Smart-phones, tablets and portable gadgets have become a must-have for everyone for personal as well as official use. As people have started utilizing these devices to frequently access the Internet, read important documents, carry out financial transactions and so on and so forth, the bad guys have realized the shift and have started to focus on exploiting these platforms for their gains. There has been a lot of advancement in mobile malware and exploitation research.

These devices are computers running various operating systems on ARM processors with hardware for telephony, wifi etc.

ARM Android Xploitation Primer takes up one of the finest operating system used for these devices I.e. Android as the ARM based platform for the training and takes a deep dive into ARM assembly, Android Native development components, buffer overflows and shellcoding. The training introduces the attendees to the ARM Android platform including the intrinsic technical details and security issues using a balanced proportion of theory and extensive hands-on and exercises. It provides a base for the attendees to develop security research expertise on the ARM based platforms beyond the conventional Android application security testing skills.

• Introduction to Android

• What is Android?
• The architecture
• Getting the Android source
• Setting up the environment

• Android Native Dev primer

• ADB
• NDK
• Compiling C code
• Assembly code
• Execution
• Debugging

• Android ARM Assembly primer

• ARM overview
• Processor Modes
• Registers
• Instruction set
• Stack implementation
• System call convention
• Procedure call convention
• Exercises

• ARM Shellcoding Primer

• Introduction
• System interaction
• Relative addressing
• Four byte Hell!
• Null byte Hell!
• ARM THUMB and the finger
• Exercises

• Indroid - Code Injection

• Introduction
• Borrowing from Windows
• Linux Ptrace
• Library Injection
• Indroid
• Memory Allocation and Execution
• Threadification
• Payload
• The API
• Putting it all together i.e. DIY injection

• ARM buffer overflow primer

• Buffer overflow 101
• The ARM/Linux stack
• Stack overflow
• Controlling the flow of execution
• Ret2Libc
• Exercises

Aseem Jakhar

is the Director, research at Payatu Technologies Pvt Ltd http://payatu.com a boutique security testing company. He has extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including IBM ISS Proventia UTM appliance, Mirapoint messaging/security appliance, anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He is an active speaker at security and open source conferences; some of the conferences he has spoken at include AusCERT, Defcon, Hack.lu, Blackhat, Xcon, Cyber security summit, Cocon, OSI Days, Clubhack, Gnunify. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit - Jugaad and Indroid which demonstrate a stealthy malware infection technique. He is well known in the hacking and security community as the founder of null - The open security community, registered not-for-profit organization http://null.co.in , the largest security community in India and the founder of nullcon security conference http://nullcon.net.

1 day (8 hrs)

• Bring your own laptop
• 15+ GB free hard disk space
• 2+ GB RAM
• VirtualBox installed on the system

Pre-requisite

Who should attend?

What to Expect

What not to Expect