Mobile Offensive Security Pocket Guide: A Quick Reference Guide For Android And iOS
1/5
()
About this ebook
In order to protect and defend mobile application and device deployments, you need to be able to effectively evaluate the security of mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test. And if you work with Android or iOS devices as part of your day-to-day work, this popular pocket guid
James Stevenson
James Stevenson has been working in the programming and computer security industry for over 5 years, and for most of that has been working as an Android software engineer and vulnerability researcher. Prior to this, James graduated with a BSc in computer security in 2017. At the time of writing, James is a full-time security researcher, part-time PhD student, and occasional conference speaker. Outside of Android internals, James' research has also focused on offender profiling and cybercrime detection capabilities. For more information and contact details, visit https://JamesStevenson.me.
Related to Mobile Offensive Security Pocket Guide
Related ebooks
Penetration Testing with Kali Linux: Learn Hands-on Penetration Testing Using a Process-Driven Framework (English Edition) Rating: 0 out of 5 stars0 ratingsAutomated Security Analysis of Android and iOS Applications with Mobile Security Framework Rating: 1 out of 5 stars1/5Mobile Malware Attacks and Defense Rating: 5 out of 5 stars5/5Android Application Security Essentials Rating: 0 out of 5 stars0 ratingsMobile Malware Infringement and Detection Rating: 0 out of 5 stars0 ratingsMeeting People via WiFi and Bluetooth Rating: 0 out of 5 stars0 ratingsLearning iOS Penetration Testing Rating: 0 out of 5 stars0 ratingsLearning Pentesting for Android Devices Rating: 5 out of 5 stars5/5Penetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Understanding Network Hacks: Attack and Defense with Python Rating: 0 out of 5 stars0 ratingsAdvanced Penetration Testing with Kali Linux: Unlocking industry-oriented VAPT tactics (English Edition) Rating: 0 out of 5 stars0 ratingsMalware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware Rating: 0 out of 5 stars0 ratingsPython for Cybersecurity Cookbook: 80+ practical recipes for detecting, defending, and responding to Cyber threats (English Edition) Rating: 0 out of 5 stars0 ratingsBeginning Backbone.js Rating: 3 out of 5 stars3/5iOS Hacker's Handbook Rating: 0 out of 5 stars0 ratingsCoding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Burp Suite Essentials Rating: 4 out of 5 stars4/5Inside Radio: An Attack and Defense Guide Rating: 0 out of 5 stars0 ratingsProfessional Android Rating: 0 out of 5 stars0 ratingsLearning Android Forensics Rating: 4 out of 5 stars4/5Flash Development for Android Cookbook Rating: 3 out of 5 stars3/5Apple Secure Enclave Processor Rating: 0 out of 5 stars0 ratingsAndroid Security Cookbook Rating: 0 out of 5 stars0 ratingsProgramming 5-Book Collection Rating: 1 out of 5 stars1/5Linux Security Fundamentals Rating: 0 out of 5 stars0 ratingsHack Proofing Linux: A Guide to Open Source Security Rating: 0 out of 5 stars0 ratingsPractical Malware Prevention Rating: 0 out of 5 stars0 ratings
Security For You
Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratings
Reviews for Mobile Offensive Security Pocket Guide
1 rating0 reviews
Book preview
Mobile Offensive Security Pocket Guide - James Stevenson
MOBILE OFFENSIVE SECURITY POCKET GUIDE -
A QUICK REFERENCE GUIDE FOR ANDROID AND IOS
James Stevenson
UK
ISBN-13 (pbk): 978-1-3999-2195-4
ISBN-13 (electronic): 978-1-3999-2196-1
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.
Author: James Stevenson | www.jamesstevenson.me
Editor: Nic Carter | www.fiverr.com/thisisstrange
Formatting: Formatted Books | www.formattedbooks.com
For information on translations, reprint, paperback, or audio rights, please communicate with the author directly, at www.jamesstevenson.me.
CONTENTS
About the Author
Chapter 1: Introduction
Chapter 2: Reverse Engineering Fundamentals
Chapter 3: Mobile Application Reverse Engineering
Chapter 4: Dynamic Instrumentation of Mobile Applications with Frida
Chapter 5: Operating System Internals
Chapter 6: Baseband
Chapter 7: Putting It To The Test
Chapter 8: Closing Thoughts
Table of Figures
Index
ABOUT THE AUTHOR
James Stevenson has been working in the programming and computer security industry for over 5 years. Most of that has been working as an Android software engineer and vulnerability researcher. Before this, James graduated with a BSc in computer security in 2017. James has previously published the book Android Software Internals Quick Reference, with Apress publishing in 2021.
At the time of writing, James is a full-time security researcher, part-time Ph.D. student, and occasional conference speaker. Outside of Android internals, James’ research has also focused on offender profiling and cybercrime detection capabilities.
For more information and contact details, visit https://JamesStevenson.me.
CHAPTER ONE
INTRODUCTION
Mobile Offensive Security comes in many flavors—from application security and operating system internals to the vulnerability research of the baseband and other processors. This book attempts to summarize all of these unique areas of mobile offensive security into a handy and easy-to-use pocket guide.
While this pocket guide is not exhaustive in all things mobile offensive security, it sets the groundwork for how and where you can go to further your knowledge in specific areas.
Towards the end of this book, you will also find a series of challenges that summarize the key areas of many of the book’s chapters if you are looking to put your knowledge to the test.
What This Book Is
An introduction to the concepts of Reverse Engineering, Mobile Offensive Security, and other Mobile Security systems such as Baseband.
An easy-to-digest pocket guide detailing fundamental knowledge, principles, and methods related to mobile offensive security.
A reference guide for reverse engineering principles and approaches.
A guide for offensive security engagements, including Frida and dynamic instrumentation references.
An introduction to baseband and a methodology to follow when it comes to reverse engineering baseband implementations.
A summary guide for iOS and Android architectures and security assessment methodologies.
A collection of challenges, useful for putting the knowledge to the test.
What This Book Is Not
A list of zero-days or exploits for mobile devices or modern baseband implementations.
A completely exhaustive list of exploits, approaches, or techniques—this is a pocket guide.
Tools Used Throughout The Book
IDA Pro – https://hex-rays.com/ida-pro/
Ghidra – https://ghidra-sre.org/
GDB – https://www.gnu.org/software/gdb/
Jadx – https://github.com/skylot/jadx
APK Tool – https://ibotpeaches.github.io/Apktool/
Frida – https://frida.re/
Frida iOS Dump – https://github.com/AloneMonkey/frida-ios-dump
FriDump – https://github.com/Nightbringer21/fridump
Objection – https://github.com/sensepost/objection
Android Debug Bridge (ADB) – https://developer.android.com/studio/command-line/adb
dex2jar – https://sourceforge.net/projects/dex2jar/
JD GUI – http://java-decompiler.github.io/
AFL++ – https://github.com/AFLplusplus/AFLplusplus
Checkra1n – https://checkra.in/
Quark – https://github.com/quark-engine/quark-engine
Drozer – https://labs.f-secure.com/tools/drozer/
CHAPTER TWO
REVERSE ENGINEERING FUNDAMENTALS
The first chapter of this book goes through fundamental reverse engineering principles and techniques used throughout this book. For the purpose of this book, we will be using the Merriam Webster definition of reverse engineering in the context of product and application security, this being:
To disassemble and examine or analyse