Monthly Archives: February 2014

Professionally Evil Courses: Mobile PenTesting with MobiSec

Secure Ideas is excited to announce that Jason Gillam will be teaching Mobile PenTesting with MobiSec at Charlotte ISSA 10th Annual Infosec Summit.  Kevin Johnson, one of the course authors, may be available on the second day.

In this hands-on, lab driven course students will be taught a methodology and series of techniques used to perform penetration testing of mobile devices and applications.  This course, created by the project leads for the OWASP MobiSec project, uses intense lab driven learning that allows the student to learn techniques, tools and a methodology for testing mobile applications.

Students who are interested in expanding their knowledge of penetration testing, specifically around mobile applications and their infrastructure should attend this class.  The course requires that students bring a laptop with at least 8GB of RAM and VMWare Player or Fusion.

To sign up, go to the Charlotte ISSA Website.

The below is a high level overview of the course.

  • Day 1
  • 2. Introduction
  • 3. Mobile Applications
    • a. Penetration testing
    • b. Methodology
      • i. Mapping
      • ii. Discovery
      • iii. Exploitation
    • c. OWASP MobiSec
    • d. Exercise: Set up and use MobiSec
  • 4. Testing Lab 
    • a. Systems
      • i. Windows
      • ii. Linux
      • iii. Mac
    • b. Device OSs
      • i. Android
      • ii. iOS
      • iii. Windows Phone
    • c. Exercise: Lab Setup
  • 5. Mapping
    • a. Obtaining applications
      • i. Source
      • ii. Compiled and in an app store
    • b. Installing apps onto test devices
      • i. Retrieving applications and supporting files from the device
    • c. Exercise: Manipulating devices and emulators
      • i. Android
      • ii. Windows Phone
      • iii. iOS
    • d. Intercepting traffic
      • i. Emulator methods
      • ii. Device methods
    • e. Tools
      • i. Fiddler
      • ii. Burp
      • iii. Mallory
      • iv. Exercise: Interception
        • 1. Fiddler
        • 2. Mallory
        • 3. Burp
  • 6. Discovery
    • a. Analyzing Application files
      • i. SQLlite databases
      • ii. Backup files
      • iii. Application binaries
      • iv. Exercise: Analyzing application files
    • b. Fuzzing
      • i. Burp Intruder
      • ii. Burp Repeater
      • iii. Fiddler
      • iv. Exercise: Burp Intruder and Repeater
      • v. SQLMap
      • vi. Python scripts
      • vii. WSFuzzer
      • viii. SOAPUI
      • ix. Exercise: WSFuzzer and SOAPUI
  • Day 2
  • 8. Exploitation
    • a. SQL Injection
      • i. Absinthe
      • ii. SQLMap
      • iii. Exercise: SQL Injection
    • b. Cross-Site Scripting
      • i. BeEF
      • ii. Exercise: BeEF
    • c. Other Client-Side attacks
      • i. Client-Side SQL injection
    • d. Session and Wireless attacks
      • i. Wireless MiTM
      • ii. Wireless Probe Spoofing
      • iii. Session Hijacking
      • iv. Logic Attacks
      • v. Exercise: Session Hijacking and Logic Attacks
  • 9. Capture the Flag
    • a. Flag-based challenges
    • b. Android
    • c. Back end infrastructure

Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com, on Twitter @JGillam, or visit the Secure Ideas – ProfessionallyEvil site for services provided.

Are we a Target?

2014 has started out with a bang in terms of publicly disclosed compromised systems.  We entered the year with a slew of privacy events starting with Target’s massive breach, followed by other retailers such as Neiman Marcus and Michael’s and a current investigation with lodging and food services giant White Lodging.  The Syrian Electronic Army (SEA) has… Continue Reading

Announcing Burp Co2!

Announcing Burp Co2!

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool!  Over the past couple of months I have been using my Java skills and “free time” (lol) to build a collection of Burp extensions that have been dubbed “Co2”. Included in this version are a few useful modules.  The… Continue Reading

Granular Privacy Controls

Have you seen glympse.com? It’s a location-sharing site designed to let users share their GPS data with others for a set period of time. The idea is that I can enable the service on my phone for 30 minutes and then send you a link to view my exact location. That way if you’re waiting… Continue Reading