Loading…
AppSec IL 2020 has ended
Welcome to Virtual AppSec Israel 2020!
Back To Schedule
Tuesday, October 27 • 11:15 - 13:15
Android Mobile Hacking Workshop

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Overview:
The workshop is the Android (very) short version of a 3-days training dedicated to learning the basics to be able to assess the security of Android mobile applications.

Guillaume Lopes (@Guillaume_Lopes) will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious about a 100% hands-on Android workshop. The goals are:
  • Understand Android basics
  • Learn how to use the common tools (adb, apktool, JADX, Frida and Objection) in order to assess Android applications
  • Practice on how to resolve the OWASP Android crackmes (Levels 1, 2 and 3)

Agenda:
This 2 hours workshop is divided in 4 main parts:
1. Setup your environment: Presentation of the tools used during this workshop and creation of an Android Virtual Device with Android Studio

2. Resolution of the UnCrackable Level 1:
a) Defeat root detection
  • Using only tampering (aka apktool and your favorite text editor)
  • Using Frida on a rooted device
  • Using Frida on a non rooted-device
  • Using Objection

2. Resolution of the UnCrackable Level 2
a) Defeat root detection
b) Handle native code with Frida

4. Resolution of the UnCrackable Level 3
a) Defeat root detection, anti-hooking and anti-tampering with Frida

Prerequisites:
- Download a specially crafted Virtual Machine (based on Kali). - Link will be emailed *to attendees only* a few days before the workshop.
- Need a laptop with 30 Gb of free space
- Download and install VMWare Workstation Player 16 (DO NOT use Virtual Box) : https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html


Speakers
GL

Guillaume Lopes

Senior Penetration Tester, RandoriSec
Guillaume Lopes (@Guillaume_Lopes) is a pentester with 10 years of experience in different fields (Active Directory, Windows, Linux, Web applications, Wifi, Android). Currently working as a Senior Penetration Tester at RandoriSec and also member of the Checkmarx Application Security... Read More →


Tuesday October 27, 2020 11:15 - 13:15 IST
Track B