Back to timeline



Xtreme Android Hacking

Nullcon Delhi 2012

2012/09/26

Trainer: Aseem Jakhar and Anant Shrivastava

Training: Xtreme Android Hacking

Objective

Smartphones and tablets have become a must-have for everyone for personal as well as official use. As people have started utilizing these devices to frequently access the Internet, read important documents, carry out financial transactions and so on and so forth, the bad guys have realized the shift and have started to focus on exploiting these platforms for their gains. There has been a lot of advancement in mobile malware and exploitation.

These devices are computers running various operating systems and packed up with hardware for telephony and wifi. There are numerous applications available for these platforms which can be freely downloaded over the internet and used.

Xtreme Android Hacking training takes up one of the finest operating system used for these devices a.k.a Android and tears it apart. As the name suggests the training takes a deep dive into all the components of Android OS starting right from the OS architecture, ARM assembly, shellcoding, hacking system components, security model, android apps to penetration testing, reverse engineering and malware analysis. Xtreme Android Hacking is specifically designed to have more hands-on and exercises for the trainees to grasp the intrinsic technical details of the Android system, Android applications and the respective vulnerabilities. The trainers have designed and developed an open source, customized distribution for android development and security testing known as Android Tamer which is also provided with the training material and a walkthrough on using Android Tamer is also taken up during the training to make the trainees familiar with the distribution. The training provides a base to the trainees to develop security research expertise on the Android platform way beyond the conventional application security testing skills.

Introduction to Android

Introduction to Android Tamer

System Architecture

Application Architecture

Android ARM Assembly primer

Android Security Architecture

Penetration Testing

Malware Analysis and Reverse Engineering

Who Should Attend?

Prerequisites

What to bring?

What to expect?

What not to expect?

About the trainers

Aseem Jakhar

Aseem is the chief researcher at Payatu Technologies Pvt Ltd http://payatu.com with extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including IBM ISS Proventia UTM appliance, Mirapoint messaging/security appliance, anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He is an active speaker at security and open source conferences; some of the conferences he has spoken at include Defcon, Hack.lu, Blackhat, Xcon, Cyber security summit, Cocon, OSI Days, Clubhack, Gnunify. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit - Jugaad which demonstrates a stealthy malware infection technique. He is well known in the hacking and security community as the founder of null - The open security community, registered not-for-profit organization http://null.community , the largest security community in India and the founder of nullcon Security conference http://nullcon.net . The focus and mission of null is advanced security research, sharing information, responsible vulnerability disclosure and assisting Govt./private organizations with security issues.

Anant Shrivastava

He holds a GWAPT, CEH and RHCE. He has been speaker at various conferences like Nullcon, c0c0n, Clubhack, his talks are focused on android. He is the author of open source distribution - Android Tamer for android security professionals. Active member of Null, Garage4Hackers. His expertise remains in Linux, Web Applications (Dev and security testing) and Mobile devices (OS and Application) Security.