Technical Training IV

Practical Android App Reversing and Web Hacking

Training Outline:
More often than not, the android app that you use have access to a backend application or API residing somewhere on a remote server accessible via web. Be it games, ride sharing apps, shopping apps, or whatever type of app there is, the app will send and receive data to/from its backend system, and these systems can be hacked !

This 2-day course teaches practical techniques for reversing various types of Android Application, and hacking into modern web backends through various vulnerabilities such as SQLi, LFI/RFI, XSS, IDOR, XXE, Deserialization, Broken Authentication, and may more. Participants will be exposed to both static and dynamic analysis techniques for reversing Android Apps, and methods to analyze backend systems/API for vulnerabilities and ways to exploit them. Towards the end of the course, there will be a mini CTF where they can test their newly acquired skills to hack !

Day 1

Android Reversing
   – Android execution model
   – Disecting Dalvik App and Native components of APKs
   – Static Analysis
   – Dynamic Analysis
   – Data Storage
   – Network inspection and analysis
   – Network traffic interception and manipulation
 Hacking Android Web Backend (part 1)
   – Bruteforcing
   – SQLi (union, blind sqli)
   – XSS
Day 2
Hacking Android Web Backend (part 2)
   – LFI/RFI
   – IDOR
   – XXE
   – Deserialization
   – misc attacks.
 Mini CTF
   – hacking complete android app and backend system
Requirements:
  • Equipment: A laptop capable of running VMs smoothly (no netbook please), WiFi network connectivity.
  • Knowledge: Basic knowledge of Linux, JAVA, Javascript, and Web Application programming

Your Trainer

Dr. Syed Zainudeen
Dr. Syed Zainudeen
Lecturer
Dr Syed Zainudeen Mohd Shaid has been in the security industry for more than 10 years. He has authored several ...