Presented at
VB2018,
Oct. 4, 2018, 2 p.m.
(90 minutes)
This workshop explains how to reverse engineer *Android* malware. It consists of several guided labs where participants work on real malware within a virtual environment. The malicious samples are all recent - less than a year old.
After a quick tour of the basic skills and tricks to reverse engineer *Android* samples, the training covers the following topics:
* Dealing with obfuscated samples
* Writing Radare2 scripts
* Hooking the malicious application with Frida
Expected skills:
* You should be at ease with Unix environments, and able to write quick (and dirty) code
* There will be special labs that beginners can do at their own pace
* The other labs (e.g Radare2, Frida, etc.) willl be of interest to more experienced reverse engineers
Equipment:
* Attendees should bring their own laptop, pre-installed with Docker (see below)
* Note the workshop mostly consists of labs, so a laptop ***is* *necessary***
REQUIREMENTS:
* 64-bit laptop
* At least 6 GB of free disk space
* Docker (community edition is fine)
* SSH client and/or vncviewer
INSTALL:
* Install Docker and check it works
* Pull the lab's image: docker pull cryptax/android-re:latest
That's all!
To test it:
1. docker run -d --name workshop-test -p 5022:22 -p 5900:5900 cryptax/android-re
2. If you use ssh: ssh -X -p 5022 [[email protected]](/cdn-cgi/l/email-protection)
3. In the Docker container, run: emulator7 &
Wait (may be long) to ensure the *Android* emulator opens up correctly
Presenters:
Links:
Similar Presentations: