SecureDroid: Advanced Android App PenTesting

Introduction

Do you have a passion for Android security and want to learn more? Do you want to go beyond the standard VAPT exercises and examine the complex realm of app vulnerabilities in more detail? If so, this workshop serves as your entryway to a secret world filled with cunning tricks.

We'll equip you with the tools and techniques to dissect real-world app vulnerabilities that often elude standard penetration testing. Step into the shoes of an ethical hacker, wielding your newfound knowledge to understand and exploit these hidden cracks in the digital armor.

By mastering the art of vulnerability discovery and exploitation, you gain the invaluable perspective of an attacker, enabling you to build robust defenses not only for your own apps but also for the broader digital ecosystem.

We'll provide a structured learning environment where you can analyze vulnerable code, craft targeted exploits, and witness firsthand how seemingly innocuous flaws can morph into formidable security breaches.


  • Who Should Attend
    • Elevate your Android security expertise! This workshop tackles advanced vulnerabilities head-on through practical exploits. Ideal for professionals with a foundation in Android security fundamentals.
  • Key learning objectives
    • Analysis of the Android application's functionality and logics.
    • Bypassing the security controls and application's logic using debugging and making modification at runtime.
    • Analysis of Android application's components used and their security flaws.
    • Exploiting vulnerable Android application's components
  • Prerequisite Knowledge

      • Students could be familiar with below topics but not mandatory:

    • Understanding of android application fundamentals, familiarity with common security concepts and knowledge of android components and basic reverse engineering concepts..
  • Utilities/Software Requirements
    • Android Studio
    • Android Emulator - Rooted (Android Studio - AVD Or Genymotion devices)
    • Text editor (e.g. Notepad++)
    • Basic Tools: Drozer, adb, apktool, zipalign, apksigner
    • Jadx-GUI
  • System Requirements
    • Android Device (Emulator Rooted)
    • Linux or Windows 7/8/10
  • Hardware Requirements
    • Laptop (Min. 8GB RAM)
  • What Students will be provided

      • Comprehensive User Manual:

    • A detailed guide encompassing step-by-step instructions for each module.
    • In-depth explanations of concepts, tools, and methodologies covered in the workshop.
    • Troubleshooting tips and best practices for effective learning.

      • Vulnerable APKs for Hands-On Practice:

    • Real-world scenarios for practical application of security testing concepts.
    • Opportunities to test and reinforce skills learned during the workshop.
  • Agenda
    • "

    Module 1: Android Application Runtime Analysis - Smali Code Debugging

    • Introduction to Smali Code.
    • Tools for Smali Code Debugging and Analysis.
    • Debugging using Android Studio.
    • Bypassing security controls and application's logic using debugging and runtime modification of application's code.

    Module 2: Inter-Process Communication (Deep Links, Intents, Broadcast Receivers, Content Providers)

    • Introduction to Android IPC Components.
    • Exploiting Deep Links
    • Intents: Usage and Security
    • Broadcast Receivers & Content Providers: Identification and exploitation of vulnerable components
  • What not to expect

    • It won't cover every aspect of security; it focuses on app-specific penetration testing and might not delve deeply into broader security domains.

Jafarkhan Pathan

Mr. Jafarkhan Pathan is a Security Analyst at Net Square, with a solid background of hands on penetration testing experience. He graduated from GEC Gandhinagar in B.Tech in Computer Engineering. He has achieved CEHv12 in Practical and has completed countless CTFs. He has expertise in Mobile Applications Penetration Testing and loves to do research in the cybersecurity field.


Viral Bhatt

Mr. Viral Bhatt is a manager of professional services at Net Square, where he works on various vulnerability assessment and penetration testing projects. In his spare time, Bhatt is also a highly ranked bug bounty hunter, with a top ranking of 43rd in the Facebook bug bounty program. He has also achieved top 5 ranking in several bug bounty private programs. In addition to his technical skills, he is also a speaker at various colleges and universities, sharing his knowledge and experience with others.


Palak Sethia

Mr. Palak Sethia is a Security Analyst Net Square Solutions. He has completed his bachelor's in Computer Science. He is Curious about the cyber world and creating a safe cyberspace for all with a particular interest in Web and Mobile Penetration Testing. In his carrier experience, he has demonstrated the innovative techniques to make the mobile application penetration testing process more effective.


Omkar Naik

Mr. Omkar Naik, our esteemed Team Lead at Net Square Solutions. With a keen passion for mobile application security, he actively engages in Capture The Flag (CTF) challenges during his leisure. Beyond the world of cybersecurity, Mr. Naik finds joy in swimming and playing football. Get to know the diverse interests and talents that drive our team!


Smit patel

Mr. Smit Patel is a Manager at Net Square, where he delivers cutting-edge information security services to clients worldwide. He holds a Master's degree in Cyber Security from Gujarat Technology University and boasts over four years of professional experience. His skill set encompasses proficiently conducting web application, Android, and iOS penetration testing. Additionally, he possesses expertise in network penetration testing, red team exercises, cloud penetration testing, and configuration audits.