Table of Content
Android Application Architecture
- Definition of an Android app
- Overview of the Android operating system
- Android Application Components
- Streamlining Pentesting Environment
Static Analysis
Reverse engineering & patching the application binaries
- APK Exploration: Investigating Layouts, Manifests, Permissions, and Binary Components
Attacking Android App Components
- Use of Unprotected Components
- Attacking Intents
- Attacks on Webview
- Attacks on Deeplinks
Dynamic Instrumentation with Frida
- Analyzing Android java code
- Bypass Android Security Control
Dynamic Analysis
- Intercepting the Request with Proxy tools
- Common Vulnerabilities related to traffic
- Broken Authentication
- Broken Authorization
- Sensitive info disclosure
- Insecure Data transmission
Challenge!!
- lab-1
- lab-2
What attendees should bring?
- Laptop with 60+ GB free hard disk space 8+ GB RAM
- Windows 8.1+ OR Ubuntu 16.x + (64 bit OperaEng System) + OR Macbook
- Intel / AMD Hardware VirtualizaEon enabled OperaEng System
- AdministraEve access on your laptop
- An open mind for intense fast-paced learning
- Attitude to think out of the box
Pre-requisites
- Should be able to read Java and Javascript & SwiV (Not Mandatory)
- Basic knowledge of the Linux OS
- Basic knowledge of Android (optional)
Who should take this course?
- Members of the security/software development team
- Penetration testers
- Security researchers Android
- Anyone interested in learning Android & IOS application security
Venue & Time
Hall Name: Hall 2
Time: 4 Hour
Workshop Goal
This course will provide you with a deep understanding of mobile internals, multiple
methods for static and dynamic analysis, and hands-on experience through practical labs
and simulations. You will learn offensive and defensive aspects of mobile application
security, including practical techniques for exploiting vulnerabilities in real-world scenarios.
By the end of the course, you will be able to identify vulnerabilities and implement effective
security measures in mobile applications.
About Speakers
Gaurav Bhosale is an application security engineer at Mastercard. Gaurav has expertise in web, mobile, network, and IoT penetration testing, with over 4 years of experience in the field. He holds CRTP and CRTE certifications. He is also an active bug bounty hunter and achieved more than 30+ hall of fame, he has a CVE ID, specifically CVE ID 2023-31221.
Amit Kumar is a highly skilled professional in the field of mobile and web security. He has a passion for learning and researching the latest trends in mobile application security and is dedicated to helping others get started in the field of information security. Amit is an active member of various security communities and enjoys sharing his knowledge with others. Amit’s expertise has been recognized by the security community, and he has been invited to speak at the Red Team Summit. He has also authored informative blogs and developed open-source tools to help others expand their knowledge in the field. His contributions have been invaluable to the community, and he continues to inspire and mentor others in the field of information security.