A presentation at c0c0n 2013 in in Thiruvananthapuram, Kerala, India by Anant Shrivastava
Android needs no introduction; it’s one of the fastest growing Smartphone / Tablet OS. Future plans to just include telecommunication equipment but also entertainment equipment like TV, Music Players and other house hold items. When the World is moving towards Android subsequently there is a rise in threat’s and potential risk’s in the same. This Workshop is geared towards Security professionals who want to remain on the edge of the fast paced technology and possess in-depth understanding of Android. This workshop will not only focus on Application Pen Testing but will also be looking at the overall OS as a platform and potential pitfalls around it. Besides just dissecting Android to analyse it we will also be looking at leveraging android platform and its mobility to perform conventional penetration testing tasks. The workshop will be conducted with live applications / targets (test authorized) as well as self-developed Demo in order to quickly understand the targets.
Android Architecture
Operating System Overview
File system Overview
Security Model
Developer Overview
Application Components
Application Structure
The SDK and Android Tools
Developing a basic application
Intro to Pen Testing
Introduction to Android Tamer
Setting up the environment
Black Box PT
Reverse Engineering
Rooting basics
Understanding Pentesting Frameworks
Mercury
Smartphone Pentest Framework
Android Framework for Exploitation.
Using android for Pentest
Setting up the environment
Various tool usage
Writing custom tool in android
Ankur works for a MNC and has a area of interest realted to Web Application Security and Mobile Security. He has been speaker at various conferences like Nullcon, C0C0N for different years where he has presented on topics like PDF exploits, Android Security. Ankur is an active member on Null/OWASP Bangalore Chapter.
Anant Shrivastava works as a Consultant Analyst with 7Safe a part of PA consulting Group. He holds a GWAPT, CEH, CSTP and RHCE. He has been speaker at various conferences like Nullcon, c0c0n, Clubhack, his talks are focused on android. He is the creator of Android Tamer – VM for android security professionals. Active member of Null, Garage4Hackers. His expertise remains in Linux, Web Applications (Dev and security testing) and Mobile devices (OS and Application) Security.
1 day (8 hrs)
Bring in your own Laptop and if an android device is available. (otherwise simulator will also work)
Anyone Interested to Learn and Deep dive in Android.
Mobile Security Enthusiast, Web Application Penetration Tester, Android Enthusiast, IT professionals, developers, testing, quality professionals and anyone who wants to get their hands dirty in Android.