DeepSec 2022 Training: Mobile Security Testing Guide Hands-On (Hybrid edition) – Sven Schleier

Sanna/ July 12, 2022/ Training/ 0 comments

This course teaches you how to analyse Android and iOS apps for security vulnerabilities, by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven will share his experience and many small tips and tricks to attack mobile apps that he collected throughout his career and bug hunting adventures. We asked Sven a few more questions about his training. Please tell us the top 5 facts about your training. Learn a holistic and consistent method for testing the security of mobile apps A full Penetration Test against iOS apps can also be done on a non-jailbroken device! Learn how to bypass Anti-Frida security controls in a mobile app with… FRIDA! Focus on hands-on exercises during the training with vulnerable apps build by the trainer You just need to

Read More

DeepSec 2020 Online Training: Mobile Security Testing Guide Hands-On – Sven Schleier & Ryan Teoh

Sanna/ September 3, 2020/ Conference, Training

This online course teaches you how to analyse Android and iOS apps for security vulnerabilities, by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven and Ryan will share their experience and many small tips and tricks to attack mobile apps. We asked Sven and Ryan a few more questions about their training. Please tell us the top 5 facts about your training. Learn a holistic methodology for testing the security of mobile apps A full Penetration Test against iOS apps can also be done on non-jailbroken devices! Learn how to bypass Anti-Frida security controls in a mobile app with Frida Focus on hands-on exercises during the training with vulnerable apps build by the trainers You just need to have a laptop (no Android or iOS devices

Read More

ROOTS 2018 Talk: The Swift Language from a Reverse Engineering Perspective – Malte Kraus & Vincent Haupert

Sanna/ November 13, 2018/ Conference, ROOTS

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new language has to some extent obsoleted existing techniques for program analysis for these platforms, like method swizzling and “class-dump”. In this paper we discuss features of Swift binaries that help in reverse engineering the functionality of the contained code: We document the memory layout of compound data types and the calling convention used by the Swift compiler, as well as the runtime type information that is used by runtime and debugger when data types are not known statically. This

Read More