$1,800 – $3,000

Android Internals for Cybersecurity Engineers and Platform Builders

Event Information

Share this event

Date and Time

Location

Location

Hilton San Diego Bayfront

1 Park Blvd

San Diego, CA 92101

View Map

Refund Policy

Refund Policy

Refunds up to 30 days before event

Eventbrite's fee is nonrefundable.

Event description

Description

In this comprehensive hands-on course, developed and taught by world class Security and OS Internals expert Ron Munitz, you will learn Android security at all possible levels, from the bootloader, through building Secure Applications, and via the end-user security and Enterprise Mobility Management. We will learn to harden both the Operating System (for device builders), and the application code itself, to protect both the organization’s Intellectual Property and the user’s personal data , and will also learn to take advantage of Android Provisioning services to support an IT manager perspective. The course is intended for developers, or former developers with practical Java experience. No previous Android experience is required, but it is highly recommended.

Note: The course is based on the Android Pie, and Q-preview versions. Earlier versions can be targeted without additional cost, upon customer request.

Group discount: for groups of 4 or more. Contact us for more details (significant savings!).



Instructors's note: Why should you REALLY take the opportunity to take this course:

Wheter you are a platform engineer, or a security researcher, you will learn how the Android system is built from bottom to top (intentional order), leaving no questions unanswered, and no stones unturned. It is your opportunity to learn by doing from a recognized expert in both Android and embedded Linux security, who has helped many organizations in building and securing their Android devices, including his own startup which developed a display protocol and a remote Android solution.

The course is organized in San-Diego as I was requested by several people to organize an Android Internals class, and I am in the area for the Embedded Linux Conference. This is the first time we organize a public enrollment course in San Diego, so the first registrants will have a good chance at affecting the outline, and deciding whether the focus would be more on Security concerns (and if so, wheter it will be more on platform features and further hardening techniques or on offensive techniques) or on Android Porting, debugging and optimization.

If you asked me why to take this course particularly with me I would tell you - I do Android Internals, and I do security. I also happen to be a professional trainer, and also happen to be VERY FLEXIBLE and sort of consult you as part of the training. You don't get a lot of those, and I do happen to do work for one of the biggest training organization in the world (the Linux Foundation).


If you think you are interested in this course, but still not sure if the course is for you - send me a line at ron AT thepscg.com , and I will do my best to honestly tell you if you should or should not attend the course.


Course Outline and Details:

Duration:

5 Days

Objectives

Upon completion of this course, you will be able to:

  • Understand the state of mind of a security researcher/attacker in the world (not necessarily in Android, but also)

  • Understand how to build and work efficiently with the Android Platform

  • Understand how to find anything you want in the source code

  • Understand what security mechanisms are available at all levels, and why

  • Understand how to better attack and better defend Android related platforms

  • Get answers to things you need in your day to day code which are embedded/Android Internals/Android security related


Target Audience

Mobile Developers, Android Porting engineers, Integration Engineers, IT Managers, Security Personnel with Java experience, Security Researchers, Embedded Linux engineers/researchers tasked with Android related work.

To take this course, you must have practical software development experience, and feel comfortable about getting into new concepts and programming languages.
In particular, you must have a working knowledge of Java or Kotlin and C or C++.
Android development experience is recommended, but experienced Linux developers or Cybersecurity researchers new to Android would also benefit significantly from the course.

The reason why C and Java are essenttial for the course is that you would not be able to handle the exercises without them (although you will be able for most of the tasks to walk through the solutions).


Outline

  • Introduction to Security

    • Introduction to Security

    • Legacy and modern threats

    • Physical and Hardware Security

    • Cyber Security terminology

    • Real-time attack map demonstration. Why and who should be worried.

    • Present-time attack vectors

    • Present-time defense solutions

    • The Security Process

    • Introduction to Threat Modeling

    • Incident Response in Enterprises

  • Binary Exploitation Overview

    • Motivation: Exploit Piggy-backing on Higher Level Technologies

    • Buffer Overflows and stack smashing attacks

    • Shellcode construction

    • String format errors

    • Integer overflows

    • Heap overflows and heap spraying techniques, memory corruption and double free attacks

    • Understanding dynamic library and hooking injection attacks, misusing LD_PRELOAD

    • Compiler and Operating System mitigation techniques

    • Return Oriented Programming and mitigation techniques

    • Understanding combined data leak attacks

    • Piggy-Backing revisited: Attacks on PDF, Flash, JavaScript, WebKit, Email, Images, Video Payload, Applets, JVM.

  • Web Application Security

    • Web Application Architecture

    • The OWASP top 10 vulnerabilities

      • A1-Injection

      • A2-Broken Authentication and Session Management

      • A3-Cross-Site Scripting (XSS)

      • A4-Insecure Direct Object References

      • A5-Security Misconfiguration

      • A6-Sensitive Data Exposure

      • A7-Missing Function Level Access Control

      • A8-Cross-Site Request Forgery (CSRF)

      • A9-Using Components with Known Vulnerabilities

      • A10-Unvalidated Redirects and Forwards

      • OWASP top 10 Labs: (Vulnerability identification/exploitation/fix)

  • Cryptographic Risks

    • The Problem With Passwords

      • Using Weak Passwords

      • Password Iteration

      • Default Passwords

      • Password Replay Attacks

      • Stop Storing Plaintext Password

      • Rainbow Tables Explained

      • Too Much Information -­ Invalid User or Password

    • The Problem With Random Numbers

    • PRNG, CRNG and TRNG

    • Find Code That Use Incorrect RNG

    • Determine Properly Seeded CRNG

  • The Problem With Crypto Algorithms

    • Roll Your Own Algorithm

    • Using The Wrong Algorithm

    • Forgetting The Salt

    • The Difference Between Authentication, Encryption and Temper-­Proofing

    • Algorithms Are Not Future­-Proof

  • Network Protocols Security

    • The 5/7 Layers Models

    • Network Traffic Risks

    • Network Authentication and Protocols

    • Further traffic sniffing: Wireshark, Charles Proxy, Burp Suite and ZAP.

  • Trusted Execution Environments

    • Motivation and definitions of Secure vs. Normal worlds

    • Terminology: TPM, TEE, SE

    • Use cases

    • Introduction to ARM TrustZone

    • Secure World OS implementations

  • Android Overview - Design considerations

    • Android History

    • The android ecosystem: Partners, Entities, Design, Approach, Licensing.

  • Android Overview - Bottom up discussion

    • Hardware overview: What makes an Android device.

    • Linux Kernel boot process and provided functionalities

    • Native User Space: Init services, daemons, executables and libraries

    • Enabling Java (Dalvik + ART)

    • JNI bridge layer

    • Java OS Layer (Android Frameworks)

    • Application (APK) Structure

    • System Applications

    • User Applications

    • Google Play Services

    • Android IPC terminology by example: Browser, Maps.

    • Introduction to working with the AOSP: How and where to find what.

  • Android Platform Security

    • Linux driven security sandbox

    • OS and binary protection and exploitation: ASLR, PIE, DEP, RoP et. al.

    • Android hardware related permission enforcement

    • SELinux on Android

    • Data partition forensics protection via Internal and external storage encryption

    • Secure Boot

    • Android Signature model and verification:

      • Platform keys and platform app signing. Google, OEM’s and integrators.

      • Third party (and play store) application signing.

      • APK signing v1 vs. v2 and v3.

    • Android application sandbox: Single and multi physical user.

    • Android Permissions:

      • Pre-Marshmallow (API Level < 23)

      • Post-Marshmallow: User policies, user responsibilities, application developer responsibilities, dynamic permission checking and revocation.

      • Defining custom permissions, restricting Application components (Activity, Service, Content Provider, Broadcast Receiver)

    • Android Security Patches

    • Android Nougat additions

    • Android Nougat native linker changes

    • Android Oreo additions

    • Android Oreo native linker changes

    • Android Pie additions

    • Android Oreo and Project Treble HAL and Kernel restrictions, and system/vendor separation

    • Android Linux Kernel Hardening Features

    • Secure Boot cont. - Android Verified Boot v2

    • Android Pie SELinux domain refinements

  • Security terminology and real-life attacks, “breaking Android”:

    • Glossary attack vectors, attack surfaces, vulnerabilities and exploits.

    • Privilege escalation attacks - theory and practice

    • Dynamic code loading attacks and mitigation

      • Native code

      • Java code via DexLoader

      • Live (on device) code scanning techniques using the PackageManager

    • Binary exploitation and device rooting

    • Remote exploitation and DoS attacks

    • Signature based attacks

    • SE Linux discussion

    • On device Anti-Virus and Anti-Malware building techniques

  • Penetration Testing and Dynamic Analysis

    • Android “debugging”: Introducing am, pm, wm, service, procfs, sysfs and friends.

    • Android Penetration testing tools

    • Finding exposed application components

    • Android fuzzing tools by example: fuzzing the Stagefright framework

    • Penetration testing and exploitation with drozer/metasploit

    • Project Treble HAL/Kernel interface fuzzing

  • Reverse-Engineering Applications and Static Analysis

    • Android application installation process, paths, optimized bytecodes, ELF types

    • Dalvik bytecode structure and ART binary format

    • Decompiling/disassembling ART and Dalvik based files.

    • Rejoining and decompiling /disassembling optimized byte code.

    • Unpacking APK resources, repacking, resigning.

    • Disassembling vs. Decompiling: Tools and strategies: where to spend your time?

    • Survey of open source and commercial tools and analyzers.

    • Off device Anti-Virus and Anti-Malware building techniques

  • Android Application Secure Coding I: Code and app behavior

    • Code protection techniques: Obfuscation, stripping, encryption, anti-tampering techniques. Native code techniques with NDK, gcc, and clang.

    • SQL Injection and protection from it.

    • Manifest level component access control

    • SELinux and Middleware MAC

    • IPC level runtime component access control

    • Webview and Javascript protection/restriction best practices for hybrid apps

    • Protecting from other applications, protecting from user judgement

    • Dynamic loading attack prevention (DEX, .so and .js)

    • Dynamic permission control best practices

    • Introduction to Android cryptography: BouncyCastle, BoringSSL

    • Protecting WebView code

    • Security Provider live-patching using ProviderInstaller

    • Static Analysis Checklist - using the Android lint tool (and other commercial tools)

  • Android Application Secure Coding II: Securing User and Application data.

    • Android Storage layout - what’s open and what’s not.

    • SQLite inspection and protection with CQLCipher

    • Introduction to applied cryptography

      • Cryptography goals: Authentication, Integrity, Encryption.

      • Symmetric and Asymmetric cipher suites

      • Key generation techniques and trade-offs

      • Software vs. Hardware based techniques.

    • Android Applied cryptography

      • Protection models (Encryption vs. Authentication)

      • Software based protection via software based cryptography

      • Hardware based protection via the keystore

      • Hardware based authentication via Fingerprint API

      • Timed authentication via gatekeeper

      • Data encryption - protection and optimization.

  • Android Application Secure Coding III: Secure Network Communications

    • Network privacy dangers: Packet sniffers and interceptors. MITM attacks.

    • Certificate Authority (CA) Chain of trust: A solution and the introduced problems

    • Secure communication with TLS/SSL

    • Encrypted network privacy dangers: Sniffers and interceptors. MITM attacks.

    • CA management in Android: Platform and application management

    • Custom TrustManager’s and Certificate pinning

    • IP layer security teaser, VPN (more in the Android For Work section)

    • Clear-Text opting out and TLS enforcing

    • Network Security Configuration (Nougat, Oreo, Pie)

  • Enterprise Mobility Management: Android Enterprise (formerly: Android for Work)

    • Enterprise Mobility Management (EMM) - definition and market survey

    • EMM: The IT manager vs. the private user

    • Company Owned Devices definitions and use cases

    • Device administration APIs - an IT manager biased arsenal

    • Work profiles - the compromise between the IT and the user.

    • Application restrictions

    • Device provisioning: Apps, networks, etc.

    • Per platform and Per app Virtual Private Networks (VPNs)

Share with friends

Date and Time

Location

Hilton San Diego Bayfront

1 Park Blvd

San Diego, CA 92101

View Map

Refund Policy

Refunds up to 30 days before event

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved