Our Blog

Mobile Application Bootcamp – Journeyman Level – Black Hat Vegas 2015

Reading time ~2 min

Mobile Course, O RLY?

The mobile app market, and app usage, grew 76% in 2014 [1].

From shopping, utilities, productivity and health apps. Flurry, the mobile app analytics firm responsible for the survey, tracked 2.079 trillion app sessions, with a daily session record taking place on December 31st with 8.5 billion sessions as people celebrated New Year’s Eve. We are placing more information online via mobile apps than ever before, but, what does it mean in terms of security?

How secure are the apps we install and use on our mobile devices? What do they do with the data? How am I being tracked and who else is learning from my browsing habits.

Our 2015 mobile training course at Blackhat USA, aims to teach you the basics about how to answer the above questions by performing mobile application assessments on the most common platforms.

We want to show you, in the two days of training, by giving you access to Android and iOS practicals that we’ve been busy building to give you some real insight inspired from real case scenarios.

Bear in mind the methodology we will teach you is generic to any kind of platform and this training will introduce you all the core skills required to test applications across the major mobile platforms:

– Android
– iOS
– BlackBerry
– Windows Phone

The training follows our tried and tested approach at SensePost to training: our trainers are those who’ve broken mobile applications for hundreds of clients and our practicals make use of real examples. There’s no theoretical approaches here, it’s hands on practical exploitation. An added bonus is the numerous war stories about our journey into spyware, malware and this one time we managed to track an Estonian command and control (C&C) owner with terrible OPSEC.

To conclude, we will also cover the new emerging technologies like Cordova, Phonegap and hybrid applications to give you some overview of what’s going on out there.

Who should attend?

The course is relevant for attackers, defenders, developers and those keen on understanding how and what your favorite app is doing on your phone (we’ve also got a discount for our Estonian C&C friend)

Students should have some technical ability in Linux, and understand networking fundamentals, but this is a Journeyman level course. This means that basic programming knowledge is recommended but not essential. Bonus points for those who know some Python.

Your trainers will be Etienne (@_staaldraad) and Paul (@PaulWebSec), both crazy about mobile security and have had quite a lot of fun with mobile platforms lately.

So what are you waiting? Sign up!

[1] http://www.flurry.com/blog/flurry-insights/shopping-productivity-and-messaging-give-mobile-another-stunning-growth-year