Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Mobile Devices Ethical Hacking
Overview

The objective of the course is to provide an understanding of the fundamental risks of mobility, as well as those involving Wi-Fi and mobility infrastructure. It presents real world use cases on how devices can be compromised using industry attack tools and engages attendees in solution analysis methodology designed to protect against such vulnerabilities. Participants will learn how to significantly mitigate the risk introduced as a result of mobile devices accessing corporate data, while still preserving a seamless and productive user experience. The class involves participants through a combination of focused mobile protection labs and whiteboard sessions detailing potential solution and mitigation options.

More and more, with not only standard everyday mobile phone users but now with businesses increased reliance on these devices, organizations are quickly recognizing that mobile phones and tablets and other portable devices require greater security controls than a rubberized shock protector and complex password.

Audience

Network and system administrators supporting mobile phones and tablets, Pen testers, Ethical hackers, Auditors, Security personnel

Prerequisites

  • Develop effective policies to control employee-owned (Bring Your Own Device, BYOD) and enterprise-owned mobile devices including the enforcement of effective passcode policies and permitted application.
  • Utilize jailbreak tools for Apple iOS and Android systems such as redsn0w, Absinthe
  • Conduct an analysis of iOS and Android filesystem data using SqliteSpy, Plist Editor, and AXMLPrinter to plunder compromised devices and extract sensitive mobile device use information such as the SMS history, browser history, GPS history, and user dictionary keywords
  • Analyze Apple iOS and Android applications with reverse engineering tools including class-dump, JD-GUI, dex-translator, and apktool to identify malware and information leakage threats in mobile applications
  • Conduct an automated security assessment of mobile applications using iAuditor, Cycript, Mobile Substrate, TaintDroid, and DroidBox to identify security flaws in mobile applications
  • Use wireless network analysis tools to identify and exploit wireless networks, crack WEP and WPA/ WPA2 access points, bypass enterprise wireless network authentication requirements, and harvest user credentials
  • Intercept and manipulate mobile device network activity using Burp to manipulate the actions taken by a user in an application and to deliver mobile device exploits to vulnerable devices
Course duration

5 days

Course outline

Section A - Lay of the Land

Module 1 Mobile Problems and Opportunities
  • Challenges and opportunities for secure mobile phone deployments
  • Weaknesses in mobile phones
  • Exploit tools and attacks against mobile phones and tablets
Module 2 Mobile Devices and Infrastructure
  • BlackBerry network and platform architecture
  • iOS security features and weaknesses
  • Managing iOS devices with Microsoft Exchange
  • Google Play Marketplace and third-party application stores
  • Windows Phone architecture and development platforms
Module 3 Mobile Device Security Models
  • Privilege and access models on multiple platforms
  • Device encryption support and threats
  • Emerging changes in platform security from Android and Apple
Module 4 Legal Aspects of Mobile
  • Privacy concerns and threats
  • Mobile phones and data break reporting considerations
  • Proposed legislation affecting mobile devices
Section B Management/Policy

Module 5 Policy Considerations and Development
  • Steps and recommendations for establishing policies
  • Mobile devices and local, cloud and offline data storage
  • Device theft/loss and company culture for reporting effectiveness
Module 6 Wireless Network Infrastructure
  • Designing a wireless LAN system for mobile phones
  • Decision: network isolation or integration for mobile phones
  • Threat of guest/open networks
Module 7 Mobile Device Management System Architecture
  • Vendor options for MDM solutions
  • Limitations for remote device management by mobile phone platform
  • MDM network protocols and architectures
Module 8 Mobile Device Management Selection
  • Critical MDM feature evaluation
  • Deployment model considerations for enterprise networks
  • Picking an MDM solution that fits your needs
Module 9 Back-end Application Support Attacks
  • Exploiting SQL injection in mobile application frameworks
  • Leveraging client side injection attacks
  • Getting end-to-end control of mobile application server resources
Module 10 iScanOnline
  • From Developer of Saint
  • Scanning from the inside out
  • MDM, Bricking, Remote Erase
  • GeoLocation
Module 11 Mitigating Stolen Devices
  • Bypassing iOS and Android passcode locks
  • Decrypting iOS keychain credentials
  • Accessing mobile device backup data
  • Creating a lost device reporting program
  • Leveraging remote device wipe strategies
Module 12 Unlocking, Rooting, Jail Breaking Mobile Devices
  • Goals of unlocking
  • Jail Breaking iOS
  • Unlocking Windows Phone
  • Rooting Android
  • BlackBerry platform restrictions
Section C Storage and Architecture

Module 13 Mobile Application Attacks
  • Exploiting mobile application authentication vulnerabilities
  • Manipulating mobile application network activity
  • Applying web attacks to thin mobile applications
Module 14 Mobile Phone Data Storage and File System Architecture
  • Data stored on mobile devices
  • Mobile device file system structure introduction
  • Data storage mechanisms
  • Backup data analysis
Module 15 File system Application Modeling
  • Data stored on mobile devices
  • Application modeling goals
  • Using Sleuthkit for file system runtime analysis
  • Analyzing file system changes
Section D Identification-Foot Printing

Module 16 Fingerprinting Mobile Devices
  • Passive analysis
  • Active scanning
  • Application inspection
Module 17 Wireless Network Probe Mapping
  • Monitoring network probing activity
  • Visualizing network discovery and search
  • Wireless anonymity attacks
  • Weak Wireless Attacks
Module 18 Wireless Network Scanning and Assessment
  • Exploiting weak wireless infrastructure
  • Monitoring mobile device network scanning
  • Exploiting "attwifi" and iPad or iPhone captive portal detection
  • Secure network impersonation
Section E Communication

Module 19 Network Activity Monitoring
  • Mobile application network capture and data extraction
  • Transparent network Proxying
  • Encrypted data capture manipulation
Module 20 Mobile Code and Application Analysis
  • Reverse engineering iOS binaries in Objective-C
  • Reverse engineering Android binaries in Java
  • Reverse engineering Android malware
Module 21 Network Manipulation Attacks
  • Leveraging man-in-the-middle tools against mobile devices
  • SSL certificate manipulation and bypass attacks
  • Effective SSL penetration testing techniques
Module 22 Automated Application Analysis Systems
  • Runtime iOS application manipulation with Cycript
  • iOS application vulnerability analysis with iAuditor
  • Android application vulnerability analysis with DroidBox
Module 23 Enterprise Wireless Security Attacks
  • Certificate impersonation and mobile devices
  • Manipulating enterprise wireless authentication
  • RADIUS server impersonation attacks
Module 24 Web Framework Attacks
  • Site impersonation attacks
  • Application cross-site scripting exploit
  • Remote browser manipulation and control
  • Data leakage detection and analysis
Module 25 Approving or Disapproving Applications within Your Organization
  • Policies regarding data access
  • Risk evaluation
  • On-going monitoring analysis requirements
  • MDM management and application blacklisting


Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved