AppSec IL 2020 has ended
Welcome to Virtual AppSec Israel 2020!
Back To Schedule
Tuesday, October 27 • 11:15 - 13:15
Android Mobile Hacking Workshop

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The workshop is the Android (very) short version of a 3-days training dedicated to learning the basics to be able to assess the security of Android mobile applications.

Guillaume Lopes (@Guillaume_Lopes) will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious about a 100% hands-on Android workshop. The goals are:
  • Understand Android basics
  • Learn how to use the common tools (adb, apktool, JADX, Frida and Objection) in order to assess Android applications
  • Practice on how to resolve the OWASP Android crackmes (Levels 1, 2 and 3)

This 2 hours workshop is divided in 4 main parts:
1. Setup your environment: Presentation of the tools used during this workshop and creation of an Android Virtual Device with Android Studio

2. Resolution of the UnCrackable Level 1:
a) Defeat root detection
  • Using only tampering (aka apktool and your favorite text editor)
  • Using Frida on a rooted device
  • Using Frida on a non rooted-device
  • Using Objection

2. Resolution of the UnCrackable Level 2
a) Defeat root detection
b) Handle native code with Frida

4. Resolution of the UnCrackable Level 3
a) Defeat root detection, anti-hooking and anti-tampering with Frida

- Download a specially crafted Virtual Machine (based on Kali). - Link will be emailed *to attendees only* a few days before the workshop.
- Need a laptop with 30 Gb of free space
- Download and install VMWare Workstation Player 16 (DO NOT use Virtual Box) : https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html


Guillaume Lopes

Senior Penetration Tester, RandoriSec
Guillaume Lopes (@Guillaume_Lopes) is a pentester with 10 years of experience in different fields (Active Directory, Windows, Linux, Web applications, Wifi, Android). Currently working as a Senior Penetration Tester at RandoriSec and also member of the Checkmarx Application Security... Read More →

Tuesday October 27, 2020 11:15 - 13:15 IST
Track B