SecureDroid: Fundamentals of Android App PenTesting
Introduction
Greetings, Android enthusiasts and security aficionados! Welcome to an immersive journey into the heart of Android Security Testing. In today's interconnected world, where mobile devices play a pivotal role in our daily lives, securing the Android ecosystem is more critical than ever.
Our workshop is tailored for individuals keen on mastering the intricacies of Android security. Whether you're a student eager to embark on a career in cybersecurity, a professional seeking to broaden your skills.
- Who Should Attend
- Android enthusiasts eager to delve into the world of security: this workshop is your gateway to mastering Android security testing, making it ideal for students, professionals, and anyone passionate about safeguarding the Android ecosystem.
- Key learning objectives
- Android Architecture Deep Dive: Understand the foundational components of the Android operating system. Explore the core elements of Android and their interplay in application execution. Decode the significance of the Android Manifest in app security.
- Pentesting Fundamentals: Differentiate between dynamic and static pentesting methodologies.
- Android Reverse Engineering Essentials: Uncover the secrets of Android reverse engineering. Introduce and explore the Smali language for understanding and modifying Android apps. Apply reverse engineering techniques to dissect Android applications.
- Smali Modification Mastery: Learn the basics of Smali modification through practical exercises. Solve challenges in NS_SMALI_CTF to enhance Smali proficiency. Harness the power of Smali modification by actively modifying the Android SpacePeng Game.
- Introduction to Frida Instrumentation: Grasp the concept of binary instrumentation and its role in Android security. Dive into Frida as a dynamic instrumentation tool for Android applications. Set up a Frida server on your Android device for real-time interaction.
- Dynamic App Manipulation with Frida: Understand how to interact with Android apps using Frida. Explore the capabilities of manipulating app behavior through dynamic instrumentation. Gain practical insights into leveraging Frida for real-time app analysis.
- Prerequisite Knowledge
- Basic Android Concepts,Android Studio, Penetration Testing Fundamentals, Programming Skills.
Students could be familiar with below topics but not mandatory:
- Utilities/Software Requirements
- Android Studio
- Python
- Frida
- Text editor (e.g. Notepad++)
- Genymotion
- Virtualbox
- Zipalign
- Apksigner
- Adb
- Apktool
- Jadx-GUI
- BurpSuite-Community Edition
- System Requirements
- Android Device (Emulator Rooted)
- Linux or Windows 7/8/10
- Hardware Requirements
- Laptop (Min. 8GB RAM)
- What Students will be provided
- A detailed guide encompassing step-by-step instructions for each module.
- In-depth explanations of concepts, tools, and methodologies covered in the workshop.
- Troubleshooting tips and best practices for effective learning.
- Exclusive access to carefully curated vulnerable Android applications.
- Real-world scenarios for practical application of security testing concepts.
- Opportunities to test and reinforce skills learned during the workshop.
Comprehensive User Manual:
Vulnerable APKs for Hands-On Practice:
- Agenda
- Understanding the Android Operating System.
- Core Components of Android.
- What is Android Manifest.
- Secrets of Android Reverse Engineering.
- Basics of Reverse Engineering Android Applications.
- Learning smali modifcation by solving NS_SMALI_CTF.
- Unleashing power of smali modification by modifying Android Game.
- What is binary instrumentation?
- Introduction to Frida and dynamic insturmetation
- Setting up a Frida server on your Android device
- Interacting with android app using Frida
- Manipulating the behavious of an Android app using Frida
Module 1: Demystifying Android Architecture: Unveiling the Core Components
Module 2: Basics of Android Pentesting
Module 3: Frida instrumentation for android
- What not to expect
Become an Android Pentesting Pro in No Time!
Embark on a journey that will elevate your skills to the next level in Android Pentesting. This training promises to significantly enhance your expertise in Android Reverse Engineering.
Viral Bhatt
Mr. Viral Bhatt is a manager of professional services at Net Square, where he works on various vulnerability assessment and penetration testing projects. In his spare time, Bhatt is also a highly ranked bug bounty hunter, with a top ranking of 43rd in the Facebook bug bounty program. He has also achieved top 5 ranking in several bug bounty private programs. In addition to his technical skills, he is also a speaker at various colleges and universities, sharing his knowledge and experience with others.