Advanced Android and iOS Hands-on Exploitation

2-day training – May 18-19, 2016

Advanced Android and iOS Hands-on Exploitation is a unique training which covers security and exploitation of the two most dominant mobile platforms – Android and iOS. This is a two day action packed class, full of hands-on challenges and CTF labs.

The entire class will be run on a Mobile pentesting VM which has been modified exclusively for the class and includes a huge variety of vulnerable applications and challenges. The training will take the attendees from the ground level upwards to be able to audit any real world applications on the platforms.

Some of the topics that will be covered include:

Advanced Auditing of Android and iOS Applications,
Reverse Engineering, Bypassing Obfuscations,
Automating security analysis,
Exploiting and patching apps,
API Hooking,
and a lot more.

The 2-day class is designed in a CTF approach where each of the module is followed by a complete hands-on lab, giving the attendees a chance to apply the knowledge and skills learnt during the class in real life scenario. Students will also be provided with the PDF copy of the book “Learning Pentesting for Android Devices”, reference materials and handouts to be used during and after the training class and additional materials.

Your Instructor:

Aditya Gupta (@adi1391) is the founder and trainer of Attify, a mobile security firm, and leading mobile security expert and evangelist. Apart from being the lead developer and co-creator of Android framework for exploitation, he has done a lot of in-depth research on the security of mobile devices, including Android, iOS, and Blackberry, as well as BYOD Enterprise Security.

He is also the author of the popular Android security book “Learning Pentesting for Android” selling over 10000+ copies, since the time of launch in March 2014. He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe, Skype, and many more.

In his previous work at, his main responsibilities were to look after web application security and lead security automation. He also developed several internal security tools for the organization to handle the security issues.

He has also previously spoken and trained at numerous international security conferences including BlackHat, Syscan, OWASP AppSec, Toorcon, Clubhack, Nullcon etc, along with many other corporate trainings on Mobile Security.