c0c0n 2013

Talk: Snake Bites

Training

DEEP DIVE ANDROID

OBJECTIVE

Android needs no introduction; it’s one of the fastest growing Smartphone / Tablet OS. Future plans to just include telecommunication equipment but also entertainment equipment like TV, Music Players and other house hold items. When the World is moving towards Android subsequently there is a rise in threat’s and potential risk’s in the same. This Workshop is geared towards Security professionals who want to remain on the edge of the fast paced technology and possess in-depth understanding of Android. This workshop will not only focus on Application Pen Testing but will also be looking at the overall OS as a platform and potential pitfalls around it. Besides just dissecting Android to analyse it we will also be looking at leveraging android platform and its mobility to perform conventional penetration testing tasks. The workshop will be conducted with live applications / targets (test authorized) as well as self-developed Demo in order to quickly understand the targets.

COURSE CONTENT

  1. Android Architecture
    • Operating System Overview
    • File system Overview
    • Security Model
  2. Developer Overview
    • Application Components
    • Application Structure
    • The SDK and Android Tools
    • Developing a basic application
  3. Intro to Pen Testing
    • Introduction to Android Tamer
    • Setting up the environment
    • Black Box PT
    • Reverse Engineering
    • Rooting basics
    • Understanding Pentesting Frameworks
      • Mercury
      • Smartphone Pentest Framework
      • Android Framework for Exploitation.
  4. Using android for Pentest
    • Setting up the environment
    • Various tool usage
    • Writing custom tool in android

SPEAKER DETAILS

ANKUR BHARGAVA

Ankur works for a MNC and has a area of interest realted to Web Application Security and Mobile Security. He has been speaker at various conferences like Nullcon, C0C0N for different years where he has presented on topics like PDF exploits, Android Security. Ankur is an active member on Null/OWASP Bangalore Chapter.

ANANT SHRIVASTAVA

Anant Shrivastava works as a Consultant Analyst with 7Safe a part of PA consulting Group. He holds a GWAPT, CEH, CSTP and RHCE. He has been speaker at various conferences like Nullcon, c0c0n, Clubhack, his talks are focused on android. He is the creator of Android Tamer – VM for android security professionals. Active member of Null, Garage4Hackers. His expertise remains in Linux, Web Applications (Dev and security testing) and Mobile devices (OS and Application) Security.

DURATION

1 day (8 hrs)

PARTICIPANTS REQUIREMENTS

Bring in your own Laptop and if an android device is available. (otherwise simulator will also work)

PRE-REQUISITE

Anyone Interested to Learn and Deep dive in Android.

WHO SHOULD ATTEND?

Mobile Security Enthusiast, Web Application Penetration Tester, Android Enthusiast, IT professionals, developers, testing, quality professionals and anyone who wants to get their hands dirty in Android.

Ref: https://is-ra.org/c0c0n/2013/workshop-deep_dive_android.html