Attack and Defend Android Applications (Virtual)

This course focuses on the Android application ecosystem covering both the offense & defense of the application development process. We start with attacks, covering various possible attacks on Android applications. Then we provide solutions to various challenges routinely encountered by Android security engineers and pen testers:

• Traffic interception (HTTP/HTTPS/web socket/non-HTTP)

• Root detection bypass

• Static & dynamic analysis

• Perform dynamic instrumentation (Frida / Magisk)

• Analyzing non-Java/ Kotlin apps (React Native, Xamarin and Flutter)

Next, we shift gears and focus on defending the applications, and major areas covered are:

• Application Threat Modeling

• Identifying weaknesses

• Adding Security into CI / CD Pipeline for the application

• Analysis of the results

• Defense in Depth Design Techniques

The aim is not to create a "zero to hero" experience, but to provide a methodical approach with which the participants could perform any Android application assessment. We provide students with access to learning portals, cloud VM's, a soft copy of slides, detailed answer sheets as well as AMI's to continue learning after class.