The Offensive Mobile Malware Analysis course is designed to give a proper understanding of malware threats aimed at iOS and Android platforms. With a focus on mobile OS internals, mobile device vulnerabilities, attack vectors, and security mitigations, this course provides hands-on experience and practical insights. The curriculum begins with an in-depth exploration of iOS and Android architectures, focusing on their security features and platform specific APIs. Participants gain a comprehensive understanding of the challenges posed by modern mobile malware, including obfuscation, anti-detection techniques, and exploit delivery. The course covers sandboxing and the attack surface available from a sandboxed app, and later also discusses creation of jailbreaks and exploits. It also offers a comprehensive insight into reversing Objective-C, Swift, Java, Kotlin and Smali code, as well as native Android and iOS binaries. The curriculum also covers advanced Frida techniques, such as custom tracing, profiling, and advanced memory inspection, with practical application in real-world scenarios. Through case studies of prominent malware like Pegasus, Joker, MasterFred, Hermit, and Cerberus and several custom malware samples designed for the course, the course sheds light on reverse engineering, advanced forensics techniques, and extracting and analyzing forensic artifacts. It concludes with insights into future research opportunities.
Learning Objectives
ARM Instruction set (includes updates from ARMv9)
iOS and Android Security Model
Setting up your own Malware Research Environment
Corellium for Malware Research
Understand how jailbreaks and exploits are written
Reversing Objective-C, Swift, Java, Kotlin, and Smali code
Reversing Native Android and iOS Binaries
Frida for Runtime Analysis
Advanced Frida Techniques (Advanced Memory Inspection, Custom Tracing and Profiling, Inspecting Real-world applications using Frida)
Case Study of Public Malware (Pegasus, Cerberus, MasterFred, etc.)
Case Study of Custom Malware designed for the course
iOS and Android Forensics Techniques
Inspecting Crash Logs
Extraction and Analysis of Forensic Artifacts
Conclusion and Future Research
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):