Training Classes

This class is FREE! Unlock your team's capacity to deliver better, more secure products and services by arming them with the knowledge and skills to maximize their use of the Corellium Virtual Hardware platform. This class is for new and prospective users interested in using virtual mobile and IoT devices for their security, R&D, testing, and teaching work.

Students will gain first-hand knowledge of tools, tactics and techniques used to discover mobile app vulnerabilities. Includes a crash-course on the OWASP Mobile App Verification Standard (MSAVS) V1-V8 test cases with live demos. Class is live and virtual, with an open Q&A format. It's also custom scheduled for private audiences.

An overview of using the Corellium platform to dig deeper into the inner workings of the Apple iOS operating system through a vulnerability research and validation lens. Students will get first-hand knowledge of tactics and techniques used to discover vulnerabilities and research new exploits. Class is live and virtual, with an open Q&A format. It's also custom scheduled for private audiences.

FOR518 provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.

This lab is FREE! Explore the thrilling world of Android Userland Exploitation! Delve into key topics such as exploiting memory corruptions and creating an exploit for heap overflow vulnerability. This hands-on teaser offers limited-time access to Corellium mobile devices and focused labs, providing a glimpse into our comprehensive Android Userland Fuzzing and Exploitation course.

Introduction to the world of Android user-land exploitation techniques used by threat actors. Covers the basics of ARM assembly language and reversing the Android Native component. Learn how to find functions that can be harnessed and fuzzed to identify 0day vulnerabilities. Analyze crashes found by your fuzzer and how to exploit them. Learn about Android Userland exploitation and review the tools needed to build reliable and weaponized exploits.

Think Red, Act Blue - Attackers are using new methods of compromising software supply chains that bypass traditional security controls across multiple attack surfaces. SEC568 offers comprehensive training, equipping you with the technical expertise to conduct precise product security assessments and risk analysis. Gain the knowledge and skills needed to protect your digital assets in a rapidly changing threat landscape. Course includes using Corellium for providing virtual Android devices to students.

SEC575 will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

In this unique course targeting the internals of the iOS operating system, you'll get a chance to  explore various exploit mitigations, IPC mechanisms, and XNU internals. Develop skills in reverse-engineering iOS specific security features and gain a deeper understanding of exploitation techniques, including both userland and kernel-level exploits. Follow each stage of the jailbreak process, supported by case studies of real-world exploits.

This hands-on course teaches penetration testers, developers and engineers how to analyse Android and iOS applications for security vulnerabilities by going through the different phases of testing, including dynamic testing, static analysis, reverse engineering and Software Composition Analysis (SCA). The course is based on the OWASP Mobile Application Security Testing Guide (MASTG), combined with the Corellium platform to allow for efficient testing. The training is available in two versions: "The Mobile Playbook: A Developer's Guide" or "The Mobile Playbook: A Pentester’s Guide". See the training catalogue for more details. The training is delivered by Sven Schleier, who has been co-project lead of the OWASP MAS project since 2016.

In this unique course targeting the internals of Android, you'll get a tour of the key parts of the AOSP source tree, examine the boot sequence, IPC mechanisms, and explore ARM64 assembly. You'll develop skills in reverse-engineering Android specific security features and gain a deeper understanding of exploitation techniques, including both userland and kernel-level internals. Real-world case studies, and practical code walkthroughs will aid your learning across multiple device vendors.

Designed for both beginners and advanced enthusiasts, you'll learn how to reverse engineer and conduct thorough security audits of iOS and Android applications. You'll get a deeper insight into common bug categories, and detailed walkthroughs on how to exploit them. Learn how tools like Ghidra, Frida, LLDB, and more can be used to assist you during Mobile application assessments, or research

This course offers an in-depth exploration of the internal architectures of Android and iOS operating systems. You'll get an insight into the various platform-specific features, inter-process communication mechanisms, and other unique exploit mitigations. By reviewing the XNU kernel for iOS, and the Android Open Source Project (AOSP) codebase for Android, you'll develop reverse-engineering skills to analyze proprietary security aspects of both systems. The curriculum includes detailed walkthroughs of the jailbreaking and rooting processes, supplemented by case studies of real-world exploits on both platforms.