QARK: Android App Exploit and SCA Tool

Presented at DEF CON 23 (2015), Aug. 8, 2015, 11 a.m. (60 minutes)

Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're a developer trying to protect your insecure app from winding up on devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you've been looking for! This tool combines SCA, teaching and automated exploitation into one, simple to use application!


Presenters:

  • Tushar Dalvi - Sr. Security Engineer/LinkedIn
    Tushar Dalvi (@tushardalvi) - Loves breaking web applications and ceramic bowls. Tushar Dalvi is a security enthusiast, and currently works as a Senior Information Security Engineer at LinkedIn. He specializes in the area of application security, with a strong focus on vulnerability research and assessment of mobile applications. Previously, Tushar has worked as a security consultant at Foundstone Professional Services (McAfee) and as a Senior developer at ACI Worldwide. Twitter: @tushardalvi LinkedIn: www.linkedin.com/in/tdalvi
  • Tony Trummer - Staff Information Security Engineer/LinkedIn
    Tony Trummer (@SecBro1) - has been working in the IT industry for nearly 20 years and has been focused on application security for the last 5 years. He is currently an in-house penetration tester for LinkedIn, running point on their mobile security initiatives and has been recognized in the Android Security Acknowledgements. When he's not hacking, he enjoys thinking about astrophysics, playing devil's advocate and has been known to dust his skateboard off from time-to-time. Twitter: @SecBro1 LinkedIn: www.linkedin.com/in/tonytrummer

Links:

Similar Presentations: