Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Practical Mobile Application Exploitation
This comprehensive course provides you with in-depth knowledge and practical tools for mastering Android and iOS app security. Whether you're a beginner or a seasoned security enthusiast, our fast-paced curriculum, featuring intensive hands-on labs, will empower you to effectively exploit and secure mobile apps.
We are bringing an updated version of the course with the latest tools & techniques. The training is based on exploiting vulnerable apps written by the authors, as well as exploiting a wide range of real-world application vulnerabilities. The students will get an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. The students will also learn how to reverse engineer iOS and Android Apps and system binaries. After the workshop, the students will be able to successfully pentest and secure applications running on iOS and Android platforms. This course prepares you for the Certificate Mobile Security Engineer (CMSE) certification exam, a hands-on assessment specifically designed to test your ability to exploit real-world vulnerabilities commonly found in mobile applications.
Course Overview
To successfully participate in this course, attendees should possess the following:
Working knowledge of cybersecurity and pen testing fundamentals
Basic working knowledge of iOS and Android platforms
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
Basic ARM/AARCH64 binary assembly knowledge is recommended, but not required
Learning Objectives
Learn how to set up your own Lab environment for testing
Learn how to Reverse engineer iOS and Android binaries (Apps and system binaries)
Get an understanding of the ARM64 Instruction Set
Get PoC applications to perform 1 click exploits on Mobile apps
Learn how to debug iOS and Android apps
Get an intro to common bug various bug categories on Android and iOS systems
Learn to audit iOS and Android apps for security vulnerabilities
Understand and bypass anti-debugging and obfuscation techniques
Learn manual and automated ways of bypassing exploit mitigations
Learn to identify vulnerabilities in native as well as Cross-platform apps
Learn to exploit different iPC mechanisms in iOS and Android apps
Get a detailed walkthrough on using IDA Pro, Hopper, Ghidra, etc.
Secure Mobile apps by implementing custom solutions
Become a Certified Mobile Security Engineer (CMSE)
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.