1. InfoconDB
  2. DEF CON
  3. DEF CON 31 (2023)
  4. Android App Hacking - Hacking for Good!

Android App Hacking - Hacking for Good!

Presented at DEF CON 31 (2023), Aug. 11, 2023, 9 a.m. (240 minutes)

Welcome to the world of Android Hacking! This is a hands-on workshop designed to introduce you to the knowledge, tools and techniques for analyzing and exploiting vulnerabilities in Android applications. The workshop will start by presenting hacking for good, insights on the Android bug bounty, then it will cover the basic concepts of Android applications, walk you through industry standard tools and techniques and then let you experiment on your own with our Android reverse engineering CTF! Come and hack with us! The workshop requires no prior knowledge of Android or reverse engineering. Skill Level: Beginner to Intermediate Prerequisites for students: - Before the workshop, students should follow the setup instructions to ensure they can start working on the CTFs in the workshop: https://tinyurl.com/aah-setup - There is no pre-required knowledge. Materials or Equipment students will need to bring to participate: - Laptop with 20+ GB free hard disk space 4+ GB RAM - Mac. Windows 7/8 , Ubuntu 12.x + (64 bit Operating System), - ADB - apktool - Python & pip - JDK - jadx - Burp Suite - Wireshark - Frida - Ghidra - Administrative access on your laptop

Presenters:

  • Olivier Tuchon - Security Engineer, Android Vulnerability Research team at Google
    Olivier Tuchon is a Security Engineer on the Android Vulnerability Research team. Olivier has been working at Google for almost 5 years, he started by chasing malware/PHA in the Play Store and into the wild (OffMarket) with a speciality in Stalkerware. Now, Olivier looks for vulnerabilities in 3P Android applications. Before Google, Olivier had been a Security Engineer in the French Army for 12 years.
  • Sajjad "JJ" Arshad - Senior Security SWE, Android Security & Privacy team at Google
    JJ is a Senior Security SWE at Google's Android Security & Privacy team where he is developing tools to fight abuse in Android with focus on JavaScript-based frameworks. He has also designed CTF challenges and helped organize GoogleCTF in the past few years. Before Google, he was a Cybersecurity researcher at iSecLab and earned his PhD in Cybersecurity from Northeastern University, Boston, MA. Some domains he is active in are large-scale web security & privacy measurement, program analysis, and Malware detection.
  • Kavia Venkatesh - Technical Program Manager on the Android Security Team at Google
    Kavia Venkatesh is a Technical Program Manager on the Android Security Team at Google where she leads the execution of the Android Security Release Program aka Android Security Bulletin. Over the last 7+ years has led numerous security initiatives. Now, she's passionate about sharing her knowledge with the world.
  • Maria Uretsky - Google
    Maria Uretsky is leading the Android Vulnerability Rewards program at Google. Her passion is to break all the things before the bad actors do, to ensure they are kept out. During her 10+ years of software engineering and security work, she has been part of Google Cloud Security, Azure Sentinel, Windows Defender and AVG.

Similar Presentations: