TECH TRAINING 6: Android Security – Reverse Engineering & App Pentesting

DURATION: 2 DAYS

CAPACITY: 20 pax

SEATS AVAILABLE: 12

PRICE:   EUR1499 (early bird)

EUR1999 (normal)

Early bird registration rate ends on the 1st of March


Overview

In this training, you will learn how to understand what Android application are doing by static and dynamic analysis. With your new ability to understand an unknown application by reverse engineering, you will then learn about the Android security model, the classical components used in Android application and the misuses of them. Many hands-on will be done on real Android malware and applications.

By the end of this training, you will be able to find vulnerabilities (and exploit them) in OEM applications or classical applications distributed through the Play store.

•    Understand how the Android system works.
•    Understand Android applications and how to analyze them.
•    Learn how the Android security model works.
•    Understand the application components.
•    Find and exploit Android vulnerabilities in Android system and applications.

Prerequisites

Training attendees should be familiar with basic Android/Java concepts.

Course Agenda (general overview)

•    Reverse Engineering Android applications:
o    Static Analysis (smali disassembly, decompilation, automation with androguard/JEB)
o    Dynamic Analysis (execution monitoring, sandboxing, memory analysis, instrumentation,  API hooking with Xposed/Cydia Substrate, debugging)

•    Finding and exploitation vulnerabilities in Android applications:
o    Understanding the Android security model (permission model, application “sandboxing”)
o    Understanding the Android application components:

•    AndroidManifest.xml, Activity, BroadcastReceiver, ContentProvider, Service, Intent
•    How they communicate between them
•    How to properly declare and use them
•    The classical kinds of vulnerabilities and how to exploit them

Who should attend

Anyone interested in reversing Android application for penetration testing or mobile malware understanding purpose.

Prerequisite Knowledge

Basic knowledge of Android/Linux and must be able to understand Java code.

Hardware and software requirements

Students must bring their own laptop with VMWare installed and at least 50 Gig of free drive space.

TRAINING
Location: De Beurs van Berlage Date: May 26, 2015 Time: 9:00 am - 6:00 pm Fernand Lone-Sang Andre Moulu