نوع آموزش: آفلاین
تست نفوذ و امنیت موبایل | SANS SEC575: Mobile Device Security
پشتیبانی: تیکتینگ
ارائه مدرک: ندارد
زبان آموزش:
فارسی/ انگلیسی
(طبق توضیحات)
بازگشت وجه:
طبق قوانین سایت
قیمت
-
Mobile Problems and Opportunities
- Challenges and opportunities for secure mobile phone deployments
- Weaknesses in mobile devices
- Exploiting weaknesses in mobile apps: Bank account hijacking exercise
Mobile Device Platform Analysis
- iOS and Android permission management models
- Code signing weaknesses on Android
- Inter-app communication channels on iOS
- Android app execution: Android Runtime vs. Android Dalvik virtual machine
- Android Nougat security benefits
Wearable Platforms
- Application isolation and data sharing for Apple Watch
- Network connectivity and Android Wear apps
- Data exfiltration in WatchOS
- Weaknesses in wearable device authentication controls
- Deficiencies in Android Wear and storage encryption
Mobile Device Lab Analysis Tools
- Using iOS and Android emulators
- Android mobile application analysis with Android Debug Bridge (ADB) tools
- Uploading, downloading, and installing applications with ADB
- Application testing with the iOS Simulator
Mobile Device Malware Threats
- Trends and popularity of mobile device malware
- Mobile malware command and control architecture
- Efficiency of Android ransomware malware threats
- Analysis of iOS malware targeting non-jailbroken devices
- Hands-on analysis of Android malware
- Mobile malware defenses: What works and what doesn’t
SEC575.2: Mobile Platform Access and Application Analysis
Unlocking, Rooting, and Jailbreaking Mobile Devices
- Legal issues with rooting and jailbreaking
- Jailbreaking iOS
- Android root access through unlocked bootloaders
- Root exploits for Android
- Debugging and rooting Android Wear devices
- Using a rooted or jailbroken device effectively: Tools you must have!
Mobile Phone Data Storage and File System Architecture
- Data stored on mobile devices
- Mobile device file system structure
- Decoding sensitive data from database files on iOS and Android
- Extracting data from Android backups
- Using file system artifacts for location disclosure attacks beyond GPS coordinates
- Hands-on attacks against password management apps
Network Activity Monitoring
- Mobile application network capture and data extraction
- Capturing iOS cellular/4G network traffic
- Transparent network proxying for data capture
- Encrypted data capture manipulation
- Extracting files and sensitive content from network captures
- Recovering sensitive data from popular cloud storage providers
Static Application Analysis
- Retrieving iOS and Android apps for reverse engineering analysis
- Decompiling Android applications including Android Wear
- Circumventing iOS app encryption with Dumpdecrypted and Rasticrac
- Header analysis and Objective-C disassembly
- Accelerating iOS disassembly: Hopper and IDA Pro
- Swift iOS apps and reverse engineering tools
SEC575.3: Mobile Application Reverse Engineering
Automated Application Analysis Systems
- iOS application vulnerability analysis with Needle
- Structured iOS application header analysis
- Tracing iOS application behavior and API use
- Effective Android application analysis with Androwarn
- Android application interaction and Intent manipulation with Drozer
- Extracting secrets with KeychainDumper
Reverse Engineering Obfuscated Applications
- Identifying obfuscation techniques
- Decompiling obfuscated applications
- Effective reconstructed code annotation with Android Studio
- Decrypting obfuscated content with Simplify
Application Report Cards
- Step-by-step recommendations for application analysis
- Tools and techniques for mobile platform vulnerability identification and evaluation
- Recommended libraries and code examples for developers
- Detailed recommendations for jailbreak detection, certificate pinning, and application integrity verification
- Android and iOS critical data storage: Keychain and key store recommendations
SEC575.4: Penetration Testing Mobile Devices, Part 1
Manipulating Application Behavior
- Runtime iOS application manipulation with Cycript
- iOS method swizzling
- Android application manipulation with Apktool
- Reading and modifying Dalvik bytecode
- Adding Android application functionality, from Java to Dalvik bytecode
Using Mobile Device Remote Access Trojans
- Building RAT tools for mobile device attacks
- Hiding RATs in legitimate Android apps
- Customizing RATs to evade anti-virus tools
- Integrating the Metasploit Framework into your mobile pen test
- Effective deployment tactics for mobile device Phishing attacks
Wireless Network Probe Mapping
- Monitoring network probing activity
- Visualizing network discovery and search
- Wireless anonymity attacks
- Exploiting iOS and Android wireless network scanning characteristics
Weak Wireless Attacks
- Wireless network scanning and assessment
- Exploiting weak wireless infrastructure
- Monitoring mobile device network scanning
- Exploiting “Google WiFi” and iPad or iPhone captive portal detection
- Secure network impersonation
Enterprise Wireless Security Attacks
- Exploiting WPA2 Enterprise networks with certificate impersonation
- Manipulating enterprise wireless authentication protocols
- RADIUS server impersonation attacks
SEC575.5: Penetration Testing Mobile Devices, Part 2
Network Manipulation Attacks
- Using man-in-the-middle tools against mobile devices
- Sniffing, modifying, and dropping packets as man-in-the-middle
- Mobile application data injection attacks
Sidejacking Attacks
- Identifying mobile applications vulnerable to sidejacking
- Using sidejacking effectively in a penetration test
- Hands-on exploitation of popular mobile applications
SSL/TLS Attacks
- Exploiting HTTPS transactions with man-in-the-middle attacks
- Core pen test technique: TLS impersonation against iOS Mail.app for password harvesting
- Integrating man-in-the-middle tools with Burp Suite for effective HTTP manipulation attacks
Client-Side Injection Attacks
- Android WebView and JavaScript injection for remote code execution
- Harvesting session cookies through Android browser vulnerabilities with Metasploit
- Using the Spec.js library for mobile browser vulnerability detection and exploit delivery
Web Framework Attacks
- Site impersonation attacks
- Application cross-site scripting exploits
- Remote browser manipulation and control
- Data leakage detection and analysis
- Hands-on attacks: Mobile banking app transaction manipulation
Back-end Application Support Attacks
- Exploiting SQL injection in mobile application frameworks
- Leveraging client-side injection attacks
- Getting end-to-end control of mobile application server resources
- آشنایی با مفاهیم و ساختار معماری اندروید و IOS
- آشنایی با روش های مهندسی معکوس برروی موبایل
- آشنایی با روش های تست نفوذ برروی سیستم عامل های اندروید
- آشنایی با روش های تست نفوذ برروی سیستم عامل های IOS
- کارشناسان امنیت و تست نفوذ و برنامه نویسان موبایل
دانشجویان باید با مفاهیم تست نفوذ، مانند مفاهیم آموزش داده شده در دوره های SANS SEC504 یا SEC560 آشنا باشند.
حجم فایل ها
برای استفاده
قیمت
نقد و بررسیها
هنوز بررسیای ثبت نشده است.