SecureDroid: Fundamentals of Android App PenTesting



Greetings, Android enthusiasts and security aficionados! Welcome to an immersive journey into the heart of Android Security Testing. In today's interconnected world, where mobile devices play a pivotal role in our daily lives, securing the Android ecosystem is more critical than ever.

Our workshop is tailored for individuals keen on mastering the intricacies of Android security. Whether you're a student eager to embark on a career in cybersecurity, a professional seeking to broaden your skills.

  • Who Should Attend
    • Android enthusiasts eager to delve into the world of security: this workshop is your gateway to mastering Android security testing, making it ideal for students, professionals, and anyone passionate about safeguarding the Android ecosystem.
  • Key learning objectives
    • Android Architecture Deep Dive: Understand the foundational components of the Android operating system. Explore the core elements of Android and their interplay in application execution. Decode the significance of the Android Manifest in app security.
    • Pentesting Fundamentals: Differentiate between dynamic and static pentesting methodologies.
    • Android Reverse Engineering Essentials: Uncover the secrets of Android reverse engineering. Introduce and explore the Smali language for understanding and modifying Android apps. Apply reverse engineering techniques to dissect Android applications.
    • Smali Modification Mastery: Learn the basics of Smali modification through practical exercises. Solve challenges in NS_SMALI_CTF to enhance Smali proficiency. Harness the power of Smali modification by actively modifying the Android SpacePeng Game.
    • Introduction to Frida Instrumentation: Grasp the concept of binary instrumentation and its role in Android security. Dive into Frida as a dynamic instrumentation tool for Android applications. Set up a Frida server on your Android device for real-time interaction.
    • Dynamic App Manipulation with Frida: Understand how to interact with Android apps using Frida. Explore the capabilities of manipulating app behavior through dynamic instrumentation. Gain practical insights into leveraging Frida for real-time app analysis.
  • Prerequisite Knowledge
    • Students could be familiar with below topics but not mandatory:

    • Basic Android Concepts,Android Studio, Penetration Testing Fundamentals, Programming Skills.
  • Utilities/Software Requirements
    • Android Studio
    • Python
    • Frida
    • Text editor (e.g. Notepad++)
    • Genymotion
    • Virtualbox
    • Zipalign
    • Apksigner
    • Adb
    • Apktool
    • Jadx-GUI
    • BurpSuite-Community Edition
  • System Requirements
    • Android Device (Emulator Rooted)
    • Linux or Windows 7/8/10
  • Hardware Requirements
    • Laptop (Min. 8GB RAM)
  • What Students will be provided
    • Comprehensive User Manual:

    • A detailed guide encompassing step-by-step instructions for each module.
    • In-depth explanations of concepts, tools, and methodologies covered in the workshop.
    • Troubleshooting tips and best practices for effective learning.
    • Vulnerable APKs for Hands-On Practice:

    • Exclusive access to carefully curated vulnerable Android applications.
    • Real-world scenarios for practical application of security testing concepts.
    • Opportunities to test and reinforce skills learned during the workshop.
  • Agenda
  • Module 1: Demystifying Android Architecture: Unveiling the Core Components

    • Understanding the Android Operating System.
    • Core Components of Android.
    • What is Android Manifest.

    Module 2: Basics of Android Pentesting

    • Secrets of Android Reverse Engineering.
    • Basics of Reverse Engineering Android Applications.
    • Learning smali modifcation by solving NS_SMALI_CTF.
    • Unleashing power of smali modification by modifying Android Game.

    Module 3: Frida instrumentation for android

    • What is binary instrumentation?
    • Introduction to Frida and dynamic insturmetation
    • Setting up a Frida server on your Android device
    • Interacting with android app using Frida
    • Manipulating the behavious of an Android app using Frida
  • What not to expect
  • Become an Android Pentesting Pro in No Time!

    Embark on a journey that will elevate your skills to the next level in Android Pentesting. This training promises to significantly enhance your expertise in Android Reverse Engineering.

Mr. Omkar Naik, our esteemed Team Lead at Net Square Solutions. With a keen passion for mobile application security, he actively engages in Capture The Flag (CTF) challenges during his leisure. Beyond the world of cybersecurity, Mr. Naik finds joy in swimming and playing football. Get to know the diverse interests and talents that drive our team!