Abstract

Android Mobile App exploitation

Our full day Humla session will cover the following topics:

• Introduction to Android
• Android Security Architecture
• Android Permission model
• Application Sandboxing
• Setting up Android Emulator
• Setting up a Mobile Pentest Environment
• Reverse Engineering - Understanding, patching and debugging smali code
• Investigating app permissions through manifest file
• Bypassing Android Permissions
• Introduction to Drozer
• Using Drozer to find and exploit vulnerabilities
• Dynamic and static analysis of the application
• Classification of vulnerabilities based on “OWASP Top 10 Mobile Risks”

Speaker

Abhinav Sejpal

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher, and SecDevOps ninja working at Accenture UK. Abhinav frequently speaks and runs technical sessions at security events and conferences around the world (OWASP AppSec USA, DevSecCon, OWASP Summit, Null and OWASP Meetup). He has reported security vulnerabilities to 200+ Unique product giants all over the world including Apple, Adobe, Twitter, Linkedin, Yahoo, Superdry, Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused DevSecOps, Android, iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc. Abhinav has trained over 50+ researchers and developers in information security for companies and organisations across the world.

Timing

Starts at Saturday July 04 2015, 10:00 AM. The sessions runs for about 9 hours.

Resources