Android security workshop

A presentation at Ground Zero Summit in in New Delhi, Delhi, India by Anant Shrivastava

Android needs no introduction, it’s one of the fastest growing Smartphone / Tablet OS. Future plans to just include telecommunication equipment but also entertainment equipment like TV, Music Players and other house hold items. When the World is moving towards Android subsequently there is a rise in threat’s and potential risk’s in the same. This Workshop is geared towards Security professionals who want to remain on the edge of the fast paced technology and possess in-depth understanding of Android. This workshop will not only focus on Application Pen Testing but will also be looking at the overall OS as a platform and potential pitfalls around it. Besides just dissecting Android to analyse it we will also be looking at leveraging android platform and its mobility to perform conventional penetration testing tasks. The workshop will be conducted with live applications / targets (test authorized) as well as self-developed Demo in order to quickly understand the targets. Course Content • Android Architecturey o Operating System Overview o File system Overview o Security Model

• Developer Overview o Application Components o Application Structure o The SDK and Android Tools o Developing a basic application

• Intro to Pen Testing o Introduction to Android Tamer o Setting up the environment o Black Box PT o Reverse Engineering o Rooting basics o Understanding Pentesting Frameworks o Mercury o Smartphone Pentest Framework o Android Framework for Exploitation.

• Using android for Pentest o Setting up the environment o Various tool usage o Writing custom tool in android

Duration: 1Day (8 hours)

Participants Requirements • Laptop with virtualbox or VMWARE Player • Android device

Would be great if you have Android SDK configured otherwise Live OS will be provided with everything configured in it. Attendees need to bring an android device otherwise last one section they will have to just see and can’t practice it with instructors.

Minimum system config should be 2 GB RAM with 1.7Ghz processor.

Remaining all software will be provided

Who should attend? Anyone Interested to Learn and Deep dive in Android. Mobile Security Enthusiast, Web Application Penetration Tester, Android Enthusiast, IT professionals, developers, testing, quality professionals and anyone who wants to get their hands dirty in Android.

Buzz and feedback

Here’s what was said about this presentation on Twitter.