PRACTICAL ANDROID EXPLOITATION LITE

Overview

Xipiter co-authored the Android Hacker's Handbook, a leading text on Android security, reverse engineering, and development. The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others


Concepts taught (hands-on) in the course include:

  • Analyze real Jail-breaks and see how they work

  • Write exploits against userland AND kernel 

  • Bypass modern protection mechanisms on Android (ASLR, XN, etc)

  • Perform Dalvik reverse engineering and learn about the Android NDK 

  • Analyze Mobile Malware

  • Perform hardware attacks on Mobile devices 


Who should attend?

Android Developers, Mobile Developers, Hackers, Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, jail breakers.


Student requirements

  • Students taking Practical Android Exploitation should have an intermediate software exploitation background on another architecture (such as x86). They should have hands-on familiarity with the following concepts:

    • Exploitation of stack overflows

    • Exploitation of heap overflows

    • Basic experience with IDA

    • Basic experience with a debugger

    • Cursory knowledge of Python or some equivalent high-level scripting language (Java, Ruby, etc)

    • C++ and C coding experience

What students should bring

  • A laptop (running their favorite OS) capable of connecting to wired and wireless networks

  • An installed valid VMWare Player, Workstation or Fusion (freeware is sufficient)

  • An installed copy of at least IDA Standard.(freeware is also sufficient)

  • An SSH/Telnet client to access the hosted QEMU images 


What students will be provided with

  • Lab manual

  • Access to the embedded systems (targets), and tools, that comprise the entire class environment

  • Undoubtedly some Xipiter swag of some kind ;-)


Find out more!


Http://AndroidExploitation.com



English 

2 days

21st, 22nd  September 

TBC

Cost

Early bird (Until March 31st)

USD 2000

Benefits

  • Discount buying the 2 Xipiter courses!!

CONSULTAS

Para realizar consultas sobre el training o alguno de sus beneficios, contacta a capacitacion@ekoparty.org


Instructor


Stephen A. Ridley is a security researcher with more than 15 years of experience in software development, software security, and reverse engineering. Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every Continent except Antarctica. Stephen and his work have been featured on NPR and NBC and in the Wall Street Journal, Wired, Washington Post, Fast Company, VentureBeat, Slashdot, The Register, and other publications.


Stephen serves as CTO and Founder of Senrio Inc. a VC-backed network intelligence, asset identification,and embedded device security company. Stephen 
holds several patents* some of which are specifically in support of Senrio’s machine learning and firmware technologies.Prior to Senrio, Stephen founded Xipiter, a small New York-based boutique (~10 employees), an information security practice with a focus on mobile/embedded device security services and training. Although a small practice, Xipiter’s customers included “Fortune 50” businesses, as well as Government and Defense/Intelligence Agencies.Stephen has authored a number information security articles, open-source security tools, and co-written several texts. The most recent of which is the "Android Hackers Handbook" published by Wiley &  Sons. Stephen has guest lectured at NYU, Rensselaer PolyTechnic (RPI), Dartmouth, and other universities on subject of software exploitation and reverse  engineering. Stephen has served on the programming/review committees of USENIX Woot, SecuringSmartCities, BuildItSecurely, et al. Stephen also serves on the board of IndySci.org, a California 501(c)(3) non-profit devoted to making "Open Source"  pharmaceuticals a reality