[themeum_title position=”left” title=”Technical Training IV” size=”28″ title_weight=”600″ subtitle=”Practical Android App Reversing and Web Hacking” subtitle_size=”26″ subtitle_weight=”500″]

Training Outline:
More often than not, the android app that you use have access to a backend application or API residing somewhere on a remote server accessible via web. Be it games, ride sharing apps, shopping apps, or whatever type of app there is, the app will send and receive data to/from its backend system, and these systems can be hacked !

This 2-day course teaches practical techniques for reversing various types of Android Application, and hacking into modern web backends through various vulnerabilities such as SQLi, LFI/RFI, XSS, IDOR, XXE, Deserialization, Broken Authentication, and may more. Participants will be exposed to both static and dynamic analysis techniques for reversing Android Apps, and methods to analyze backend systems/API for vulnerabilities and ways to exploit them. Towards the end of the course, there will be a mini CTF where they can test their newly acquired skills to hack !

Day 1

Android Reversing
   – Android execution model
   – Disecting Dalvik App and Native components of APKs
   – Static Analysis
   – Dynamic Analysis
   – Data Storage
   – Network inspection and analysis
   – Network traffic interception and manipulation
 Hacking Android Web Backend (part 1)
   – Bruteforcing
   – SQLi (union, blind sqli)
   – XSS
Day 2
Hacking Android Web Backend (part 2)
   – LFI/RFI
   – IDOR
   – XXE
   – Deserialization
   – misc attacks.
 Mini CTF
   – hacking complete android app and backend system
Requirements:
  • Equipment: A laptop capable of running VMs smoothly (no netbook please), WiFi network connectivity.
  • Knowledge: Basic knowledge of Linux, JAVA, Javascript, and Web Application programming
[themeum_title position=”left” subtitle=”Your Trainer” subtitle_size=”26″ subtitle_weight=”500″]
[themeum_handpick_speaker_listing speakers=”dr-syed-zainudeen”]