Offensive Android Internals from 8kSec LLC

Offensive Android Internals

This in-depth and immersive three-day program offers participants an opportunity to enhance their understanding of Android Internals, Reverse Engineering as well as Android Application Exploitation. It provides a broad understanding of Android system architecture, covering topics such as Android Drivers, Modules, Linux Kernel, and the Android Binder. Participants will gain hands-on experience in reverse engineering, exploit development basics for the ARM platform, and deep dive into memory management and related vulnerabilities.

The course also covers Android's boot, recovery, rooting processes, and permissions, along with security features like DAC, CAP, SECCOMP, and SELinux. For a practical learning experience, the course covers how to extract and decrypt boot images for Android devices. The course covers hands-on exercises for symbolicating the Android kernel and porting exploits to other Android devices. Advanced Frida techniques such as custom tracing, profiling, and memory inspection are explored with real-world applications. Case studies on prominent malware and custom malware samples designed for the course shed light on reverse engineering and advanced forensics techniques. Application Security related vulnerabilities occurring due to Android components are also covered as a part of the course. The training also includes hands-on learning using vulnerable applications created for the course, and a wide range of real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications.

Course Overview

Overall Proficiency Level

1 - Basic

Course Prerequisites

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pen testing fundamentals
Basic working knowledge of Android platform
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, C, C++, or similar)
Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required

Training Purpose

Functional Development

Skill Development

Specific Audience

All

General Public

Federal Employee

Academia

Contractor

Delivery Method

Online, Instructor-Led

Online, Self-Paced

Online, Instructor-Led
Online, Self-Paced

Learning Objectives

Understand the Android System Architecture and AOSP source code
Learn about Android Tracing
Grasp Android Boot, Recovery, and Rooting processes
Get an understanding of latest ARM64 instruction set, dynamic memory management and related vulnerabilities on the ARM platform
Acquire skills in ARM Reverse Engineering and exploit development
Learn how to customize and build Android Kernel for Vulnerability Research
Gain knowledge about Android Platform Permission, DAC, CAP, SECCOMP, and SELinux
Develop practical skills in fuzzing applications and processes on Android devices
Overview of Kernel protections and bypasses
Reverse engineering Android binaries (Apps and system binaries)
Get PoC applications to perform 1 click exploits on Mobile apps
Get an intro to common bug various bug categories on Android systems
Learn to audit Android apps for security vulnerabilities
Understand and bypass anti-debugging and obfuscation techniques
Get a detailed walkthrough on using IDA Pro, Hopper, Frida, etc.
Learn how accessibility malwares work, and how to reverse engineer well-known crypto wallet stealers
Learn how to symbolicate the Android kernel
Learn how to extract and decrypt boot images for Android devices
Become a Certified Android Security Researcher (CASR)

Framework Connections

Oversight and Governance

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.