Course Description

If you at any point of time in your career or academia surfaced information security, you know for a fact that security analysis is not only about thorough understanding of a system but also includes a good list of tools and techniques to analyze that particular system. Unlike network and web, mobile security is a recent phenomenon. In order to analyze mobile application, one should understand the underlying architecture, security model, development frameworks and the relevant tools.

This course deals with applications within the most widely used mobile OS, Android. The course introduces underlying Android architecture, its permission model and the default security measures in place. It deals with developer tools like Eclipse, Android Studio, Android Debug Bridge or ADB, UI Automator and Monkey Runner, along with tools and techniques for Network Analysis.

As a part of reversing and malware analysis, static and dynamic techniques have been discussed. Pentesting an Android App is has also been discussed. Issues like unintended data leakage, insecure data storage and tools like Burp Intruder & Metasploit have also been covered. The course concludes by discussing Android best practices for security.

To conclude, this course deals with Android security concepts and discusses the relevant tools in detail to exploit an Android application.

Blockchain Instructor & Consultant

Toshendra Sharma

Toshendra Sharma is the founder & CEO of RecordsKeeper, a Blockchain-based data security company & also the founder of Toshblocks, A Blockchain Consulting, Development & Training Company.Earlier, he founded Appvigil (Wegilant) in Nov 2011 while pursuing my Masters in Application Security from IIT Bombay, India. Appvigil is the Mobile App Vulnerability Scanner on Cloud. He was heading the team as CEO. The company has won many awards & accolades under his leadership.He is a well-known instructor & speaker in Blockchain space and taught more than 10,000 students worldwide spread in 145+ countries.He has also worked on cryptocurrencies, ethereum-based coins & ICO projects for many companies & individuals.He was the part of Forbes India 30Under30 List of 2016 in Technology space.

Course curriculum

  • 1

    Introduction

    • Importance of information security

    • Mobile First and State of the Art Product Design

    • Need for mobile security and owasp top 10 mobile risk

    • Basic Terminologies in Information Security

    • About CIA Triad

    • Introduction to Cryptography

    • Hashing and Digital Signature

    • PKI and Digital Certificates

    • SSL/TLS Protocol and Handshake Process

    • DoS and DDoS

    • AAA Concept

    • Password Security

    • Access Control
  • 2

    Android Architecture & Security Model

    • Intro to android

    • Android booting process

    • Android architecture

    • Android data structure and file system

    • Android logging system and logcat

    • Android Apps

    • Android security model

    • Android permission model

    • Security compliance wrt android framework and java

    • Google bouncer
  • 3

    Getting Familiar with Android Developers Tools

    • Eclipse ide and andorid studio

    • Android debug bridge

    • UIAutomator and Monkeyrunner
  • 4

    Interacting with Android Device

    • Difference between an emulator and device

    • Interacting with android device using usb

    • SSH

    • VNC

    • Rooting an android device

    • BusyBox
  • 5

    Android Network Analysis

    • Setting up proxy for Android emulator

    • Setting up proxy on Android device

    • Installing CA Certificate

    • MITM and SSL MITM attacks PART 1

    • MITM and SSL MITM attacks PART 2

    • Data Manipulation
  • 6

    Android Reverse Engineering & Malware Analysis

    • Apk in a nutshell

    • Introduction to reverse enginnering of android app

    • Reversing the source code

    • Reverse engg using apktool

    • Introduction to android malwares

    • Dynamic vs static

    • Static analysis of android malware

    • Introduction to android tamer

    • Dynamic analysis with droidbox

    • Dynamic analysis of android malware
  • 7

    Android Application Pentesting & Exploitation

    • Intro to android app pentesting

    • Fuzzing android app with burp suite

    • Fuzzing android app with burp intruder

    • Attacking authentication

    • Content provider leakage

    • Clientside injection

    • Shared prefs

    • Sqlite database

    • Unintended data leakage

    • Broken cryptography

    • Automated sec assessment using drozer

    • Metasploit exploit
  • 8

    Android Device & Data Security

    • Protecting your android device

    • Bypassing Android locks

    • Android data extraction
  • 9

    Using Android as Pentesting Tool

    • A look into commonly used hacking and penetration testing android apps

    • PWN Pad on Nexus 7

    • Kali linux on Android
  • 10

    Conclusion

    • Android Security Practices

    • Course summary and revision