Offensive Mobile Reversing And Exploitation

Dinesh Shetty, Prateek Gianchandani | 8kSec

Dates

September 28 – October 1, 2026

9:00 – 18:00

FULL PRICE

€ 4.000,00

EARLY BIRD PRICE

€ 3.600,00

Course objectives

This comprehensive fast paced 4-day training delivers an in-depth exploration of iOS and Android application security, OS internals, and the application of AI in mobile pentesting. The iOS segment dives into the core architecture of the latest iOS 26, covering memory management, application sandboxing, and code signing. We will analyze advanced mitigations like SPTM, TXM, PAC, PAN, PPL, and the new MTE features. Participants will gain a thorough introduction to the ARM64 architecture, complete with static and dynamic analysis techniques, debuggers, and disassembly tools.

Transitioning to application security, we explore code signing, encryption, secure communication, and dynamic instrumentation with Frida. Advanced labs will cover hooking, memory manipulation, and network instrumentation. The course also features a dedicated module on iOS malware analysis, teaching static, dynamic, and behavioral analysis with now incorporating AI driven techniques for reversing along with robust mitigation and prevention strategies.

On the Android side, participants will gain a broad understanding of the Android system architecture, including IPC mechanisms like Binder, and security features such as DAC, CAP, RKP, and SELinux. Hands-on labs provide deep experience in reverse engineering, exploit development for ARM platforms, memory management, and vulnerability analysis. Expect to see new up to date Malwares from out in the wild.

Practical labs will guide students through extracting and decrypting boot images, symbolicating the Android kernel, and porting exploits. The course includes techniques on exploiting Android applications and IPC components. We explore advanced Frida techniques like custom tracing, profiling, memory inspection and the use of AI and MCP servers in modern reversing and forensic analysis. Through case studies of prominent malware and custom designed samples, participants will master advanced forensics and identify application security vulnerabilities within core Android components.

By the end of this course, students will possess the advanced skills to reverse engineer, design, develop, and secure iOS and Android applications, equipped with a deep understanding of the latest security measures in both the userland and the kernel. Slides, and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course.

Training outcomes

By the end of the course, students will have the skills needed to reverse engineer, design, develop, and secure iOS and Android applications effectively, as well as have a good understanding of all the security measures implemented in Android/iOS Userland and Kernel.

Attendees will:

Get an understanding of the latest ARM64 instruction set
Learn the internals of Mobile Kernels along with several Kernel security mitigations
Using AI and MCP servers to reverse engineer Mobile applications and systems
Learn Device Fingerprinting and Anti-Fraud techniques
Get a detailed walkthrough on using Ghidra, Hopper etc
Advanced Dynamic Instrumentation using Frida
Understand some of the latest bugs and mitigations (MTE, PAC, CoreTrust, PPL, etc)
Get an intro to common bug categories like UaF, Heap overflow, etc
Understanding how Rooting and Jailbreaks work
Reverse engineer iOS and Android binaries (Apps and system binaries)
Learn how to audit iOS and Android apps for security vulnerabilities
Understand and bypass anti-debugging and obfuscation techniques
Get a quick walkthrough on using Ghidra, radare2, Hopper, Frida, etc
Learn how accessibility malwares work, and how to reverse engineer well-known crypto wallet stealers
Get hands-on experience with modern powerful Android and iOS malwares
Learn how to symbolicate the iOS and Android kernel
Learn how to extract and decrypt boot images for Android devices

About the trainer

Prateek is currently working as the Head of Product & Application Security. He has more than 10 years of experience in security research and penetration testing. His core focus area is mobile exploitation, reverse engineering and embedded device security. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, POC, TyphoonCon, Blackhat USA, Brucon, Hack in Paris, Phdays, Appsec USA etc. In his free time, he blogs at https://highaltitudehacks.com/.

Dinesh currently leads the Mobile Security Testing Center of Excellence. His core area of expertise is Mobile and Embedded application pentesting and exploitation. He has previously spoken at conferences like Black Hat, Bsides, POC, Def Con, BruCon, AppsecUSA, AppsecEU, HackFest and many more. He maintains multiple open-source intentionally vulnerable Android applications for use by developers and security enthusiasts. He has also authored the guide to Mitigating Risk in IoT systems that covers techniques on security IoT devices and Hacking iOS Applications that covers the known techniques of exploiting iOS applications. Visit http://8ksec.io/blog for technical articles and content by 8kSec Research Team.

Required skills

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pentesting fundamentals.
Basic working knowledge of iOS and Android platforms.
Basic Linux skills and command-line proficiency.
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar).
Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required.

What to bring?

Laptop: 8+ GB RAM and 40 GB hard disk space.

Permissions: Administrative access on the system. Students will be provided with access to Corellium for iOS and Android hands-on labs and do not need to carry physical mobile devices. A MacBook though helpful, is not mandatory for the class.

What will be provided?

Trainees will receive:

Huge list of good reads and articles for learning mobile application security
Source code for vulnerable applications
Source code for Exploit PoC’s that can be used for Bug Bounties
Students will be provided with access to Corellium for iOS hands-on for the duration of the course
Slack access for the class and after for regular mobile security discussions
Detailed Course Setup instructions will be sent a few weeks prior to the class

CLASS SYLLABUS¹

Rather than focusing only on theory, the training emphasizes learning by doing. Key concepts are introduced and reinforced through hands-on lab work, allowing participants to gain practical experience throughout the course.

The course runs for four days and covers the following:

Module 1: Introduction to Reverse Engineering in iOS and Android

Key Concepts and Terminologies
Introduction to Hopper/Ghidra
Introduction to the ARM64 instruction set
ARM64 security mitigations and calling convention
Introduction to Objective-C and Swift
Reversing Objective-C and Swift Binaries
Disassembling methods
Modifying assembly instructions
Deciphering Mangled Swift Symbols
Identifying Native Code
Understanding the Program flow
Identifying Cross-Platform mobile frameworks
Reversing ARM binaries
Exploiting a simple Heap Overflow
Building a simple ROP chain
Breaking ASLR with Info leaks/Brute force

Module 2: Getting Started with iOS Security

iOS security model
App Signing, Sandboxing, and Provisioning
Primer to iOS 26 security
Xcode Primer
Exploring the iOS filesystem
What’s in a Code Signature?
Entitlements explained
Setting up lldb for Debugging
lldb basic and advanced usage
Setting up the testing environment
Jailbreaking your device
What’s in a Rootless Jailbreak?
Jailbreak Bootstraps
Sideloading apps
Binary protection measures
Decrypting IPA files
Self-signing iOS binaries
Analyzing Proprietary Security Mitigations

Module 3: iOS Kernel Internals

Intro to XNU kernel
The Mach and BSD Layer
Extracting the Kernelcache and Kexts
Analyzing specific kexts: AMFI, CoreTrust, Sandbox
Sandbox Profiles
Symbolicating iOS Kernelcache
Overview of mach_msg2, SAD_FENG_SHUI, PGX
Entitlement validation in the Kernel
Analyzing Kernel Panic files
Walkthrough of SPTM, TXM, PAC, PAN, PPL, and the new MTE features
Patching and Diffing XNU kernel

Module 4: Frida In-Depth

Overview of Frida and its capabilities
Setting up the Frida environment
Frida usage and commands
Frida-trace and handlers
Frida hooking techniques
Frida on Swift applications
Frida on native code
Frida memory manipulation techniques
Analyzing messaging apps using Frida
Invoking custom functions with Frida

Module 5: iOS Application Vulnerabilities

Tracing Crypto operations
Side-channel data leakage
Sensitive information disclosure
Bypassing Jailbreak Detection
Bypassing SSL Pinning
Bypassing Certificate Transparency checks
Exploiting iOS WebViews
Exploiting URL schemes and Universal Links
Client-side injection
Bypassing jailbreak, piracy checks
Inspecting Network traffic
Traffic interception over HTTP, HTTPS
Manipulating network traffic
Exploiting Flutter applications

Module 6: iOS Malware Reversing

Understanding different stages of malware
Device acquisition techniques
Using Custom IOCs
Case Study of public malware
Reversing iOS malware

Module 7: Intro to Android Security

Android Security Architecture
Extracting APK files from Google Play
Understanding Android application structure
Signing Android applications
Understanding Android ADB
Understanding the Android file system
Permission Model Flaws
Attack Surfaces for Android applications

Module 8: Android Components

Understanding Android Components
Introducing Android Emulator
Introducing Android AVD
Setting up Android Pentest Environment

Module 9: Reversing Android Apps

Process of Android Apps Engineering
Reverse Engineering for Android Apps
Smali Learning Labs
Examining Smali files
Dex Analysis and Obfuscation
Reversing Obfuscated Android Applications
Exploiting Android Accessibility Permissions
Reverse Engineering known complex malware in the wild
Patching Android Applications
Android App Hooking

Module 10: Static and Dynamic Analysis

Proxying Android Traffic
Exploiting Local Storage
Exploiting Weak Cryptography
Exploiting Side-Channel Data Leakage
Exploiting Content Provider Path Traversal & Info Leakage
Multiple Manual and Automated Root Detection and Bypass Techniques
Exploiting Weak Authorization Mechanism
Identifying and Exploiting Android Components
Multiple Manual and Automated SSL Pinning Bypass Techniques
Exploiting Biometric Authentication
In-memory tampering
Exploiting Flutter Applications

Module 11: Frida and Automated Exploitation

Exploiting Crypto using Frida
Basic App Exploitation Techniques using Frida
Dumping Class Information using Frida
Dumping Method Information using Frida
Viewing and Changing Information using Frida
Calling Arbitrary Functions using Frida
Tracing using Frida
Advanced App Exploitation Techniques using Frida
Frida on non-rooted Android

Module 12: Android Kernel

Android Boot Process and Bootloader Interaction
Customizing and Building Android Kernel for Vulnerability Research
Android Rooting Process
Debugging Android Kernel and binaries
Extracting Android Kernel from Boot Image
Symbolicating the Android Kernel
Privilege Escalation on Android
SELinux explained
Overview of Kernel Protections and Bypasses
RKP Explained
Exploiting 2 Android CVEs to Root exploits

Module 13: Reversing and Exploiting Mobile Applications using AI and ML

Reversing ARM and Mobile apps using AI
Setting up exploit based MCP servers
Fast forward your reversing using custom MCP servers
Fast forward your malware research using custom MCP servers

¹ Schedule of lectures on the specified days may be subject to changes