Mob-Sec Penetration Testing

Six Sections to learning iOS and Android penetration testing techniques and methods. Complete left to right and top to bottom for the tailored experience. We generally recommend three or more hours on each section (however, this isn’t a hard and fast rule).

Penetration Testing Training

Get to grips with the fundamentals of what penetration testing actually is via this NCSC article, then follow that up by setting up and playing around with some of these common tools: Burp Suite, WireShark, and Nmap.

Penetration Testing Challenge

Setup Burp Suite on a rooted Android device (use an emulator without Google Play services if you don’t have a physical device) and intercept traffic from the Chrome web browser.

Reverse Engineering Training

Reverse engineering is a key component of iOS and Android penetration testing. Complete the #TODO course Reverse Engineering Fundamentals.

Reverse Engineering Challenge

Build a program in C (It can be as complex or simple as you like), then compile it, and open it up in Ghidra. In the decompilation tab match-up the code to your original C source code.

MobSec Training

Complete the #TODO courses in Android penetration testing and iOS penetration testing.

MobSec Challenge

Run Broken Droid Factory to spin-up a random vulnerable Android application and identify the security issues inside of it. If you have access to an iOS device, do the same for any iOS application of your choosing.