What is a Hack-Lab?

Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills with their fellows.

Topics

The following topic, related tools and technology has been discussed during this Hack-Lab:

  • Mobile Application Training focused on iOS and Android

Wrap-Up

To get a better understanding of current mobile threats and testing approach for mobile applications, an in-depth training was prepared. The following topics were covered and practiced with practical exercises:

  • Overview of platform provided security features (Sandbox, Data Protection / Encryption, Keychain / Keystore, Downgrade Protection)
  • Overview of tools required for a mobile application assessment
  • Application signing and installation options
  • Getting to know basic analysis tasks such as obtaining SSH access
  • Current Jailbreaking / Rooting techniques
  • Static analysis and binary patching
  • Using Disassembler and Debugger
  • Dynamic analysis and runtime application modification (e.g. Method swizzling via Objective C runtime)
  • Transport layer encryption and Man-in-the-Middle setups
  • Writing tweaks and modules using Xposed, Cycript, Cydia Substrate and Frida
  • Bypassing security measures such as jailbreak / root detection and certificate pinning

 

iOS jailbreak detection tweaking in progress