null Global Committee elections are coming up! See the election repository for more information.

Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Foundations of Android Hacking by Sunita
  • Advanced Exploitation and Secure Coding by Sunita
Note: The session details including schedule are available below.

Android Hacking Workshop

Workshop Overview

Welcome to the Android Hacking Workshop at NULL Bangalore! This hands-on session is designed for security enthusiasts, penetration testers, and developers who want to dive deep into the world of Android security. Throughout the workshop, participants will explore various vulnerabilities in Android applications, learn exploit techniques, and understand best practices for securing Android apps.

Agenda

1. Introduction to Android Security

  • Overview of the Android operating system architecture.
  • Understanding Android app components: Activities, Services, Broadcast Receivers, and Content Providers.
  • Introduction to Android security features and model.

2. Setting Up the Environment

  • Tools and software required for Android hacking.
  • Setting up Android Studio and the Android emulator.
  • Introduction to popular Android hacking tools: APKTool, JADX, Burp Suite, Frida, and MobSF.

3. Reverse Engineering Android Applications

  • Extracting APK files from devices and emulators.
  • Decompiling APK files using JADX and APKTool.
  • Analyzing decompiled code to find vulnerabilities.

4. Static Analysis

  • Understanding AndroidManifest.xml and its significance.
  • Identifying insecure permissions and components.
  • Analyzing code for hardcoded secrets, insecure configurations, and potential vulnerabilities.

5. Dynamic Analysis

  • Setting up Burp Suite for Android app traffic interception.
  • Using Frida for dynamic instrumentation.
  • Hooking methods and manipulating app behavior at runtime.

6. Exploiting Common Vulnerabilities

  • Exploiting insecure data storage (e.g., SharedPreferences, SQLite databases).
  • Bypassing root detection mechanisms.
  • Exploiting insecure communication (e.g., HTTP vs. HTTPS, certificate pinning bypass).
  • Exploiting WebView vulnerabilities.

7. Advanced Exploitation Techniques

  • Analyzing and exploiting native code vulnerabilities.
  • Using custom scripts with Frida for advanced exploitation.

8. Secure Coding Practices

  • Best practices for securing Android applications.
  • Secure data storage techniques.
  • Implementing secure communication protocols.
  • Protecting against common vulnerabilities like SQL injection, XSS, and CSRF in Android apps.

9. Capture the Flag (CTF) Challenge

  • Applying the skills learned during the workshop in a hands-on CTF challenge.
  • Participants will work in teams to identify and exploit vulnerabilities in a provided Android application.

Requirements

  • Basic understanding of programming (preferably Java or Kotlin).
  • Familiarity with mobile application development concepts.
  • Laptop with at least 100 GB of free hard disk space and VirtualBox 7+ installed.
  • Bring your own laptop with the following installed:
    • Android Studio
    • Burp Suite
    • Frida
    • JADX
    • APKTool
    • MobSF

Takeaways

By the end of this workshop, participants will have a solid understanding of Android security, be able to identify and exploit common vulnerabilities, and implement best practices to secure Android applications. Participants will also gain hands-on experience through practical exercises and a CTF challenge, enhancing their skills and knowledge in Android hacking.

Date Sunday September 01 2024
Chapter Bangalore
Registrations 37
Max Registrations 40
Event Type Invite Only
Start Time 09:30 AM
End Time 06:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
Foundations of Android Hacking Sunita 09:30 AM 12:30 PM
Lunch 12:30 PM 01:30 PM
Advanced Exploitation and Secure Coding Sunita 01:30 PM 05:00 PM

Venue


This is an invite only event. If you are selected you will receive further information via e-mail.