Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

ONLINE REGISTRATION CLOSES OCT 13TH AT 23:59 MYT

           

Walk in registrations at The InterContinental for the conference on 16th and 17th are still accepted (walk-in rate MYR1499).

For up-to-the-minute updates on #HITB2013KUL including on-site happenings during the event, please follow @hitbsecconf on Twitter.

TECH TRAINING 8 – THE ANDROID EXPLOIT LAB

TRAINER: Saumil Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates Bhd.)

CAPACITY: 20 pax

SEATS LEFT: COURSE CANCELLED

DURATION: 2 days (14th & 15th October 2013)

COST (per pax): MYR4999 (early bird) / MYR5999 (non early-bird)

OVERVIEW

TBA

KEY LEARNING OBJECTIVES

  • - Understanding various Android defense mechnism

    - Techniques available in breaking some of the defense mechnism

    - Exploiting memory corruption bug in Android

    - Debugging process in Android

    - Building a remote exploit for Android

    - Jailbreaking android devices

    - Rebuild kernel and ROM

    - Using IPTables and changing permission of APK

WHO SHOULD ATTEND

Mobile Penetration Testers, Infosec Professional and anyone Interested in Android Mobile Exploitation and defense.

PREREQUISITES

- Have a working knowledge of Unix operating systems
- Not be allergic to command line tools.
- Use vi/pico/joe editors.
- Have a working knowledge of shell scripts, cmd scripts or Perl.
- Understanding of C programming would be a bonus.

COURSE AGENDA

DAY 1

- Android fundamentals
o Introduction to Android
o Introduction to ARM
o Android Architecture
o Android Security Architecture
o Permission model
o Application Sandboxing
- Setting up Development tools
o Android SDK
o ADB and logcat
o GDB debugging
- Programming Android
o Eclipse
o Android Studio
- Case study
o Vulnerabilit in Webkit
o Remote debugging
o ARM Shellcode
o Remote exploit in Android

DAY 2

- Android Kernel
o Jail breaking
o Local exploit
o Recompiling kernel
o Adding feature to Android Kernel
- Android ROM
o Rebuilding ROM
o Deodexing
o Adding feature to Android ROM
- Breaking Android Permission
o Changing permission
o Intent mis-use
o Back-dooring APK
- IPTable and Android protection
o Configure IPtable of android
- Mobile forensics
o Extracting data from android phone
o Recovering deleted data

HARDWARE / SOFTWARE REQUIREMENTS

- A working laptop with the following hardware/software requirements:
- Intel(ish) X86 hardware required
- 512MB RAM required, at a minimum, 2GB preferred, and anywhere in between shall be tolerated
- Wired 10/100 Network card (no wireless network in class)
- 12 GB free Hard disk space
- Operating Systems (one of the following)
- Windows XP SP2/SP3 or Windows 7
- Administrator access MANDATORY
- Ability to disable Anti-virus / Anti-spyware programs
- Ability to disable Windows Firewall or personal firewalls
- Active Perl 5.8 or above from activestate.com
- An SSH client, such as PuTTY
- Firefox browser

OR

- Linux kernel 2.4 or 2.6
- Kernel 2.4 or 2.6 required
- Root access mandatory
- Ability to use an X-windows based GUI environment
- Perl 5.8 should be available
- SSH should be available

ABOUT THE TRAINERS

SAUMIL SHAH

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

SK CHONG

S.K. (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools in his penentration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing against banks, ISP and goverment agencies. These experiences help him wrote a few security whitepapers on SQL Injection, Buffer Overflow, Shellcode and Windows Kernel stuff, including one of which published in Phrack E-zine #62. His researches was presented in Blackhat (Singapore) 2003, HITBSecConf2003 – Malaysia, RuxC0n2004 (Australia), XCon2004 (China) and many other security conferences.

EVENT ORGANIZER

SUPPORTED AND ENDORSED BY

TITANIUM SPONSOR (SPEAKERS RECEPTION + POST CONFERENCE RECEPTION)

GOLD SPONSORS

SILVER SPONSORS

CTF SPONSOR

CTF PRIZE SPONSOR

INTERNET CONNECTIVITY PARTNER

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HackWEEKDAY Official Ride Partner

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2013 Hack In The Box | http://www.hackinthebox.org