In this beginner-friendly training, you’ll step into the shoes of a malware analyst! The training starts with an introduction to the fundamentals of reverse engineering Android applications. With these basics, you’re all set to look into an Android app, which masks as a Messenger, but hides various malicious functionality in both Kotlin and native code. Let’s figure out what the app is doing, which information is leaked, and to whom!
This training teaches all methods and tools required to follow mobile pentesting guides, such as OWASP Mobile, while also providing you with the basics to build your own security analysis tools where needed.
Trainers
Jiska Classen is a wireless and mobile security researcher, leading a research group at Hasso Plattner Institute. The intersection of her research topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement, reverse-engineered Apple's AirTag communication protocol, and published about Apple’s satellite communication implementation.
She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues. Jiska Classen gave iOS and Android security at TROOPERS, Nullcon, and Objective by the Sea, and has teaching experience from creating own lectures and labs as a postdoctoral researcher at TU Darmstadt.
Venue
This training will take place June 25, 2024 on-site at TROOPERS 2024 in Heidelberg.
Booking
As a BlackHoodie training, dedicated to women*, this 1-day Android training is free for all attendees! Furthermore, full-time students can apply for a free TROOPERS conference ticket. For further details, see the BlackHoodie website.
Topic Overview
- The internal structure of an Android app.
- Static analysis of applications written in Java/Kotlin using Ghidra and jadx.
- Android specifics: Java virtualization, native libraries, JNI, …
- Dynamic instrumentation of applications that mix Java and native code using Frida.
- Android security boundaries: Intents, content providers, Binder, SELinux, sandboxing.
- Using existing tools to bypass TLS certificate pinning, root/jailbreak detection, and modifying SQLite databases.
Training Prerequisites
- Basic programming knowledge, ideally one or multiple of the following programming languages: Python, JavaScript, C/C++, Java/Kotlin.
- Optional: Mobile app development background.
What to Bring
- Laptop with at least 8GB of RAM that can run Android Studio and an Android VM, with an Internet connection and possibility to install additional software.
- Your rooted Android devices can be used as well, but we won’t be able to provide support for this.
Who should attend?
This training is aimed at anyone interested in mobile app security, including up and coming pen testers, security or vulnerability researchers, or app developers.