The most advanced training program on mobile offense: Android, iOS, Red Team methodologies, real tools, and hands-on scenarios.
"Advanced Mobile Offensive Tradecraft for Next-Gen AI Red Teaming" is a high-intensity program designed to upgrade the skills of security professionals engaged in modern mobile offensive and defensive operations.
The curriculum is tailored for Professional Penetration Testers seeking to integrate AI for highly scalable and efficient mobile testing workflows, Red Teamers focused on complex, multi-vector engagements including advanced social engineering and physical access, and Mobile Security Researchers dedicated to in-depth analysis of application architectures and supply chain risks.
Upon completing this course, attendees will be uniquely equipped to streamline complex security assessments, automate the discovery and analysis of an entire attack surface, and execute sophisticated, scalable, and compliant Red Team operations leveraging next-generation AI tools. The material presented will focus specifically on the Android ecosystem, providing deep-dive expertise in this platform.
Participants are expected to have a basic understanding of mobile architectures (iOS/Android) and familiarity with Python. Experience in mobile pentesting is not strictly required as the basics will be covered.
Participants must have virtualization software (e.g., VMware Workstation/Fusion, VirtualBox) capable of running a resource-intensive virtual machine.
The host machine must be able to allocate and run a 16GB Ubuntu Virtual Machine comfortably with at least 6 dedicated Cores.
Students are required to provide their own Anthropic API key (Opus 4.6 / Sonnet 4.6 min model preferred) for use in the AI-assisted SAST and social engineering modules, specifics on the exact amount of tokens required will be provided before the start of the course.
The trainers will provide participants with a precompiled VM before the course starts, and any additional requirements regarding specifications and necessary hardware will be supplied no later than two weeks prior to the course.
Automating foundational security activities, architectural mapping, and compliance.
An introductory segment will establish the context of modern mobile security, exploring AI's current and future role, including its legal and ethical implications. Participants will be introduced to AI's use in mobile-based social engineering, Static Application Security Testing (SAST) for vulnerability discovery and exploit prototyping.
This session focuses on leveraging AI-powered parsing to intelligently process the output from SAST tools. The goal is to achieve automated and rapid triage for critical security findings, specifically identifying exposed secrets, credentials, potential API exposures, and validating API usage against best practices.
The following session leverages advanced AI and reasoning models to conduct a deep analysis of application manifests. The main purpose is to identify architectural and intent-based vulnerabilities, automate the mapping of the entire attack surface, and rapidly prototype potential exploits for security assessments.
The following session will showcase how advanced reasoning models can be leveraged to effectively map complex, obfuscated code within Android APKs. The session will cover automated function renaming, the structured analysis of code flow, and the identification of hidden vulnerabilities or malicious behavior, significantly streamlining the reverse engineering process for security analysts.
This module explores leveraging AI and LLMs alongside decompilers to automate Frida hook generation. Agents will be used to analyze code, identify sensitive signatures, and create JavaScript hooks for tasks like bypassing security mechanisms to expedite mobile vulnerability discovery.
Learn how to use agentic solutions to automatically analyze application data handling, such as source IPs and endpoints, to detect and flag violations of privacy guidelines like GDPR, leveraging agents to determine if the target application's data flow compromises compliance.
Cutting-edge offensive tradecraft, autonomous agents, and physical access.
This session will provide a foundational understanding of the legal constraints, ethical considerations, and essential operational boundaries necessary for conducting effective and compliant mobile-centric Red Team activities.
This session will delve into the advanced methods of fully automated smishing attacks. It covers techniques for automated target profiling, which involves collecting publicly available personal data, and the dynamic orchestration of highly personalized smishing campaigns tailored to individual targets.
This offensive tradecraft segment will showcase how to use the OMG™ cable, in combination with AI, to develop and execute advanced ducky scripts against Android devices. Key techniques covered will include manipulating device data and establishing persistent access on the targeted devices.
This 120-minute, hands-on workshop will demonstrate how to execute sophisticated, real-time deepfake attacks against common communication platforms, such as WhatsApp™ and Microsoft Teams™. Participants will gain practical experience using virtual cameras and advanced AI to create highly convincing synthetic voice and video. The session is designed to emphasize the risks posed by modern Deepfake and Vishing attacks, and it will equip Red Teamers with valuable techniques for advanced engagements.
This session will delve into the deployment of AI agents for managing sophisticated, long-term social engineering campaigns. These autonomous chatbots are capable of maintaining continuous communication with targets on platforms like WhatsApp™ and Telegram™ for days, a process that requires no human intervention and drastically scales phishing operations.
Seats are limited to 20 participants per edition. Contact us to receive the detailed program and available dates.
Request information →