Null offensive hacking hands-on training.
Proposed sessions for this event:
- Advanced Android App Exploitation by Sachinraj Shetty
- Advanced Android App Exploitation by Ajin
Advanced Android App Exploitation is a lab based session for exploiting Android applications. The session will focus mainly on analyzing decompiled APK code - going through the coding flaws that could potentially cause security issues. The session will also cover dynamic testing of the APK for various exploits. The participants will get a chance to break Dexguard String encryption, exploit Heartbleed in Android apps, bypass SOP in Webviews, inject RAT in to Android, and many more interesting stuffs.
1. Exploiting Activities, Intents, Receivers, Services & Content Providers
2. Security issues with File handling and SQLite DB
3. Attack on Webviews
4. SSL and Cryptography issues with Android
5. Breaking Dexguard String Encryption
6. Mobile Security Automation Framework
1. Familiarity with decompiling APK, and intercepting HTTPS traffic from Android device/emulator using Proxy tool.
2. Understanding of basic Java for code reviewing Android Application.
3. Basic knowledge of OWASP Mobile top 10.
What to Bring?
1. Laptop with admin access, and with external USB allowed.
2. Atleast 20+ GB free hard disk space
3. Min 4 GB RAM
4. Virtual Box installed (https://www.virtualbox.org/wiki/Downloads)
5. Genymotion installed (http://genymotion.com) with Google Nexus S - 4.1.1 image
|Date||Saturday July 11 2015|
|Event Type||Invite Only|
|Start Time||09:30 AM|
|End Time||06:00 PM|