Title: Hacking the Android APK

Instructor: Ben Hughes, Liana Parakesyan, & Mattia Campagnano

Abstract: Summarize what your training will cover, attendees will read this to get an idea of what they should know before your training, and what they will learn after. Use this to inform about how technical your class is, what tools will be used, what materials to read in advance to get the most out of your training. This abstract is the primary way people will be drawn to your session.

This cross-discipline, hands-on training will walk participants through Android application testing and APK reversing basics. The tools and techniques imparted in this training will help guide APK analysis, mobile threat research, and mobile application penetration testing. Free and open source tools will be emphasized, while recognizing the potential role of commercial tools in static and dynamic analysis of APKs. The training will conclude with a CTF-style competition requiring participants to use their new skills to dissect actual Android applications including malicious APKs, intentionally vulnerable APKs, and custom APKs. An entry-level Android device will be provided to each participant to use during the class and CTF depending on class size.

Level: Beginner/Intermediate

Pre-Requisites: Previous mobile development or general pen testing experience is helpful, but not required.

Required Materials: Students will need to bring their own Windows/Linux/macOS laptop with 8+ GB RAM, WiFi, USB, and VirtualBox or VMware installed. A VM will be made available to attendees for download before class, as well as available on USB flash drives at the start of class. Physical, rooted Android test devices will be available for use by students for the duration of the training (depending on class size).