DESCRIPTION

An intrusion test is to assess the security of an IT infrastructure by safely attempting to exploit vulnerabilities that may exist in operating systems, inappropriate configurations, application errors, or end-user behavior. Intrusion testing is an attempt to test the effectiveness of security measures and discover any potential exploit or backdoors that may be present in network devices, computer systems, web applications or smartphone devices; Through which hackers and cybercriminals can gain unauthorized access or malicious activity. In addition, intrusion testing require an advanced skills for detecting, analyzing, bypassing and penetrate protective restrictions of the IT infrastructure in order to notify organizations and mitigate the potential for financial losses generated by malicious activity. By assisting "Intelligent Android Application Penetration Testing" you will be able to:

• Identify and analyze the organization's exposure to cybersecurity threats on android devices
• Improve your core cyber security auditing skills
• Learn the techniques, tools and methods of hacking used by intrusion testers
• Effectively manage time and resources

PREREQUISITES AND TARGETED PUBLIC

• Any person required to perform the security function of the responsible information systems: CISO, Administrator / Engineer Network and Security, Security Auditor, CIO, Security Technician.
• To successfully complete this course, students must have experience in Windows and / or UNIX / LINUX operating systems, as well as networking and TCP / IP knowledge.

EXAMINATION

The exam consists of a LAB containing targets of different configurations and operating systems and a QCM. At the beginning of the examination, the student receives examination and connectivity instructions for a network of isolated exams to which they have no prior knowledge or exposure. The candidate will demonstrate his / her ability to search the network (gathering information), identify all vulnerabilities and successfully execute attacks. This often includes modifying the operating code in order to compromise the systems and gain access and above all look for the flag. Review details:

• Content: The exam consists of 30 questions and one LAB for a duration of 2 hours.
• Mode: QCM and LAB on machine
• Duration: 1 hour for 30 QCM questions and 1 hour for Lab (challenge)
• Documents authorized: Yes
• Supervision of the examination: The examination is supervised by 2 persons: a supervisor of Intelligent Security IT and an external supervisor (ANSI, Security expert, CISO, etc ...).
• Successful completion: 60% of the QCM and Find the Lab flag.
• Result of the examination: The result is announced immediately after the end of the examination (after the 2 Hours).

LANGUAGE OF TRAINING

• Language: French
• Course materials: French

DURATION

3 days from 9am to 6pm

PERIOD

Examination is scheduled at the end of the third day (from 4:00pm to 6:00pm)

TRAINING PROGRAM

• 1. Introduction to "Penetration Testing"
• 2. Android Security Introduction
• 3. Android Architecture (Practice LAB)
• 4. Android Permissions
• 5. Android Applications (Practice LAB)
• 6. Android Application Components (Practice LAB)
• 7. Dex Analysis (Practice LAB)
• 8. Android Debug Bridge (Practice LAB)
• 9. Logging based vulnerabilities (LAB 1)
• 10. Application Reversing (LAB 2)
• 11. Analyzing Android Malwares (LAB 3)
• 12. Traffic Analysis (LAB 4)
• 13. SSL Pinning (LAB 5)
• 14. Drozer Basics (Practice LAB)
• 15. Read Based Content Provider Vulnerability (LAB 6)
• 16. Advanced Drozer
• 17. Drozer Scripting (LAB 7)
• 18. Backup based vulnerabilities (LAB 8)
• 19. Client Side Injection (LAB 9)
• 20. Android Hooking (LAB 10)
• 21. Android Debugging (LAB 11)
• 22. Webview based vulnerabilities
• 23. Exploiting Webviews (LAB 12)