at Stach & Liu,. In this role, he focuses on wireless assessments, hardware security, penetration testing, and cellular research. Prior to joining Stach & Liu, Drew worked as a Mobile Security Exploit Engineer for a defense contractor and a System Security Architect for an EMR Software Company. Drew is a sought after speaker, and has presented at ToorCon, BSides, and ICDW.

Blake Turrentine is the CEO of HotWAN and enjoys mobile vulnerability research and exploitation for iOS and Android platforms. He also has a keen interest in applied Software Defined Radio against smartphone devices.