banner
Logo-CO-ISS

CO-APE CyberOps Android Pentest Expert

Duration:One Month

Course Level:Specialization

Modules to be covered:

The Module is designed to give an introduction to the fundamentals of different operating system like Windows, Linux, iOS and Android. For beginners, the course offers a complete knowledge of basic working of smartphones and Linux, principles and the key terms associated with Android. Intend of the module is to build the basics in Android Application penetration testing and development.

Networks are defined as medium for communication between two or multiple systems, i.e. it constitutes a mechanism of information that travels across multiple devices using various mediums.The module will cover in depth knowledge of computer networks and need of networking model and the basic tasks involved in connecting to the network, monitoring the network connection (including connection changes), and giving users control over an app's network usage. It also describes how to parse , consume XML data and connect to the network, choose an HTTP client, and perform network operations outside of the UI thread. Along with various Protocols used at each layer with focus on Networking Layers, Network design and implementation and what devices are used for the data transmission.

Course aims to implement understanding of how virtual machines are separated inside the same physical host and how they communicate with lower hardware levels, working of virtualization technology, rooting the Android Emulator in the device which provides access to many features which are certain files and SQLite databases. Basic working of Emulator and networking in emulator which provides versatile networking capabilities that you can use to set up complex modeling and testing environments for your app. Installing Gsuite to sync their data with Outlook and ARM Packages in the Emulator.

This module is designed to give the insights on the Android app structure which describes the various modules contained within an instant app project in Android Studio 3.0. like features, feature modules and feature APKs. The other part of this module also covers the basic introduction to Java for android apps which is both similar and quite different from other types of Java applications and how to build a simple Android app and create a new interface for the app that takes some user input and opens a second screen in the app.

This module is designed to give insights on Privilege management which allows you to remove admin rights from all users to stop attackers from exploiting privileges and gaining access to your data and Android Permission Manager where you can control which permissions an app can access after the app installs on your device.
Introduction to APK Permission Analysis which is proposed due to the mess of privacy leaks and property damages of users.

The second half of the module explores and describes how to analyse the network traffic data, how to improve an app's networking performance , reduce power consumption and ways you can reverse engineer an API from an Android app and protect the app using Reverse Engineering. Students will also be able to learn how to unzip, edit and zip an android APK.

This section of module will cover introduction to how you get complete access to everything in the operating system, and permissions to do anything to any file any place in the system. This includes things we want to do, like uninstall application forced on us by the people who built them or the people who sells them to us as well as things we don't want to do that can put your Android in an unusable state.

This module will incorporate various sections like introduction to OWASP, SQLite data storage, how to detect poor authentication and authorization by performing binary attacks against the mobile app while it is in offline mode. Students will also learn possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps and ways an attacker can exploit this kind of vulnerability.
Within many sections that this module covers you will also learn about two kinds of SQL-injection vulnerabilities and how it impacts the android OS.

Students will get familiar with an Open Source framework for Automated Mobile Security Assessment, learn about One Click Report Generation and Security Assessment, how to deploy testing framework at your own environment so that you have complete control of the data. Perform Automated Security Assessment for Android Applications, learn about the semi Automatic Dynamic Analyzer for intelligent application logic based (whitebox) security assessments and how an attack vector that often comes up on Android, namely intent spoofing occurs.

This module will cover Android SDK/NDK and related toolchains and analyze exploits on Android and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. Students will also learn the basics of writing buffer overflow exploits, debug and analyze applications on ARM and MIPS architecture and to format string exploits.

attend-icon

Who should attend?

Course is designed to address the needs of:

  • Anyone with Computer engineering background or pursuing BCA/MCA.
  • Ethical Hacking Students.
  • Security Analysts.
  • Law Enforcement Personnels.
  • IT Personnels working in Android Development domain.
  • IT Personnels working in IT-Security domain.

Recommendation:

Course is suitable for those who are looking to get a foothold in information security and join field of Android Application Penetration Testing as a profession or aim to explore new career opportunities. It is the most intensive course offered by Cyberops training which will provide a unique perspective into the intricate world of information and Cyber security. Thus the Course it highly recommended to:

  • Professionals who are looking for prospective career opportunities in cyber security field.
  • This course is most recommended for Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.

Pre-Requisite:

Basic knowledge of programming fundamentals.

Basic knowledge of programming languages such as Java.

Basic security concepts such as : cryptography, reverse engineering, SQL injections and web tools such as Wireshark and OWASP ZAP (or Burp).

gift-img

Course Package includes:

  • Cyberops Welcome Kit
  • Advanced Software Toolkit
  • Challenges of penetration testing.

At the end of the course you will be able to:

This certification course is designed as a complete guide to understand and practice Android Mobile Application hacking efficiently in real time. The course is very well structured which includes vivid explanation of the terminologies , functionality. For deep understanding, we have well equipped labs where we teach students to work on different platforms and help them build basics which includes working on different operating systems (windows, linux), briefing on android smart phones and its versions.

Techniques and methods how to penetrate Android Mobile Applications, how to begin with android app penetration testing, network monitoring on devices, hack vulnerable applications that has been created by our trainers in order to help you practice all the hands-on exercises and finally some automated tools to complete the task. The course contains more than 14 challenges where we will teach you how to crack it.

Discover all the android application security models which play an important role in the design and evaluation of high assurance security systems. It mainly focuses on Virtualization, APK File Structure, networking emulator, ARM packages in emulator, Android Application Development Basics, Privilege Management & Escalation, Analyzing,Root Access in Android.

All the doubts related to this course are thoroughly discussed by our qualified trainers in the discussion session.

certificate-icon

Certification:

The entire program covers basic outline of cyber security as well as methods and techniques of how attacks are performed and possible outcomes of attacks along with the detection and prevention methods for the same.

Thus the practical exam after the course is entitled for certification aiming at how participants use skills, expertise and knowledge gained throughout course to detect possible attacks and methods to penetrate, hence to be specialized for the modules covered candidates are required to clear the set performance criteria for certification.

Requirements:

We use Simulation test method to provide real time challenge which will help participants to use skills , expertise and knowledge acquired during the entire course.
Passing Criteria: 70% and above
Duration of test: 5 hrs

Excellence Award

Participant with highest score in batch will be awarded with Cyberops award of performance Excellency – CAPE Medal and certification of Merit.

Terms & Conditions:

  • No. of attempts :One
  • Verification method for certification: The certificate will incorporate a unique ID for every participant and the same can be used for verification from Our Website.