Ravin Academy Mobile Hacking Training


About the course

For years, exploiting vulnerable web services has been one of the most attractive ways for cyber-attackers to infiltrate organizations’ infrastructure or disrupt their business. This has made web security services security assessment one of the most important components of security assessment and in many cases the most widely used type of security assessment that organizations have a special interest in and in various forms such as intrusion testing projects, gabbanti, red team services and Etc. benefit from it.

In recent years, mobile security assessment has also gained a high position alongside the web, and many penetration testing professionals try to work in the field of mobile hacking in addition to web hacking (according to some common knowledge between the two fields). Of course, many people also devote all their attention to mobile and try to increase the depth of their knowledge in this field.

Due to the importance of this issue, various educational institutions around the world have provided training courses for web and mobile security specialists by offering various training courses. Ravin Academy, in line with the latest cyber knowledge in the world, has designed its training courses in various fields of cyber security. One of these paths is the specialized training path “Web and Mobile Hacking” which is designed and presented in three levels: basic, advanced and expert.

In this course, you will get acquainted with the basics of hacking and web and mobile penetration testing at the same time, and you will be ready to attend advanced courses. In fact, by attending this course, you will learn the basics and structure of the web, user and server functionality, web services, architecture and structure of the Android operating system, web and Android attacks, working with the most widely used intrusion testing tools, and many more. The details of the educational syllabus are described in the following sections.


Course duration

The duration of this course is 33 hours and in the form of 3-hour classes, it is held online in 11 sessions from 17:30 to 20:30 on even days. The sessions of this course will start on Saturday, 08/17/99.


Who is this course recommended for?

  • People interested in security / penetration testing / bugging
  • Cyber ​​Security Advisors
  • Cyber ​​security experts in organizations
  • People active in the development of web and mobile systems


What knowledge do I need to attend this course?

Since this penetration testing course is held at the grassroots level, there is no need for high knowledge and experience to attend. The most important knowledge and experimental prerequisites for attending this course are as follows:

  • Familiarity with the basic concepts of the web
  • Basic knowledge of IT concepts
  • Basic familiarity with mobile and Android operating system

You can register for this course here .


Course topics

Chapter 1: Web Fundamentals

1.1 DNS

1.1.1 DNS Overview

1.1.2 DNS Records Overview

1.1.3 Zone Transfer

1.1.4 DNS SEC

1.1.5 TCP Connection

1.1.6 Packet Flow Analysis with Wireshark

1.1.7 Introduction to DNS Attacks

1.2 Web Protocols

1.2.1 Protocols Overview

1.2.2 HTTP HTTP Evolution HTTP Connection Models HTTP1 vs HTTP1.1 vs HTTP2

1.2.3 HTTPS Introduction to Cryptography Types of Cryptography Hashing Applications of Hash Functions Digital Signature Digital Certificate PKI Overview SSL/TLS Handshake Introduction to Cryptography Attacks

1.3   Request/Response Components

1.3.1 Request Methods

1.3.2 Type of Methods

1.3.3 URL Structure

1.3.4 HTTP Headers General Headers Caching Headers Entity Headers Response Headers Security Headers

1.3.5 Encoding Schemes

1.4 Web Application Architecture

1.4.1 Design vs Architecture

1.4.2 Architectural Patterns Overview

1.4.3 Modern Web Architectures

1.5 Core Web Application Mechanisms

1.5.1 AAA Component Overview

1.5.2 Authentication Mechanism

1.5.3 Session Management Mechanism

1.5.4 Access Control Mechanism

Chapter 2: Client-Side Functionalities

2.1 HTML 5 Concepts

2.2 Basic JavaScript

2.3 Introduction to Browsers

Chapter 3: Server-Side Functionalities

3.1 Understanding Server-Side Codes

3.2 DBMS Overview

3.3 Basic SQL Statements

Chapter 4: Web Services

4.1 Introduction to API

4.2 REST and SOAP

Chapter 5: Tools for Web Pentester

5.1 Introduction to Burp Suite & ZAP

5.2 Pentesting Environment

Chapter 6: Android Architecture Internal

6.1 Kernel Overview

6.2 The Dalvik Virtual Machine (DEX)

6.2.1 Optimized DEX

6.3 Java Runtime

6.4 System Services

6.5 Binder (IPC)

6.6 Android Components

6.6.1 Activities

6.6.2 Services

6.6.3 Broadcast Receivers

6.6.4 Content Providers

Chapter 7: Android Security Architecture

7.1 Android Sandbox

7.2 Android Permissions

7.3 SELinux in Android

7.4 IPC – Binder

7.5 Code Signing

7.6 System Updates and Application Updates

7.7 Verified Boot

7.8 Android Permissions

7.8.1 Android Permission Overview

7.8.2 Shared User ID

7.8.3 Activity and Service Permissions

7.8.4 Content Provider Permissions

7.8.5 Broadcast Permissions

7.8.6 Intents Permissions

Chapter 8: Android Package Management

8.1 Android Application Package Format

8.2 Code Signing in Android and Java

8.3 APK Install Routine

8.4 Package Verification

Chapter 9: Setup Test Environment

9.1 Install Genymotion

9.2 Using Emulators

9.3 Reverse Engineering Tools

(Chapter 10: Device Rooting (Lab

10.1 What is Rooting?

10.1.1 Rooting Steps