by Kartik Lalan (@kartiklalan) on Friday, July 29, 2016

+6
Vote on this proposal
Status: Confirmed & Scheduled
View session in schedule
Section
Workshop

Technical level
Intermediate

Media

Abstract

Security implementation from OS level, extending till App level security, covering best practices for making applications. Focus on how Security has been implemented from OS side, how certain vulnerabilities are exploited and what mistakes do app developers do which can be exploited. This will be a hands-on session, which will involve introduction to OS from scratch and will cover advance topics which followers can easily grasp.

Patern of workshop will be initial introduction to new concepts, then implementing them and Small challenges will be offered so that participants can relate with real world scenario.

Outline

Intended for Android Developers, Team-Leads, Architects, Security Engineers.

Concepts like Keystore, Rooting Detection, MSF Shell code, Reverse Engineering app, ADB commands, App ID - Sandbox, Signing Apps, etc.

Requirements

Hardware - Laptop running MAC/Linux/Windows + Rooted Android phone/Tablet or even emulator will work

Software -

Below link contains setups needed during workshop - supporting Windows/Macintosh host, same will be available for Linux over the Internet.

(Mandatory) https://drive.google.com/drive/folders/0B5W6CghYLo25UWhma1lfeUMyYUU?usp=sharing

(Mandatory) Also make sure to have Android Studio with Virtual Device ready (refer- http://nestedif.com/android-environment-tools/creating-new-android-virtual-device-emulator-using-android-studio/ also enable virtualization from BIOS + download HAXM from AVD Manager https://www.youtube.com/watch?v=7ek1ZPqZEWw )

Oracle Virtual Box https://www.virtualbox.org/wiki/Downloads with KaliLinux OS https://www.kali.org/downloads/ configured ​to try reverse shell.​

Speaker bio

A Computer Science graduate, working on Android & Info-Security. I also write technical Blogs in leisure time - www.nestedif.com. M.Tech. in CS with Specialization in Information & Network Security. Prior to my M.Tech. I have been working as Android Developer. Currently working as Security Engineer at Security Centre of Excellence - Philips Innovation Campus. I am much interested in exploring out of box exploits.

Conduct Frequent talks and workshops on Android and Info.Sec at several places including OWASP - Null Bangalore Chapter.