Abstract

Android Mobile App exploitation

Our full day Humla session will cover the following topics:

• Introduction to Android
• Android Security Architecture
• Android Permission model
• Application Sandboxing
• Setting up Android Emulator
• Setting up a Mobile Pentest Environment
• Reverse Engineering - Understanding, patching and debugging smali code
• Investigating app permissions through manifest file
• Bypassing Android Permissions
• Introduction to Drozer
• Using Drozer to find and exploit vulnerabilities
• Dynamic and static analysis of the application
• Classification of vulnerabilities based on “OWASP Top 10 Mobile Risks”

Speaker

Abhinav Sejpal

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Assists organisations,Stakeholders & Customers in achieving real risk reduction by ensuring that they have the people, technologies, and processes in place to enable business operations while preventing, detecting, and responding to attacks by sophisticated cyber adversaries. Deeply skilled in Security Vision, Leadership & Pen-testing. Conducted application penetration testing, Web & Mobile application security reviews, and source code security analysis for internal clients. Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for re-mediation, resulting in improved security posture and increased attack resiliency.

Timing

Starts at Saturday July 04 2015, 10:00 AM. The sessions runs for about 9 hours.

Resources