Ruxcon Training



Dominic Chell

October 20 - 21, Melbourne, Australia



ENDS July 31



ENDS August 31



STARTS September 01

Prices do not include GST


MDSec¹s Mobile Application Hacker¹s Handbook course is delivered by the lead author of the book. It features all new material and hands-on hacking examples, covering chapters 1-9 of MAHH. Over the 2 days, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.

The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.

After a short introduction in to the subject, we delve in to the following core modules:

  • Introduction to Mobile Application Security Assessment (Chapter 1)
  • Analysing iOS applications (Chapter 2)
  • How to attack iOS applications (Chapters 3-4)
  • Securing iOS applications (Chapter 5)
  • Understanding Android applications (Chapter 6)
  • Exploiting Android applications (Chapter 7-8)
  • Securing Android applications (Chapter 9)


Day 1:

The course begins with a brief introduction to mobile application security and the OWASP mobile top ten, following chapter 1 of the book. When delegates are comfortable with general mobile application security practices, we delve in to the security of the iOS platform, including an overview of the platform security features, jailbreaking and approaches to app security assessment. The following modules then review chapters 2, 3 and 4 of the book where common insecurities are covered, including but not limited too:

  • Reverse engineering and patching binaries,
  • Insecure file storage,
  • Keychain attacks,
  • Insecure transport security,
  • Instrumenting the iOS runtime,
  • Injection attacks,
  • How to exploit IPC handlers,
  • How to defeat security controls like jailbreak detection.

Day 2:

Day two of the course picks up at chapter 6, discussing the various attack surfaces for the Android platform and how to approach an app assessment. We then walk through the details the techniques that from chapter 7 and 8 that can be used to attack Android applications, including the following topics:

  • Reverse engineering and decompiling Android apps,
  • Insecure file storage,
  • Insecure transport security,
  • Instrumentation of the Dalvik runtime with Frida and Substrate,
  • Exploitation of insecure IPC endpoints,
  • Tap jacking.