This course prepares you for the Offensive Mobile Security Expert (OMSE) certification exam. This comprehensive course offers an in-depth exploration of both iOS and Android operating systems, focusing on their internals and security features. The iOS segment of the course dives into the architecture of iOS, memory management, application sandboxing, code signing, and advanced mitigations like SPTM, TXM, PAC, PAN, and PPL. Students will also receive a thorough introduction to the ARM64 architecture, including static and dynamic analysis techniques, debugging tools, and disassembly tools. Moving into iOS application security, students will explore topics such as code signing, encryption, secure communication, and the use of Frida for dynamic instrumentation. Advanced topics like hooking, memory manipulation, and instrumenting network communication will also be covered. The course also covers iOS malware analysis, including static, dynamic, and behavioral analysis, along with mitigation and prevention strategies.
 

On the Android side, participants will gain a broad understanding of Android system architecture, including drivers, modules, the Linux kernel, and the Android Binder. Hands-on experience in reverse engineering, exploit development for ARM platforms, memory management, and vulnerabilities will be provided. The course also covers Android's boot, recovery, rooting processes, and permissions, along with security features like DAC, CAP, SECCOMP, and SELinux

​

Recommended for:
Penetration testers, Mobile developers, Anyone keen to learn mobile application security, Anyone who wants to get started in OS exploitation.

Key takeaways:

• Get an understanding of the latest ARM64 instruction set

• Learn the internals of Mobile Kernels along with several Kernel security mitigations

• Learn Device Fingerprinting and Anti-Fraud techniques

• Get a detailed walkthrough on using Ghidra, Hopper etc

• Advanced Dynamic Instrumentation using Frida

• Understand some of the latest bugs and mitigations (PAC, CoreTrust, PPL, etc)

• Get an intro to common bug categories like UaF, Heap overflow, etc

• Understanding how Rooting and Jailbreaks work

• Reverse engineer iOS and Android binaries (Apps and system binaries)

• Learn how to audit iOS and Android apps for security vulnerabilities

• Understand and bypass anti-debugging and obfuscation techniques

• Get a quick walkthrough on using Ghidra, radare2, Hopper, Frida, etc

• Learn how accessibility malwares work, and how to reverse engineer well-known crypto wallet stealers

• Learn how to symbolicate the iOS and Android kernel

• Learn how to extract and decrypt boot images for Android devices

• Become an Offensive Mobile Security Expert (OMSE)

​

What you get after the training:

• An attempt to Offensive Mobile Security Expert (OMSE) certification exam

• Certificate of completion for the Training program

• Source code for vulnerable binaries used during the class

• Source code for Exploit PoCs' that can be used for Bug Bounties

• All Python Scripts used during the course

• Access to Corellium for the duration of the course

• Access to cloud instances for the duration of the course

• Slack access for the class and after for regular mobile security discussions

​