Speakers (preliminary) - DeepSec IDSC 2025 Europe
Becoming the Godfather of Threat Modeling
In the world of cybersecurity there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy.
Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately you won’t only understand threat modeling—you’ll lead it with confidence.
Join Mike in the family business, hone your expertise and become the Godfather of Threat Modeling. In this game only the wise and the prepared will survive.
My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force.
For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me.
I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
### Overview ###
Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training!
I will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.
To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session.
### Key Learning Objectives ###
After completing this training, you will have learned about:
- REST API hacking
- AngularJS-based application hacking
- DOM-based exploitation
- bypassing Content Security Policy
- server-side request forgery
- browser-dependent exploitation
- DB truncation attack
- NoSQL injection
- type confusion vulnerability
- exploiting race conditions
- path-relative stylesheet import vulnerability
- reflected file download vulnerability
- hacking with wrappers
- subdomain takeover
- remote cookie tampering
- non-standard XSS attacks
- hijacking tokens via PDF
- XML attacks
- deserialization attacks
- HTTP parameter pollution
- bypassing XSS protection
- hacking with polyglot
- clickjacking attack
- window.opener tabnabbing attack
- RCE attacks
- and more…
### What Students Will Receive ###
Students will be handed in a VMware image with a specially prepared testing environment to play with all bugs presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.
### Special Bonus ###
The ticket price includes FREE access to my 6 online courses:
- Start Hacking and Making Money Today at HackerOne
- Keep Hacking and Making Money at HackerOne
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- DOUBLE Your Web Hacking Rewards with Fuzzing (aka Fuzzing with Burp Suite Intruder)
- How Web Hackers Make BIG MONEY: Remote Code Execution
### What Students Say About This Training ###
This training was attended by security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips, government sector and it was very well-received. Recommendations are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions).
### What Students Should Know ###
To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.
### What Students Should Bring ###
Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11.
### Instructor ###
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), SINCON (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
### Instructor ###
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), SINCON (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
eCrime Intelligence
Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors.
Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skillset to outpace adversaries.
Through hands-on exercises, real case studies, and live tooling, participants will learn to track and attribute adversary infrastructure, analyze adversary tradecraft, uncover victimology, and confidently identify key players within organized eCrime operations. Attendees will explore the dark web, develop basic operational personas, collect intelligence from adversary-run forums and marketplaces, and learn how to infiltrate closed communities — all safely and effectively.
This is not theory. This is practical, tactical, and grounded in the reality of modern cyber threat operations. By the end of the training, attendees will walk away with the knowledge and tools needed to investigate, disrupt, and counter eCrime adversaries, all while supporting broader intelligence collection plans and strategic security initiatives within their organizations.
Aaron is a Senior Systems Engineer at Crowdstrike. He is based in Dubai and supports the Crowdstrike business across the Middle East, Turkey, and Africa (META) region. Aaron advocates for the adoption of Cyber Threat Intelligence (CTI) to organisations across the public and private sectors.
Prior to joining industry, Aaron served 12 years of Active Duty in the Singapore Armed Forces as a Military Intelligence Officer. He served in multiple command appointments in classified Intelligence units, and was instrumental in developing the masterplan for the Digital and Intelligence Service (DIS), the digital service branch of the SAF.
Outside of work, Aaron contributes to cybersecurity research and education. He collaborates with the Stanford Gordian Knot Center for National Security Innovation on research covering emerging technologies and cybersecurity. Aaron also serves as an Adjunct Faculty member at the Faculty of Computer Information Science at the Higher Colleges of Technology (HCT) in the UAE, and sits on the CFP Review Board for RootCon.
Scott Jarkoff is the Co-Founder and CEO of Praeryx, where he is shaping a new model for cyber threat intelligence built from the ground up to challenge legacy assumptions and disrupt institutional gatekeeping. Drawing on decades of global intelligence and cyber security leadership, he is building something deliberately different, quietly architecting the future of how CTI is created, consumed, and operationalized. Prior to Praeryx, he led CrowdStrike’s threat intelligence strategy across Asia Pacific and Japan (APJ) and the Middle East (META), serving as a trusted strategic voice to governments and enterprises confronting the world’s most complex and persistent adversaries. His career also spans the U.S. Department of Defense and McAfee, where he has continuously bridged tactical insight with executive strategy. Scott is the creative mastermind behind deviantART, the world’s largest online art community, helping pioneer the creator economy in its earliest form. Known for decoding chaos into clarity in the fog of cyber conflict, he brings a rare mix of credibility, conviction, and execution to an underserved domain.
Factory Under Siege: Red and Blue Team Tactics in Operational Technology
In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.
This workshop offers an interactive cybersecurity experience through a gamified scenario. Participants will be divided into two teams: Red & Blue Team. The game board is a demo factory, where the Red Team's objective is to inflict harm, while the Blue Team's mission is to defend it.
The games starts with an interactive setup phase. The Red Team will choose their tactics and techniques to be able to reach their objectives. The Blue Team will concentrate on understanding their environment and selecting appropriate initial defenses. Following the team introductions, the core of the workshop begins: the game loop, where each team alternates between planning and executing their actions. The Red Team will have different opportunities for their next actions aimed at breaching the Blue Team's defenses. The Blue Team will decide on their countermeasures to thwart the Red Team's efforts. Each round concludes with an evaluation phase, where the effectiveness of the actions taken by both teams is assessed. The workshop wraps up with a recap session, summarizing key learnings and discussing the outcomes of the game.
The workshop's interactive and gamified approach aims to enhance participants' understanding of cybersecurity dynamics with focus of OT environments. Participants will work alongside peers to develop and implement strategies, enhancing their understanding of both offensive and defensive cybersecurity measures. The workshop draws on the extensive experience of seasoned Red and Blue Team specialists to focus on real-world scenarios and case studies. It leverages the deep expertise of Nick and Nicholas, who are OT Blue Team specialists, and Sarah, a Senior Red Teamer with an OT specialization. Their combined knowledge ensures that the workshop addresses current industry challenges in both offensive and defensive OT cybersecurity.
Attendees will acquire a comprehensive understanding of both offensive and defensive cybersecurity strategies, along with enhanced teamwork and communication skills. Additionally, participants will learn to prioritize actions and strategies in emergency situations, gaining knowledge not only about specific tools and techniques but also the strategic approaches fundamental to Red and Blue Team operations in industrial environments.
Sarah is a Senior Consultant at NVISO, with a focus on Red Team Assessments. Complementing her cybersecurity experience, she has developed proficiency in Operational Technology (OT) assessments and continues to specialize further in this area.
She possesses a Master's degree in Applied IT Security, which has been enriched by her diverse experiences in cybersecurity roles across various companies.
In addition to her professional work, Sarah is dedicated to contributing to the community by leading workshops and delivering presentations at industry conferences.
Hacking IoT Hardware: The Frugal Way
Module 1
Introduction to IoT
1.1 Briefing of IIoT and Usage
• About us
• Course Overview
• Fundamentals of IoT Security
• Overview of Industrial Internet of Things (IIoT)
• Applications in various industries (manufacturing, healthcare, transportation)
• Benefits and challenges of IIoT adoption
1.2 Architecture
• Typical IoT architecture: sensors, connectivity, data processing, user interface
• Key components: devices, gateways, cloud services, and end-user applications
1.3 Framework/Platforms
• Common IoT platforms and frameworks (AWS IoT, Google Cloud IoT, Microsoft Azure IoT)
• Comparative analysis of features and use cases
1.4 Attack Surfaces
• Identifying potential vulnerabilities in IoT ecosystems
• Examples of common attack vectors (device vulnerabilities, network vulnerabilities, application vulnerabilities)
• Fcc.io information
• Tools of trade
• How to do visual analysis
• How to recon hardware
1.5 OWASP IoT Top 10 Vulnerabilities
• Detailed explanation of the OWASP IoT Top 10 vulnerabilities
• Real-world examples and case studies for each vulnerability
Module 2
MQTT
2.1 Introduction
• Overview of MQTT (Message Queuing Telemetry Transport)
• Use cases and importance in IoT communication
2.2 Protocol Details
• MQTT architecture and communication model
• Key components: clients, brokers, topics, and messages
2.3 Recon and Enumeration of Topics
• Techniques for discovering MQTT topics
• Tools and methodologies for topic enumeration
2.4 DOS Attack
• Understanding Denial of Service attacks on MQTT
• Methods and tools for conducting DOS attacks
2.5 Sensor based attack
• hacking with sensors and physics
• some cases
Module 3
Zigbee (802.15.4)
4.1 Introduction and Protocol Overview
• Overview of Zigbee protocol and its importance in IoT
• Zigbee network architecture and key components
4.2 Reconnaissance
• Techniques for discovering Zigbee networks and devices
• Tools and methodologies for network reconnaissance
4.3 Sniffing and Eavesdropping
• Methods for capturing Zigbee communication
• Tools for sniffing and analyzing Zigbee traffic
4.4 Replay Attacks
• Understanding replay attacks on Zigbee networks
• Methods and tools for conducting replay attacks
4.5 Packet Forging Attack
• Techniques for creating and injecting malicious Zigbee packets
• Tools and methodologies for packet forging
4.6 Jamming Attacks
• Understanding jamming attacks on Zigbee networks
• Methods and tools for conducting jamming attacks
4.7 Dissociation Attacks
• Techniques for disconnecting devices from Zigbee networks
• Tools and methodologies for dissociation attacks
Module 4
Bluetooth Low Energy (BLE)
5.1 Introduction and Protocol Overview
• Overview of BLE and its importance in IoT
• BLE architecture and key components
5.2 Reconnaissance (Active and Passive) with HCI Tools
• Techniques for discovering BLE devices
• Tools and methodologies for active and passive reconnaissance
5.3 GATT Service Enumeration
• Understanding the Generic Attribute (GATT) profile
• Techniques for enumerating GATT services and characteristics
5.4 Sniffing GATT Protocol Communication
• Methods for capturing BLE GATT communication
• Tools for sniffing and analyzing GATT traffic
5.5 Reversing GATT Protocol Communication
• Techniques for reverse engineering GATT communication
• Tools and methodologies for reversing GATT protocols
5.6 Read and Writing on GATT Protocol
• Understanding read and write operations in GATT
• Methods and tools for performing read and write attacks
5.7 Cracking Encryption
• Techniques for breaking BLE encryption
• Tools and methodologies for cracking BLE encryption
Module 5
LoRa
6.1 Introduction and Protocol Overview
• Overview of LoRa (Long Range) protocol and its importance in IoT
• LoRa network architecture and key components
6.2 Reconnaissance
• Techniques for discovering LoRa networks and devices
• Tools and methodologies for network reconnaissance
6.3 Sniffing of Over-the-Air Communication
• Methods for capturing LoRa communication
• Tools for sniffing and analyzing LoRa traffic
6.4 Reverse Engineering of Protocol
• Techniques for reverse engineering LoRa protocols
• Tools and methodologies for protocol analysis
6.5 Replay Attack
• Understanding replay attacks on LoRa networks
• Methods and tools for conducting replay attacks
6.6 Packet Forging Attack
• Techniques for creating and injecting malicious LoRa packets
• Tools and methodologies for packet forging
Module 6
Module 7
Sub-GHz RF
10.1 Introduction
• Overview of Sub-GHz RF technology and its importance in IoT
• Sub-GHz RF architecture and key components
10.2 Reconnaissance
• Techniques for discovering Sub-GHz RF networks and devices
• Tools and methodologies for network reconnaissance
10.3 Overview of Various Shift Keying
• Understanding different types of shift keying (FSK, ASK, PSK)
• Applications and vulnerabilities of each type
10.4 Reversing of RF
• Techniques for reverse engineering RF protocols
• Tools and methodologies for protocol analysis
10.5 Crafting RF Signals
• Techniques for creating and injecting malicious RF signals
• Tools and methodologies for signal crafting
Module 8
Hardware
11.1 Basics of Electronics
• Introduction to basic electronic concepts and components
• Understanding voltage, current, resistance, and power
11.2 Understanding Electronic Components
• Overview of common electronic components (resistors, capacitors, diodes, transistors)
• Identifying and using electronic components in IoT devices
11.3 PCB Reverse Engineering and Component Identification
• Techniques for reverse engineering printed circuit boards (PCBs)
• Tools and methodologies for identifying components on PCBs
Module 9
I2C
12.1 Introduction
• Overview of I2C (Inter-Integrated Circuit) protocol
• Importance of I2C in IoT communication
12.2 I2C Protocol
• Understanding I2C communication model and key components
• Data transfer methods and addressing
12.3 Interfacing with I2C
• Techniques for interfacing with I2C devices
• Tools and methodologies for I2C communication
12.4 Manipulating Data via I2C
• Techniques for manipulating data on I2C bus
• Tools and methodologies for data manipulation
12.5 Sniffing Run-Time I2C Communication
• Methods for capturing I2C communication
• Tools for sniffing and analyzing I2C traffic
Module 10
SPI
13.1 Introduction
• Overview of SPI (Serial Peripheral Interface) protocol
• Importance of SPI in IoT communication
13.2 SPI Protocol
• Understanding SPI communication model and key components
• Data transfer methods and addressing
13.3 Interfacing with SPI
• Techniques for interfacing with SPI devices
• Tools and methodologies for SPI communication
13.4 Manipulating Data via SPI
• Techniques for manipulating data on SPI bus
• Tools and methodologies for data manipulation
13.5 Sniffing Run-Time SPI Communication
• Methods for capturing SPI communication
• Tools for sniffing and analyzing SPI traffic
Module 11
UART
14.1 Introduction
• Overview of UART (Universal Asynchronous Receiver/Transmitter) protocol
• Importance of UART in IoT communication
14.2 Identifying UART
• Techniques for identifying UART interfaces
• Tools and methodologies for UART identification (automated and manual)
14.3 Debugging Over UART
• Methods for debugging IoT devices via UART
• Tools and methodologies for UART debugging
Module 12
JTAG/SWD
15.1 Introduction
• Overview of JTAG (Joint Test Action Group) and SWD (Serial Wire Debug) protocols
• Importance of JTAG/SWD in IoT communication and debugging
15.2 Identifying JTAG/SWD
• Techniques for identifying JTAG/SWD interfaces
• Tools and methodologies for JTAG/SWD identification (automated and manual)
15.3 Debugging Over JTAG/SWD
• Methods for debugging IoT devices via JTAG/SWD
• Tools and methodologies for JTAG/SWD debugging
15.4 Dumping Data and Manipulating Memory Address and Data
• Techniques for data extraction and memory manipulation via JTAG/SWD
• Tools and methodologies for memory analysis and modification
Module 13
Introduction of Automotive Industry
The automotive industry encompasses the design, development, manufacturing, marketing, and sale of motor vehicles. It is a complex ecosystem involving various stakeholders, including automakers, suppliers, dealerships, and aftermarket service providers.
Module 14
Vehicle External Communications
The Electrical/Electronic (EE) architecture of vehicles refers to the network of electronic control units (ECUs), sensors, actuators, and communication buses that control and monitor vehicle functions. It includes high-speed CAN (Controller Area Network), LIN (Local Interconnect Network), Ethernet, and FlexRay buses.
OBD2 (On-Board Diagnostics)
OBD2 is a standard protocol used for diagnostics and reporting of vehicle emissions and performance. It provides access to real-time data from ECUs, enabling vehicle maintenance and troubleshooting.
Hrishikesh Somchatwar as Security Researcher is a Storyteller, Electronics Hacker, and Bestselling Author based in France.
🔗 Connect With Me:
Email: hrishikeshsom@gmail.com
LinkedIn: linkedin.com/in/hrishikesh-somchatwar/
📖 Publications:
"Exploitation of Embedded Systems" – Presented at Car Hacking Village
"Hacking with Physics" – Showcased at HackFest Canada 2021
"Car Hacking Village" – Authored publication
Speaker & Trainer:
I've had the privilege of speaking and providing training at esteemed cybersecurity conferences, including:
DeepSec Austria
SCSA Georgia
SecurityFest Sweden
Defcamp Romania (2019, 2023)
Bsides Ahmedabad
Bsides Delhi
c0c0n
HackFest Canada
Key Topics:
Automotive Cybersecurity
Hardware Security
IoT Security
Car hacking techniques
Tools for embedded system exploitation
📚 Author:
As the bestselling author of "Hacking the Physical World", my book topped Amazon charts in the USA and India.
🎧 Podcast:
Check out "The Storytelling Hacker", where I blend storytelling with electronics hacking. Available on:
Spotify
Apple Podcasts
Google Podcasts
💼 Professional Journey:
Valeo: Worked on cutting-edge automotive cybersecurity solutions and advanced hardware technologies.
Security Researcher: Contributed to NDA-protected projects at a confidential company in Maharashtra, India.
Hardware Security Intern: Played a pivotal role in a cybersecurity startup, conducting security testing on:
Cars
IoT devices
PLCs
SCADA systems
Arun Mane as Founder and CEO of Amynasec Labs is a Trailblazer in Security, Innovation, and Education, a visionary leader and luminary in the field of cybersecurity, wears many hats. He is not only the Founder and CEO of Amynasec Labs, but also the co-Founder and CEO of UnoAcademy, a distinguished training provider. With a resolute focus on Vehicle/IoT/ICS/IoMT security, Arun is also a recognized Hardware, IoT, and ICS Security Researcher, shaping the future of digital protection.Arun's passions encompass a spectrum of technological domains. He delves into Hardware Security, SCADA systems, Automotive Security, Fault Injection, RF protocols, and the intricacies of Firmware Reverse Engineering. His inquisitive mind thrives on unraveling complex systems and identifying vulnerabilities that safeguard the digital landscape. Arun's expertise extends to performing Security Audits aligned with ISO 62443, ISO 21434, NIST frameworks, catering to both government and private clients. His insights have proven invaluable in fortifying digital infrastructures against ever-evolving threats. His prominence shines brightly on the international stage. Arun has delivered captivating talks at an array of prestigious conferences, leaving a lasting impact on audiences worldwide. Noteworthy appearances include nullcon in Goa from 2016 to 2018, GNUnify 2017, Defcamp in Romania from 2017 to 2019,2023, Hacktivity in Budapest 2019,2023, Rootcon 2020 in the Philippines, BsidesDelhi 2017, c0c0n x in 2017 and 2019, BSides Ahmedabad 2021, EFY 2018, x33fcon from 2018 to 2021, BlackHat USA 2018, Defcon USA 2018, OWASP Seasides 2019 in Goa, and HITB Red Team Village 2020,Phuket 2023. These platforms serve as a testament to his remarkable insights and thought leadership in the cybersecurity realm.
The Mobile Playbook - A Guide to iOS and Android App Security (hybrid - in person or online)
This intensive two-day course equips you with practical skills for identifying and exploiting vulnerabilities in mobile apps across both Android and iOS. You'll analyze a mix of real-world apps and custom training apps using tools like Frida, Burp Suite, jadx and other open-source tools.
By the end of the training, you’ll know how to:
- intercept and analyze any type of network traffic in mobile apps, even when SSL pinning is used,
- bypass protection mechanisms such as root/jailbreak detection,
- decompile APKs and perform manual source code reviews,
- reverse engineer Swift-based iOS applications and
- apply a thorough methodology based on the OWASP Mobile Application Security Testing Guide (MASTG).
The labs cover static and dynamic analysis, reverse engineering, and Software Composition Analysis (SCA), all through hands-on exercises.
No need to bring your own devices — each participant gets access to a cloud-based, rooted Android and jailbroken iOS environment via Corellium.
Whether you are a beginner wanting to learn mobile app testing from scratch, an experienced penetration tester or developer wanting to improve your mobile application security knowledge and skills, or someone looking to have some fun, this training will help you achieve your goals.
## Detailed outline
### Day 1 - Android
We begin with an overview of the Android platform and its security architecture, then move into a full day of hands-on labs covering:
- Setting up an Android testing environment with Corellium
- Using Android Debug Bridge (adb) effectively during app pentests
- Intercepting network traffic from apps built with frameworks like Flutter
- Analyzing network traffic, including non-HTTP protocols, with Burp Suite and Wireshark
- Reverse engineering a Kotlin app and exploiting a real-world deep link vulnerability through manual code review
- Scanning APKs for hardcoded secrets
- Getting started with Frida for dynamic instrumentation
- Analyzing Android app storage options (app-specific, shared storage, etc.)
- Using dynamic instrumentation with Frida to:
- Bypass root detection mechanisms
- Bypass Frida detection mechanisms
- Attacking a real world app and overcome it's protection mechanisms.
### Day 2 - iOS
On the second day, we shift to iOS app security, again focusing on hands-on labs:
- Static analysis of Swift code to identify vulnerabilities and eliminate false positives
- Software Composition Analysis (SCA) for iOS: scanning third-party libraries and mitigation strategies
- Setting up the iOS testing environment with Corellium
- Intercepting network traffic in iOS apps
- Bypassing different implementations of SSL pinning using Frida
- Frida crash course for dynamic instrumentation on iOS Apps
- Analyzing iOS app storage mechanisms
- Testing methodology using jailed (non-jailbroken) devices via Frida gadget injection
- Testing watchOS apps and understanding platform limitations
- Using Frida to bypass runtime protections:
- Anti-Jailbreaking mechanisms
- Frida's detection logic
We’ll wrap up the final day with a Capture the Flag (CTF), where you can apply your new skills and win a prize!
Upon completing the course, participants will:
- have a deeper understanding of mobile app security testing,
- know how to identify and exploit vulnerabilities,
- be able to recommend effective mitigation strategies to development teams, and
- follow a structured testing methodology based on the OWASP Mobile Application Security Testing Guide (MASTG).
### What students should bring
To follow all exercises and participate fully, students should have:
- A laptop (Windows or macOS) with at least 16 GB of RAM and 50 GB of free disk space
- Full administrative access to the system (e.g., ability to disable VPN or antivirus if needed)
- Virtualization software (e.g., VMware, VirtualBox, or UTM); a pre-configured virtual machine will be provided for both x86 and ARM architectures (including M1–M4 MacBooks), with all required tools preinstalled.
- Optional but recommended: A tablet for viewing the lab slides during hands-on sessions.
An iOS or Android device is **not** required. Each participant will receive access to a cloud-based Corellium instance, including a jailbroken iOS device and a rooted Android device, for use throughout the training.
### What students will receive
- PDF slide decks and lab instructions for both Android and iOS.
- All vulnerable training apps, provided as APK and IPA files.
- A Dockerfile containing the APIs with which the apps communicated.
- Detailed write-ups for all labs, which you can review at your own pace after the course.
- Access to a dedicated Slack channel for pre-course preparation, in-class support, and post-course Q&A.
- A certificate of completion.
### What prerequisites should students have before attending this training?
This course is designed for beginner to intermediate participants. Students should have:
- A basic understanding of mobile apps
- Basic experience using the Linux command line
Sven is a co-founder of Bai7 GmbH in Austria, which is specialized in trainings and advisory. He has expertise in cloud security, offensive security engagements (Penetration Testing) and Application Security, notably in guiding software development teams across Mobile and Web Applications throughout the Software Development Life Cycle (SDLC) to integrate robust security measures in from the start.
Besides his day job, Sven is involved with the Open Worldwide Application Security Project (OWASP) since 2016. As a co-project leader and author, he has significantly contributed to the OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS).