This training course is designed for Android malware reverse engineers, mobile application pentesters, and developers who want to gain deep technical knowledge and expertise in Android security and exploitation. Students will learn the art of reverse engineering Android binaries, APKs’ and get hands-on experience in performing it on both apps and system binaries. This includes understanding common bug categories, auditing apps for security vulnerabilities, and bypassing anti-debugging and obfuscation techniques. The class will also cover detailed demo and hands-on sessions for exploiting Android Component, third-party libraries and Android NDK. Topics also include mitigating the known vulnerability classes.
The course covers the use of powerful tools, including IDA Pro, Hopper, and Frida, for debugging, hooking, and exploiting applications. Students will learn manual and automated methods for bypassing exploit mitigations and gain the skills necessary to perform 1-click exploits on Android mobile apps. The course provides a detailed walkthrough of these tools and techniques, including how to use them to uncover hidden functionality, identify and reverse engineer complex algorithms, and perform code analysis.
In addition to the technical aspects of the course, students will also gain an understanding of the overall landscape of mobile security, including the most common attack vectors, mitigation techniques, and the role of mobile security in the larger context of information security. By the end of the course, students will have a comprehensive understanding of the tools, techniques, and best practices used by Android security professionals.
This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with Android internals and application security. Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access, and Cloud servers will be provided to students during the duration of the training course. Students will be provided access to a Slack channel where the trainers will help prep them for the class, and the students can retain access to it for the foreseeable future.
Who Should Take This Course
This course is for vulnerability researchers, penetration testers, mobile developers, or anyone keen to learn more about the Android operating system.