Abstract

Agenda:

1. Basics of android and android applications

2. Privilege and permission in android

3. Let's get friendly

4. Building the virtual machine/environment

  • Installing AppUse/Droider
  • Android Studio
  • Genymotion
  • All other small and big tools

5. Static Analysis of the application

  • APK DE-compilation
  • Jar, DEX, SMALI ...
  • Finding what you are looking for
  • SSL Pinning and bypass
  • Recompiling the apk
  • Insecure Storage

6. Dynamic analysis of the application

  • Exported components and issues
  • What to do with a broadcast?
  • Capturing the application traffic
  • Finding new scope and getting ahead of masses
  • Web related vulnerabilities
  • Session manipulation
  • Drozer and its power
  • Run time execution

7. Most common mobile vulnerabilities and how to find them

8. Earning money, the cool way

Prerequisites:

  • Great sense of humor
  • Lack of shyness while asking questions
  • Love towards application security
  • Movie buff
  • Basics of android security
  • Laptop: 8GB RAM, 50 GB free HDD, Android Mobile/Tab

Speaker

Abhinav Mishra

With the unconditional love towards security, be it applications or network, I have been hacking since 6+ years. Professionally, worked with multiple organisations to strengthen their web/infra security. A member of Synack Red Team, and one of the Top 5 mobile security researcher in SRT leaderboard. Personally, movie buff, hollywood movie lover, Indian and folk music fan, traveler, trainer, speaker, part time bug bounty hunter.

Timing

Starts at Thursday April 28 2016, 01:45 PM. The sessions runs for about 3 hours.

Resources