Mobile Device Exploitation Cookbook
Over 40 recipes to master mobile device penetration testing with open source tools
Published on 30. June 2016
Book
Paperback/Softback
230 pages
978-1-78355-872-8 (ISBN)
Description
Over 40 recipes to master mobile device penetration testing with open source tools
Key Features
[*] Learn application exploitation for popular mobile platforms
[*] Improve the current security level for mobile platforms and applications
[*] Discover tricks of the trade with the help of code snippets and screenshots
Book DescriptionMobile attacks are on the rise. We are adapting ourselves to new and improved smartphones, gadgets, and their accessories, and with this network of smart things, come bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks.
Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing. Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats.
This cookbook recipes take you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms and reverse engineering for Android and iOS platforms. Setup and use Android and iOS SDKs and the Pentesting environment. Understand more about basic malware attacks and learn how the malware are coded. Further, perform security testing of Android and iOS applications and audit mobile applications via static and dynamic analysis.
Moving further, you'll get introduced to mobile device forensics. Attack mobile application traffic and overcome SSL, before moving on to penetration testing and exploitation.
The book concludes with the basics of platforms and exploit tricks on BlackBerry and Windows Phone. By the end of the book, you will be able to use variety of exploitation techniques across popular mobile platforms with stress on Android and iOS.
What you will learn
[*]Install and configure Android SDK and ADB
[*]Analyze Android Permission Model using ADB and bypass Android Lock Screen Protection
[*]Set up the iOS Development Environment - Xcode and iOS Simulator
[*]Create a Simple Android app and iOS app and run it in Emulator and Simulator respectively
[*]Set up the Android and iOS Pentesting Environment
[*]Explore mobile malware, reverse engineering, and code your own malware
[*]Audit Android and iOS apps using static and dynamic analysis
[*]Examine iOS App Data storage and Keychain security vulnerabilities
[*]Set up the Wireless Pentesting Lab for Mobile Devices
[*]Configure traffic interception with Android and intercept Traffic using Burp Suite and Wireshark
[*]Attack mobile applications by playing around with traffic and SSL certificates
[*]Set up the Blackberry and Windows Phone Development Environment and Simulator
[*]Setting up the Blackberry and Windows Phone Pentesting Environment
[*]Steal data from Blackberry and Windows phones applications
Who this book is forThis book is intended for mobile security enthusiasts and penetration testers who wish to secure mobile devices to prevent attacks and discover vulnerabilities to protect devices.
Key Features
[*] Learn application exploitation for popular mobile platforms
[*] Improve the current security level for mobile platforms and applications
[*] Discover tricks of the trade with the help of code snippets and screenshots
Book DescriptionMobile attacks are on the rise. We are adapting ourselves to new and improved smartphones, gadgets, and their accessories, and with this network of smart things, come bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks.
Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing. Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats.
This cookbook recipes take you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms and reverse engineering for Android and iOS platforms. Setup and use Android and iOS SDKs and the Pentesting environment. Understand more about basic malware attacks and learn how the malware are coded. Further, perform security testing of Android and iOS applications and audit mobile applications via static and dynamic analysis.
Moving further, you'll get introduced to mobile device forensics. Attack mobile application traffic and overcome SSL, before moving on to penetration testing and exploitation.
The book concludes with the basics of platforms and exploit tricks on BlackBerry and Windows Phone. By the end of the book, you will be able to use variety of exploitation techniques across popular mobile platforms with stress on Android and iOS.
What you will learn
[*]Install and configure Android SDK and ADB
[*]Analyze Android Permission Model using ADB and bypass Android Lock Screen Protection
[*]Set up the iOS Development Environment - Xcode and iOS Simulator
[*]Create a Simple Android app and iOS app and run it in Emulator and Simulator respectively
[*]Set up the Android and iOS Pentesting Environment
[*]Explore mobile malware, reverse engineering, and code your own malware
[*]Audit Android and iOS apps using static and dynamic analysis
[*]Examine iOS App Data storage and Keychain security vulnerabilities
[*]Set up the Wireless Pentesting Lab for Mobile Devices
[*]Configure traffic interception with Android and intercept Traffic using Burp Suite and Wireshark
[*]Attack mobile applications by playing around with traffic and SSL certificates
[*]Set up the Blackberry and Windows Phone Development Environment and Simulator
[*]Setting up the Blackberry and Windows Phone Pentesting Environment
[*]Steal data from Blackberry and Windows phones applications
Who this book is forThis book is intended for mobile security enthusiasts and penetration testers who wish to secure mobile devices to prevent attacks and discover vulnerabilities to protect devices.
More details
Language
English
Place of publication
Birmingham
United Kingdom
Target group
Professional and scholarly
US School Grade: College Graduate Student
Dimensions
Height: 235 mm
Width: 191 mm
Thickness: 13 mm
Weight
438 gr
ISBN-13
978-1-78355-872-8 (9781783558728)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Prashant Verma | Akshay Dixit
Mobile Device Exploitation Cookbook
Over 40 recipes to master mobile device penetration testing with open source tools
E-Book
07/2025
Packt Publishing
from
€33.59
Available for download
Persons
Prashant Verma, Certified Information Systems Security Professional (CISSP) is a Sr. Practice Manager-Security Testing at Paladion Networks. Information security has been his interest and research area for the past 10 years. He has been involved with mobile security since 2008. One of his career achievements has been to establish mobile security as a service at Paladion Networks. He loves to share his knowledge, research, and experience via training, workshops, and guest lectures. He has spoken at premier global security conferences such as OWASP Asia Pacific 2012 in Sydney and RSA Conference Asia Pacific and Japan 2014 in Singapore. He has shared his knowledge via webinars and trainings. He is primary security consultant for leading financial institutions. His banking security experience was translated into his co-authored book Security Testing Handbook for Banking Applications, IT Governance Publishing. He has written articles for Hacki9 and Palizine Magazine. Beyond mobile platforms, he holds expertise in various other areas of InfoSec, such as Security Testing, Security Management and Consulting. He has occasionally, analyzed security incidents and cybercrimes. He has conducted assessments for organizations globally at multiple locations. He is a subject matter expert and his work has earned him a distinguished position with his customers. He can be contacted at verma.prashantkumar@gmail.com. His Twitter handle is @prashantverma21. He occasionally writes on his personal blog at www.prashantverma21.blogspot.in. Akshay Dixit is an information security specialist, consultant, speaker, researcher, and entrepreneur. He has been providing consulting services in information security to various government and business establishments, specializing in mobile and web security. Akshay is an active researcher in the field of mobile security. He has developed various commercial and in-house tools and utilities for the security assessment of mobile devices and applications. His current research involves artificial intelligence and mobile device exploitation. He has been invited to several international conferences to give training, talks and workshops. He has written articles for various blogs and magazines on topics such as mobile security, social engineering, and web exploitation. Akshay co-founded and currently holds the position of Chief Technology Officer at Anzen Technologies, an information security consulting firm specializing in providing end-to-end security services. Anzen Technologies (http://www.anzentech.com) is a one-stop solution for industry-leading services, solutions and products in the cyber security, IT governance, risk management, and compliance space. Anzen's vision is to instill end-to-end security in organizations, aligned to their business requirements, in order to ensure their lasting success.
Content
Table of Contents
Introduction to the Mobile Security
Mobile Malwares based attacks
Auditing Mobile Applications
Attacking Mobile Application Traffic
Working with other Platforms
Introduction to the Mobile Security
Mobile Malwares based attacks
Auditing Mobile Applications
Attacking Mobile Application Traffic
Working with other Platforms