TitleHacking Android & iOS apps with Deep Links and XSS
Audience LevelFrom new to advanced, content should keep all skill levels happy
If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)
“Hacking Android, iOS and IoT apps by Example” is a mobile security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to solve common mobile assessment challenges. In this brief 60-minute workshop we will explain what the course covers and give you a few lab samples covering the following topics in Android and iOS:
- Deep Link attacks achieving user impersonation
- Deep Link attacks to bypass authorization controls
- Deep Link attacks to make phone calls
- XSS attacks and data exfiltration on Android & iOS
Attendants will be provided with training portal access to practice the attack vectors covered, including deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to a training portal, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.
Come and join us for this 60-minute hacking session, we’re sure you’ll leave with a thirst for more!
About The Speaker Note
Abraham ArangurenJob Role/Handle : CEO, Security Trainer, Director of Penetration Testing
Company/Organization : 7ASecurity
Country : Spain
Place of residence : Bromberg (Bydgoszcz), Poland, EU
After 15 years in it sec and 22 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at cure53.de and version1. Creator of “Practical Web Defense” - a hands-on eLearnSecurity attack / defense course elearnsecurity/PWD, OWASP OWTF project leader, an OWASP flagship project owtf.org, Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.
Content for social media /twitter, linkedin/ for promotion