AndroSecNinja is an unique android security training that focuses on android application pentesting, exploitation, API instrumentation, web API fuzzing, binary patching, reversing engineering, malware analysis, OS and browser security . The 3 day training is tightly packed with completely hands on exercises followed by CTF challenges. The course curriculum is designed to accommodate the latest tools, techniques and the well known OWASP Top 10 Mobile risks.
After completing this training, you will acquire skills that are necessary for assessing real world android applications, web API backends and OS components for security issues. You will learn to reverse engineer obfuscated android apps & native libraries, patch the binary and perform runtime API modification and change application behaviour to bypass security controls. You will use tools to perform manual and automated static or dynamic analysis and develop proof of concept apps or scripts to exploit vulnerabilities in android applications. You will also learn about intercepting web and non HTTP traffic, fuzzing the web APIs and hacking HTTP proxies to write custom web security logic. The training also touches android system security where you will learn about arm exploitation, fuzzing android components and browser for vulnerabilities.
What are the requirements?
- Basic idea of Android Operating System.
- Knowledge of Java and Python is good to have.
- 50 GB HDD and 4 GB or more RAM
- Full Virtualization support to run VMWare or VirtualBox
- WiFi/Ethernet support and Internet with decent speed.
- Full Administrative access and USB ports enabled.
What are the take aways?
- OpSecX Certificate of Completion
- Course Slides and other PDFs
- Custom Scripts and Tools
- Vulnerable apps to practise your skills
- Learn about OWASP Top 10 Mobile vulnerabilities
- Create PoCs to exploit Android Application vulnerabilities
Course Details
Duration: 3 days
Language: English
Location: As requested and onsite
Trainer: Ajin Abraham
No of Students: 10 – 25
Cost in India: 75000 INR/ Individual
Cost Abroad/Onsite: 2250 USD/ Individual
Course Syllabus
Android Fundamentals
- Understanding Android Operating System
- Overview of Android application architecture
- Android File System Overview
- Introduction to Dalvik and ART runtimes
- Runtime Permission & Verified Boot
- Memory Protection in Android OS
- Android Security Model
- Application Signing & Sandbox
- Android Permission Model
- Unlocking bootloaders
- Introduction to Rooting
Android Development Fundamentals
- Android Development with Android Studio
- Developing an Android application
- Android Components Explained
- Setting up Android Emulator
- Generating Android APK.
- Release and Debug Builds
- Debugging with Android Studio
Introduction to Android Security Testing
- Mobile Pentesting Methodologies
- OWASP Mobile Top 10
- Threat Modelling Android Application
Setting up the Pentesting Environment
- Setting up Genymotion
- Android Device Bridge (ADB) 101
- Setting up BrupSuite/Charles/Fiddler/MiTM Proxy
- Setting up Mobile Security Framework
- Setting up Drozer
Reversing Android Applications
- Understand APK File Format
- Analysing APK File contents
- Converting Android binary XML to Readable XML
- APK Certificate Validation
- Reversing Android Apps
- Parsing DEX files
- Decompiling to Java
- Decompiling to Smali
Security Code Review: Android Manifest Analysis
- Android Manifest 101
- IPC in Android Applications
- Exploiting Insecure Intents
- Exported Components
- Issues with Exported Components
- Exploiting Exported Components
- Issues with Debug and Backup attribute
- Exploiting apps with Debug and Backup attribute
Security Code Review: Exploiting Insecure Code
- Secure Code Review in Android: An Overview
- Insecure Data Storage and Exploitation
- Insecure Crypto Implementations and Exploitation
- SQL Injection in Android Apps and Exploitation
- Insecure Transport Layer Protection and Exploitation
- Insecure WebView Implementation and Exploitation
- Case Study: WebView RCE in Android < 4.2
- Automated Source Code review with MobSF
Dynamic and Network Analysis
- Intercepting HTTP Traffic
- Installing Proxy Certificate for HTTPS Decryption
- Side Channel Data Leakage
- Memory dumps and analysis
- Log Analysis with Logcat
- Analysing Application Directory and Files
- Reading SQLite, XML and other files
- Intercepting non HTTP protocols
Security Implementations
- Preventing MITM with Certificate pinning
- VM Detection and Root Detection
- Debugger Detection and Tampering Detection
- Installation Source Detection
Bypassing Security Implementations: Code Modification & Patching
- jdb and jdwp 101
- Runtime modifications with jdb
- Making apps debuggable
- Binary Patching
- Smali Basics
- Modifying APKs
- Repacking and Signing APKs
- Bypassing SSL Pinning
- Bypassing VM Detection, Root Detection
- Bypassing Debugger Detection and Tamper Detection
- Bypassing Source Detection
Bypassing Security Implementation: Android Runtime Hooking
- Why Instrumentation?
- Xposed 101
- Runtime Instrumentation with Xposed
- Writing an Xposed Module
- Bypassing Security Implementations with Xposed
- Frida 101
- Runtime Instrumentation with Frida
- Monkey Patching with JavaScript
- Bypassing Security Implementations with Frida
- Case Study: Brute Forcing PIN with Frida
- Frida vs Xposed
Android Security Assessment Tools
- MobSF 101
- Dynamic Analysis with MobSF VM
- Dynamic Analysis on Real Rooted Android Device
- Drozer 101
- Security Assessments with Drozer
Reversing Obfuscated Android Apps
- Proguard 101
- Class and String Encryption
- Case Study: Reversing Obfuscated APKs
Debugging & Reverse Engineering Native Code
- Android JNI 101
- Developing a Shared Library with NDK
- ARM Basics
- ARM debugging with gdb
- Case Study: Exploiting a Buffer Overflow
- Reversing Shared Library
- Getting Familiar with Hopper / IDA Pro
- Disassembling with Hopper / IDA Pro
- Generating Pseudo Code with Hopper/IDA HexRays plugin
Fuzzing Android Components
- Fuzzing 101
- Writing a Simple Fuzzer
- Fuzzing Android Browser
- Case Study: Fuzzing for Browser Bugs
- Fuzzing for Memory Corruption Bugs
- Case Study: Stagefright
Web API Fuzzing
- Web Fuzzing 101
- Playing with HTTP Request/Response
- Hacking Proxies for Web Fuzzing
- Fuzzing for XSS, SQLi and RCE
- Fuzzing for IDOR
- Fuzzing for XXE and SSRF
- Fuzzing Web APIs with MobSF
Real World Exploitation
- Case Study: LFI in Android Application
- Case Study: PIN Authentication Bypass
- Case Study: MITM Password Reset
- Case Study: Brute Forcing PIN
- Case Study: Malware Analysis