Date: 17th Oct – ThursdayTime: 10:30-12:30Location: Ballroom C
Please bring a laptop with administrator rights to get the full benefit from these hands-on labs
In this workshop, you will have the opportunity to learn how to identify security weaknesses in mobile apps that may exist on the world’s most popular mobile platform, Android. In this 2 hour technical session, we will begin by analyzing Android app components, following shortly by performing basics static analysis techniques with the guidance of various state-of-the-art reverse engineering tools. The attendees will then obtain the knowledge of advanced topics such as analyzing obfuscated code by performing dynamic instrumentation, bypassing client-side protection mechanisms, and manually exploiting vulnerable components of applications.
This workshop aims to help beginners to intermediate level security professionals to feel comfortable with conducting Android App security assessments by utilizing modern security tools and techniques available on the market.
Following are the list of concepts that we will cover in this workshop:
1. Static Reverse Engineering
2. Dynamic Binary Instrumentation
3. Jailbreak Detection and Bypass
4. Intercepting Application Traffic
5. SSL Pinning Bypass
6. Manual Patching
7. APK Signing
8. Platform Components Exploitation
Prerequisites: The workshop is aimed at an audience with a basic to intermediate application-security skill level. It is expected that attendees are familiar with basic web application security testing methodology and are comfortable with Linux/Unix like command-line tools.
Materials: The setup to cover all exercises is a Linux/Mac OS X laptop with Android Studio, Burp Suite Community Edition and Google Chrome installed. All exercises can be done using the Android simulators. A physical mobile device is not necessary.