During the weekend I participated as a speaker at the Blacks in Cybersecurity Winter Conference. This conference was online, and was a GREAT experience. I learned a lot of information and was able to meet with a lot of people and recruiters.
Anyway, my training today (Saturday February 6, 2021) was on reversing an Android application. In my training I talked about how apps are not safe by showing case studies (as recent as last week!) along with describing the components of an Android app. Next, I talked about how to reverse an Android app and how to do dynamic analysis using Frida. I finished the course by having a lab where I put all of the pieces together with the UnCrackable-Level1.apk.
Note – The virtual machine we’re using for this training is one that I created. The VM is titled, IntroToAndroidSecurity version 1.1.2. This VM has the common tools for Android Hacking in one place. I also included insecure Android apps in the virtual machine as well for participants to continue their learning/growth in mobile security. For the training I also used an Android emulator (Androidx86). I did this as I wanted all the participants to be on the same playing field. If we were doing mobile security as a job, we would want to have a real physical device.
Without further ado – here are my slides from the training.
Also, if you want to download the virtual machines (IntroToAndroidSecurity and Androidx86) from my training go to my Source Forge link here.
Note – Click on the External Links tab to get the VMs.
I am also including the documents I created for this training as well –
To set up the mobile lab, you will need the first two documents. I included the third document just in case the second document (importing Androidx86) does not work.
Document 4 is the walkthrough of the lab that I completed during the training.