SecureDroid: Fundamentals of Android App PenTesting

Introduction

Greetings, Android enthusiasts and security aficionados! Welcome to an immersive journey into the heart of Android Security Testing. In today's interconnected world, where mobile devices play a pivotal role in our daily lives, securing the Android ecosystem is more critical than ever.

Our workshop is tailored for individuals keen on mastering the intricacies of Android security. Whether you're a student eager to embark on a career in cybersecurity, a professional seeking to broaden your skills.


  • Who Should Attend
    • Android enthusiasts eager to delve into the world of security: this workshop is your gateway to mastering Android security testing, making it ideal for students, professionals, and anyone passionate about safeguarding the Android ecosystem.
  • Key learning objectives
    • Android Architecture Deep Dive: Understand the foundational components of the Android operating system. Explore the core elements of Android and their interplay in application execution. Decode the significance of the Android Manifest in app security.
    • Pentesting Fundamentals: Differentiate between dynamic and static pentesting methodologies.
    • Android Reverse Engineering Essentials: Uncover the secrets of Android reverse engineering. Introduce and explore the Smali language for understanding and modifying Android apps. Apply reverse engineering techniques to dissect Android applications.
    • Smali Modification Mastery: Learn the basics of Smali modification through practical exercises. Solve challenges in NS_SMALI_CTF to enhance Smali proficiency. Harness the power of Smali modification by actively modifying the Android SpacePeng Game.
    • Introduction to Frida Instrumentation: Grasp the concept of binary instrumentation and its role in Android security. Dive into Frida as a dynamic instrumentation tool for Android applications. Set up a Frida server on your Android device for real-time interaction.
    • Dynamic App Manipulation with Frida: Understand how to interact with Android apps using Frida. Explore the capabilities of manipulating app behavior through dynamic instrumentation. Gain practical insights into leveraging Frida for real-time app analysis.
  • Prerequisite Knowledge

      • Students could be familiar with below topics but not mandatory:

    • Basic Android Concepts,Android Studio, Penetration Testing Fundamentals, Programming Skills.
  • Utilities/Software Requirements
    • Android Studio
    • Python
    • Frida
    • Text editor (e.g. Notepad++)
    • Genymotion
    • Virtualbox
    • Zipalign
    • Apksigner
    • Adb
    • Apktool
    • Jadx-GUI
    • BurpSuite-Community Edition
  • System Requirements
    • Android Device (Emulator Rooted)
    • Linux or Windows 7/8/10
  • Hardware Requirements
    • Laptop (Min. 8GB RAM)
  • What Students will be provided

      • Comprehensive User Manual:

    • A detailed guide encompassing step-by-step instructions for each module.
    • In-depth explanations of concepts, tools, and methodologies covered in the workshop.
    • Troubleshooting tips and best practices for effective learning.

      • Vulnerable APKs for Hands-On Practice:

    • Exclusive access to carefully curated vulnerable Android applications.
    • Real-world scenarios for practical application of security testing concepts.
    • Opportunities to test and reinforce skills learned during the workshop.
  • Agenda

    • Module 1: Demystifying Android Architecture: Unveiling the Core Components

    • Understanding the Android Operating System.
    • Core Components of Android.
    • What is Android Manifest.

    Module 2: Basics of Android Pentesting

    • Secrets of Android Reverse Engineering.
    • Basics of Reverse Engineering Android Applications.
    • Learning smali modifcation by solving NS_SMALI_CTF.
    • Unleashing power of smali modification by modifying Android Game.

    Module 3: Frida instrumentation for android

    • What is binary instrumentation?
    • Introduction to Frida and dynamic insturmetation
    • Setting up a Frida server on your Android device
    • Interacting with android app using Frida
    • Manipulating the behavious of an Android app using Frida
  • What not to expect

    • Become an Android Pentesting Pro in No Time!

    Embark on a journey that will elevate your skills to the next level in Android Pentesting. This training promises to significantly enhance your expertise in Android Reverse Engineering.

Jafarkhan Pathan

Mr. Jafarkhan Pathan is a Security Analyst at Net Square, with a solid background of hands on penetration testing experience. He graduated from GEC Gandhinagar in B.Tech in Computer Engineering. He has achieved CEHv12 in Practical and has completed countless CTFs. He has expertise in Mobile Applications Penetration Testing and loves to do research in the cybersecurity field.


Viral Bhatt

Mr. Viral Bhatt is a manager of professional services at Net Square, where he works on various vulnerability assessment and penetration testing projects. In his spare time, Bhatt is also a highly ranked bug bounty hunter, with a top ranking of 43rd in the Facebook bug bounty program. He has also achieved top 5 ranking in several bug bounty private programs. In addition to his technical skills, he is also a speaker at various colleges and universities, sharing his knowledge and experience with others.


Palak Sethia

Mr. Palak Sethia is a Security Analyst at Net Square Solutions. He has completed his bachelor's in Computer Science. He is Curious about the cyber world and creating a safe cyberspace for all with a particular interest in Web and Mobile Penetration Testing. In his carrier experience, he has demonstrated the innovative techniques to make the mobile application penetration testing process more effective.


Omkar Naik

Mr. Omkar Naik, our esteemed Team Lead at Net Square Solutions. With a keen passion for mobile application security, he actively engages in Capture The Flag (CTF) challenges during his leisure. Beyond the world of cybersecurity, Mr. Naik finds joy in swimming and playing football. Get to know the diverse interests and talents that drive our team!


Smit patel

Mr. Smit Patel is a Manager at Net Square, where he delivers cutting-edge information security services to clients worldwide. He holds a Master's degree in Cyber Security from Gujarat Technology University and boasts over four years of professional experience. His skill set encompasses proficiently conducting web application, Android, and iOS penetration testing. Additionally, he possesses expertise in network penetration testing, red team exercises, cloud penetration testing, and configuration audits.