Offensive Mobile Malware Analysis from 8kSec LLC

Offensive Mobile Malware Analysis

The Offensive Mobile Malware Analysis course is designed to give a proper understanding of malware threats aimed at iOS and Android platforms. With a focus on mobile OS internals, mobile device vulnerabilities, attack vectors, and security mitigations, this course provides hands-on experience and practical insights. The curriculum begins with an in-depth exploration of iOS and Android architectures, focusing on their security features and platform specific APIs. Participants gain a comprehensive understanding of the challenges posed by modern mobile malware, including obfuscation, anti-detection techniques, and exploit delivery. The course covers sandboxing and the attack surface available from a sandboxed app, and later also discusses creation of jailbreaks and exploits. It also offers a comprehensive insight into reversing Objective-C, Swift, Java, Kotlin and Smali code, as well as native Android and iOS binaries. The curriculum also covers advanced Frida techniques, such as custom tracing, profiling, and advanced memory inspection, with practical application in real-world scenarios. Through case studies of prominent malware like Pegasus, Joker, MasterFred, Hermit, and Cerberus and several custom malware samples designed for the course, the course sheds light on reverse engineering, advanced forensics techniques, and extracting and analyzing forensic artifacts. It concludes with insights into future research opportunities.

Course Overview

Overall Proficiency Level

1 - Basic

Course Prerequisites

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pen testing fundamentals
Working knowledge of Malware analysis fundamentals on any platform
Basic working knowledge of Android and iOS platforms
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required

Training Purpose

Functional Development

Skill Development

Specific Audience

All

General Public

Federal Employee

Academia

Contractor

Delivery Method

Online, Instructor-Led

Online, Self-Paced

Online, Instructor-Led
Online, Self-Paced

Learning Objectives

ARM Instruction set (includes updates from ARMv9)
iOS and Android Security Model
Setting up your own Malware Research Environment
Corellium for Malware Research
Understand how jailbreaks and exploits are written
Reversing Objective-C, Swift, Java, Kotlin, and Smali code
Reversing Native Android and iOS Binaries
Frida for Runtime Analysis
Advanced Frida Techniques (Advanced Memory Inspection, Custom Tracing and Profiling, Inspecting Real-world applications using Frida)
Case Study of Public Malware (Pegasus, Cerberus, MasterFred, etc.)
Case Study of Custom Malware designed for the course
iOS and Android Forensics Techniques
Inspecting Crash Logs
Extraction and Analysis of Forensic Artifacts
Conclusion and Future Research

Framework Connections

Oversight and Governance

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.