Attacking Instant Messaging Applications

4200€ | 30th of September to the 3rd of October 2024 | Espace Vinci, Rue des Jeuneurs, Paris, France

Few publicly-known hacks have inspired the imagination of security researchers as much as exploits against IM (instant messaging) applications. 0-click attacks aimed against applications such as WhatsApp, iMessage, and Telegram have raised unprecedented interest and have often caused political turmoil.
Yet, in sharp contrast with the curiosity that IM exploitation generates, public information about this surface remains scant. This training is our bid to bridge the gap.

This course will provide students with the knowledge and hands-on experience in reverse engineering, vulnerability research, and exploitation of real-world IM applications. The target audience is advanced security professionals.


Objectives of the training

IM Architecture Overview

Understanding the Attack Flow

Building Research Infrastructure

Applied Fuzzing and Symbolic Execution

Advanced Static & Dynamic Reverse Engineering Techniques

Find & Exploit Userland Vulnerabilities in Real Targets

The trainer

Who will run this training?

Iddo
Eldor


Iddo Eldor is a vulnerability researcher and reverse engineer with over a decade of experience working for top offensive cyber companies focusing on mobile.

Iddo regularly provides training courses on Mobile Vulnerability Research, Exploitation and Fuzzing to a variety of private clients as well as free courses for youth in the periphery.

He solves most of his problems using Frida and wastes most of his time coming up with creative names for discovered vulnerabilities.

Jacob
Bech


Jacob is a vulnerability researcher specializing in static analysis and theoretical methods like symbolic execution and program analysis. With years of dedication in the field, Jacob has served as a key asset in various research organizations, currently working with an international research group. An enthusiast of fuzzing techniques and a competitive spirit in Capture The Flag competetions.

In addition to professional responsibilities, Jacob is passionate about education and has taught multiple university-level courses covering the intricate facets of cybersecurity and ethical hacking.

Syllabus

What will we do?

Agenda

Day 1: Introduction, planning and preparation

  • Instant Messaging Overview
  • Attack Flow: from Recon Stage to Attack Primitives
  • Initial Static & Dynamic Analysis on a Real World IM Application
  • Building Attack Blocks
  • Advanced Frida Scripting

Day 2: Discovery

  • Protocol(s) Deep Dive
  • Understanding and Dissecting Packets
  • Re-Inserting Compiled-Out Functions
  • Automating Sensitive Information Extraction
  • Parameter Tampering
  • Userland ftrace

Day 3: Verification

  • Advanced Static & Dynamic Analysis
  • Common Classes of Java Vulnerabilities
  • In-Memory Fuzzing || Applied Symbolic Execution
  • Operational Security

Day 4: Exploitation

  • Common Classes of Native Vulnerabilities
  • Exploit Mitigations
  • Vulnerability Hunting
  • Crashing the Target
  • Building Attack Primitives

Pre-requisites

  • Knowledge of Python or some equivalent high-level scripting language
  • Reverse engineering experience

Hardware Requirements

  • A working *nix based laptop
  • 30 GB free Hard disk space
  • Each student will be provided with a rooted android phone

Software Requirement

  • JEB, adb, python3, frida-tools
  • IDA(with HexRays for arm64) or Ghidra
  • Administrator/root access

Other trainings

What else might interest you?

Android Kernel Security

Vitaly Nikolenko

Hypervisor development for security analysis

Satoshi Tanda

Advanced Active Directory and Azure exploitation

Hugo Vincent & Wilfried Bécard

Introduction to Browser Exploitation

Javier Jimenez

iOS for Security Engineers

Quentin Meffre & Etienne Helluy-Lafont

Practical Baseband Exploitation

Pedro Ribeiro & Nitay Artenstein

Software Deobfuscation Techniques

Tim Blazytko

Windows Exploit Engineering Foundation

Cedric Halbronn