TECH TRAINING 8 – THE ANDROID EXPLOIT LAB
TRAINER: Saumil Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates Bhd.) |
CAPACITY: 20 pax |
SEATS LEFT: COURSE CANCELLED
|
DURATION: 2 days (14th & 15th October 2013) |
COST (per pax): MYR4999 (early bird) / MYR5999 (non early-bird) |
OVERVIEW
TBA
KEY LEARNING OBJECTIVES
-
- Understanding various Android defense mechnism
- Techniques available in breaking some of the defense mechnism
- Exploiting memory corruption bug in Android
- Debugging process in Android
- Building a remote exploit for Android
- Jailbreaking android devices
- Rebuild kernel and ROM
- Using IPTables and changing permission of APK
WHO SHOULD ATTEND
Mobile Penetration Testers, Infosec Professional and anyone Interested in Android Mobile Exploitation and defense.
PREREQUISITES
- Have a working knowledge of Unix operating systems
- Not be allergic to command line tools.
- Use vi/pico/joe editors.
- Have a working knowledge of shell scripts, cmd scripts or Perl.
- Understanding of C programming would be a bonus.
COURSE AGENDA
DAY 1
- Android fundamentals
o Introduction to Android
o Introduction to ARM
o Android Architecture
o Android Security Architecture
o Permission model
o Application Sandboxing
- Setting up Development tools
o Android SDK
o ADB and logcat
o GDB debugging
- Programming Android
o Eclipse
o Android Studio
- Case study
o Vulnerabilit in Webkit
o Remote debugging
o ARM Shellcode
o Remote exploit in Android
DAY 2
- Android Kernel
o Jail breaking
o Local exploit
o Recompiling kernel
o Adding feature to Android Kernel
- Android ROM
o Rebuilding ROM
o Deodexing
o Adding feature to Android ROM
- Breaking Android Permission
o Changing permission
o Intent mis-use
o Back-dooring APK
- IPTable and Android protection
o Configure IPtable of android
- Mobile forensics
o Extracting data from android phone
o Recovering deleted data
HARDWARE / SOFTWARE REQUIREMENTS
- A working laptop with the following hardware/software requirements:
- Intel(ish) X86 hardware required
- 512MB RAM required, at a minimum, 2GB preferred, and anywhere in between shall be tolerated
- Wired 10/100 Network card (no wireless network in class)
- 12 GB free Hard disk space
- Operating Systems (one of the following)
- Windows XP SP2/SP3 or Windows 7
- Administrator access MANDATORY
- Ability to disable Anti-virus / Anti-spyware programs
- Ability to disable Windows Firewall or personal firewalls
- Active Perl 5.8 or above from activestate.com
- An SSH client, such as PuTTY
- Firefox browser
OR
- Linux kernel 2.4 or 2.6
- Kernel 2.4 or 2.6 required
- Root access mandatory
- Ability to use an X-windows based GUI environment
- Perl 5.8 should be available
- SSH should be available
ABOUT THE TRAINERS
SAUMIL SHAH
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.
SK CHONG
EVENT ORGANIZER
SUPPORTED AND ENDORSED BY
TITANIUM SPONSOR (SPEAKERS RECEPTION + POST CONFERENCE RECEPTION)
GOLD SPONSORS
SILVER SPONSORS
CTF SPONSOR
CTF PRIZE SPONSOR
INTERNET CONNECTIVITY PARTNER
ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)
HackWEEKDAY Official Ride Partner
SUPPORTING MEDIA
FRIENDS OF HITB
