Presented at
DEF CON 33 (2025),
Aug. 8, 2025, 9 a.m.
(45 minutes).
Dyna is a full-spectrum Android security auditing framework designed to automate the OWASP MASTG checklist using both static and dynamic analysis. Built for red teams, appsec engineers, and mobile researchers, Dyna combines Frida, Drozer, PyGhidra, and ADB-based techniques into a modular pipeline that evaluates app permissions, exported components, crypto misuse, insecure storage, IPC abuse, native binary risks, and reverse engineering resilience. It can detect traversal, SQLi, hardcoded secrets, and debuggable builds, while reverse engineering .so files using Ghidra in headless mode. Dyna also features real-time logcat parsing and deep link/URL extraction to trace third-party leaks and misconfigurations. With colored output, structured reports, and an extensible architecture, Dyna turns OWASP MASTG from a checklist into a powerful automated testing workflow.
Presenters:
-
Ayodele Ibidapo
Ayodele is a cybersecurity consultant and application penetration tester with over 15 years of experience strengthening enterprise security architecture, risk governance, and secure DevSecOps practices across finance, telecom, and manufacturing sectors. His expertise spans mobile, web, and containerized applications, where he developed taint flow analyzers, automated vulnerability discovery workflows, and built custom static and dynamic analysis tools to uncover complex security flaws. He holds a Master’s in Information Systems Security Management from Concordia University of Edmonton and a B.Eng. from the University of Portsmouth. His research on CVSS v2 environmental scoring was presented at IEEE’s international conference at MIT, and he continues to bridge deep technical testing with strategic design to deliver resilient, risk-informed solutions.
-
Arjun "T3R4_KAAL" Chaudhary
Arjun is a dedicated and certified cybersecurity professional with extensive experience in web security research, vulnerability assessment and penetration testing (VAPT), and bug bounty programs. His background includes leading VAPT initiatives, conducting comprehensive security risk assessments, and providing remediation guidance to improve the security posture of various organizations. With a Master's degree in Cybersecurity and hands-on experience with tools such as Burp Suite, Wireshark, and Nmap, he brings a thorough understanding of application, infrastructure, and cloud security. As a proactive and self-motivated individual, he is committed to staying at the forefront of cybersecurity advancements. He has developed specialized tools for exploiting and mitigating vulnerabilities and collaborated with cross-functional teams to implement effective security controls. His passion for cybersecurity drives him to continuously learn and adapt to emerging threats and technologies. He is enthusiastic about contributing to innovative security solutions and engaging with the broader security community to address complex cyber threats. He believes that the future of cybersecurity lies in our ability to innovate and adapt, and he is dedicated to making a meaningful impact in this field.
Similar Presentations: