1. صفحه اصلی
  2. آموزش آفلاین
  3. تست و نفوذ
  4. تست نفوذ و امنیت موبایل | SANS SEC575: Mobile Device Security

تست نفوذ و امنیت موبایل | SANS SEC575: Mobile Device Security

این دوره به صورت اورجینال و زبان اصلی میباشد
575

نوع آموزش: آفلاین

پشتیبانی: تیکتینگ

 

ارائه مدرک: ندارد

زبان آموزش:

فارسی/ انگلیسی 

(طبق توضیحات)

بازگشت وجه:

طبق قوانین سایت

قیمت

4,850,000 ریال
  • Mobile Problems and Opportunities

    • Challenges and opportunities for secure mobile phone deployments
    • Weaknesses in mobile devices
    • Exploiting weaknesses in mobile apps: Bank account hijacking exercise

    Mobile Device Platform Analysis

    • iOS and Android permission management models
    • Code signing weaknesses on Android
    • Inter-app communication channels on iOS
    • Android app execution: Android Runtime vs. Android Dalvik virtual machine
    • Android Nougat security benefits

    Wearable Platforms

    • Application isolation and data sharing for Apple Watch
    • Network connectivity and Android Wear apps
    • Data exfiltration in WatchOS
    • Weaknesses in wearable device authentication controls
    • Deficiencies in Android Wear and storage encryption

    Mobile Device Lab Analysis Tools

    • Using iOS and Android emulators
    • Android mobile application analysis with Android Debug Bridge (ADB) tools
    • Uploading, downloading, and installing applications with ADB
    • Application testing with the iOS Simulator

    Mobile Device Malware Threats

    • Trends and popularity of mobile device malware
    • Mobile malware command and control architecture
    • Efficiency of Android ransomware malware threats
    • Analysis of iOS malware targeting non-jailbroken devices
    • Hands-on analysis of Android malware
    • Mobile malware defenses: What works and what doesn’t
    SEC575.2: Mobile Platform Access and Application Analysis

    Unlocking, Rooting, and Jailbreaking Mobile Devices

    • Legal issues with rooting and jailbreaking
    • Jailbreaking iOS
    • Android root access through unlocked bootloaders
    • Root exploits for Android
    • Debugging and rooting Android Wear devices
    • Using a rooted or jailbroken device effectively: Tools you must have!

    Mobile Phone Data Storage and File System Architecture

    • Data stored on mobile devices
    • Mobile device file system structure
    • Decoding sensitive data from database files on iOS and Android
    • Extracting data from Android backups
    • Using file system artifacts for location disclosure attacks beyond GPS coordinates
    • Hands-on attacks against password management apps

    Network Activity Monitoring

    • Mobile application network capture and data extraction
    • Capturing iOS cellular/4G network traffic
    • Transparent network proxying for data capture
    • Encrypted data capture manipulation
    • Extracting files and sensitive content from network captures
    • Recovering sensitive data from popular cloud storage providers

    Static Application Analysis

    • Retrieving iOS and Android apps for reverse engineering analysis
    • Decompiling Android applications including Android Wear
    • Circumventing iOS app encryption with Dumpdecrypted and Rasticrac
    • Header analysis and Objective-C disassembly
    • Accelerating iOS disassembly: Hopper and IDA Pro
    • Swift iOS apps and reverse engineering tools
    SEC575.3: Mobile Application Reverse Engineering

    Automated Application Analysis Systems

    • iOS application vulnerability analysis with Needle
    • Structured iOS application header analysis
    • Tracing iOS application behavior and API use
    • Effective Android application analysis with Androwarn
    • Android application interaction and Intent manipulation with Drozer
    • Extracting secrets with KeychainDumper

    Reverse Engineering Obfuscated Applications

    • Identifying obfuscation techniques
    • Decompiling obfuscated applications
    • Effective reconstructed code annotation with Android Studio
    • Decrypting obfuscated content with Simplify

    Application Report Cards

    • Step-by-step recommendations for application analysis
    • Tools and techniques for mobile platform vulnerability identification and evaluation
    • Recommended libraries and code examples for developers
    • Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
    • Android and iOS critical data storage: Keychain and key store recommendations
     SEC575.4: Penetration Testing Mobile Devices, Part 1

    Manipulating Application Behavior

    • Runtime iOS application manipulation with Cycript
    • iOS method swizzling
    • Android application manipulation with Apktool
    • Reading and modifying Dalvik bytecode
    • Adding Android application functionality, from Java to Dalvik bytecode

    Using Mobile Device Remote Access Trojans

    • Building RAT tools for mobile device attacks
    • Hiding RATs in legitimate Android apps
    • Customizing RATs to evade anti-virus tools
    • Integrating the Metasploit Framework into your mobile pen test
    • Effective deployment tactics for mobile device Phishing attacks

    Wireless Network Probe Mapping

    • Monitoring network probing activity
    • Visualizing network discovery and search
    • Wireless anonymity attacks
    • Exploiting iOS and Android wireless network scanning characteristics

    Weak Wireless Attacks

    • Wireless network scanning and assessment
    • Exploiting weak wireless infrastructure
    • Monitoring mobile device network scanning
    • Exploiting “Google WiFi” and iPad or iPhone captive portal detection
    • Secure network impersonation

    Enterprise Wireless Security Attacks

    • Exploiting WPA2 Enterprise networks with certificate impersonation
    • Manipulating enterprise wireless authentication protocols
    • RADIUS server impersonation attacks
     SEC575.5: Penetration Testing Mobile Devices, Part 2

    Network Manipulation Attacks

    • Using man-in-the-middle tools against mobile devices
    • Sniffing, modifying, and dropping packets as man-in-the-middle
    • Mobile application data injection attacks

    Sidejacking Attacks

    • Identifying mobile applications vulnerable to sidejacking
    • Using sidejacking effectively in a penetration test
    • Hands-on exploitation of popular mobile applications

    SSL/TLS Attacks

    • Exploiting HTTPS transactions with man-in-the-middle attacks
    • Core pen test technique: TLS impersonation against iOS Mail.app for password harvesting
    • Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks

    Client-Side Injection Attacks

    • Android WebView and JavaScript injection for remote code execution
    • Harvesting session cookies through Android browser vulnerabilities with Metasploit
    • Using the Spec.js library for mobile browser vulnerability detection and exploit delivery

    Web Framework Attacks

    • Site impersonation attacks
    • Application cross-site scripting exploits
    • Remote browser manipulation and control
    • Data leakage detection and analysis
    • Hands-on attacks: Mobile banking app transaction manipulation

    Back-end Application Support Attacks

    • Exploiting SQL injection in mobile application frameworks
    • Leveraging client-side injection attacks
    • Getting end-to-end control of mobile application server resources

حجم فایل ها

برای استفاده

قیمت

4,850,000 ریال
فهرست