SlideShare ist ein Scribd-Unternehmen logo

Android Tamer (Anant Shrivastava)

ClubHack
ClubHack

ClubHack 2011 Hacking and Security Conference. Talk - Android Tamer Speaker - Anant Shrivastava

Technologie
1 von 17
Downloaden Sie, um offline zu lesen
Android Tamer By Anant Shrivastava http://anantshri.info
Agenda ● Android and Security ● Tool set available Right Now ● Android Tamer VM ● Source Code Analysis ● Application Development ● Security Analysis Applications ● ROM analysis ● Code Injection ● Demo's 2
Android +40% Phone Market ● +10% Tablet Market ● Manufacturer support : LG,Samsung,SE & ● more Supported by Google ● Linux Based ● 3
Why Security Review ● Emerging Market. ● Smart phones. ● Easily acessible ● Emerging Target for malware distribution. ● Simply Put whole PC malacious life cycle is getting repeated in Mobile Domain 4
How and What to perform ● We Need to perform ● Application / Platform / Protocol Testing ● Malacious Apps / website testing ● Rom Analysis / Modification ● How We perform ● Setup toolset on every machine and still no standards. 5
What's the solution ● Define Some standards. ● OWASP is working on it. ● Design some ToolKit ● Basically we need BT style toolkit for android. 6
Presenting Android Tamer 7
What is Android Tamer ● VM environment Giving you the freedom to perform ● Application Pentesting ● Malware Analysis ● Rom Modification (Core + kernel) ● ROM Analysis ● App / Malware / Native Code Development 8
Salient Features ● Based on Ubuntu 10.04 LTS ● All non needed software removed. ● Minimum mix of foreign repositories to avoid upgrade issues. ● Not just tool dump but integrated solution. ● Browser bookmarks. ● Tamer Repository configured to avoid re-download of complete VDI image. (contains only one package as of now) 9
Tools : Application Pentesting ● OWASP ZAP ● TSOCK Proxy ● Emulator configured with ZAP certificate. ● Custom Link Given to launch specific AVD. ● DDMS configured 10
Tools : Malware Analysis ● DroidBox ● APKInspector ● Apktool ● Dex2jar /JAD / DED / JD-GUI ● Smali / baksmali ● androguard 11
Tools : ROM Analysis / Modification ● DSIXDA Android Kitchen ● Unyaffs2 ● Split_bootimg ● DDMS ● Refer Tools : Development and Malware analysis 12
Tools : Development ● Eclipse + ADT ● NDK ● CodeSourcery C++ lite ● ARM DS-5 CE 13
Tools : Rooting tools ● Scripts ● Rageinthecage ● Psneuter ● Gingerbreak ● ZergRush ● APK’s ● Z4root ● Superoneclick ● Universal Androot Note : tools provided AS-IS, usage is a responsibility of USER 14
Important Links https://sourceforge.net/p/androidtamer/ 15
Future ● Plan to keep it going. ● Applications will be distributed using Tamer Repository (preconfigured) ● Tools and Categories to add ● Agnitio: Source code review ● Forensics Section. ● If you know some other cool tools that could be added send in a mail. 16
About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ●Email : anant@anantshri.info ●Web : http://anantshri.info ●Blog : http://blog.anantshri.info

Empfohlen

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answersOWASP
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private token[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private tokenOWASP
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 

Empfohlen

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answersOWASP
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private token[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private tokenOWASP
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
My Null Android Penetration Session
My Null Android Penetration Session My Null Android Penetration Session
My Null Android Penetration Session Avinash Sinha
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security HeadersOWASP
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningIda Bagus Budanthara
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testingMykhailo Antonishyn
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00srini0x00
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment Mykhailo Antonishyn
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Embedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VEmbedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VOpersys inc.
 
Embedded Android Workshop at AnDevCon IV
Embedded Android Workshop at AnDevCon IVEmbedded Android Workshop at AnDevCon IV
Embedded Android Workshop at AnDevCon IVOpersys inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
My Null Android Penetration Session
My Null Android Penetration Session My Null Android Penetration Session
My Null Android Penetration Session Avinash Sinha
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security HeadersOWASP
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testingMykhailo Antonishyn
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00srini0x00
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment Mykhailo Antonishyn
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 

Was ist angesagt? (20)

[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
 
My Null Android Penetration Session
My Null Android Penetration Session My Null Android Penetration Session
My Null Android Penetration Session
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testing
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
 
Android Security
Android SecurityAndroid Security
Android Security
 

Ähnlich wie Android Tamer (Anant Shrivastava)

Embedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VEmbedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VOpersys inc.
 
Embedded Android Workshop at AnDevCon IV
Embedded Android Workshop at AnDevCon IVEmbedded Android Workshop at AnDevCon IV
Embedded Android Workshop at AnDevCon IVOpersys inc.
 
Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014Opersys inc.
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIOpersys inc.
 
Embedded Android Workshop at Embedded World 2014
Embedded Android Workshop at Embedded World 2014Embedded Android Workshop at Embedded World 2014
Embedded Android Workshop at Embedded World 2014Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Embedded Android Workshop / ELC 2013
Embedded Android Workshop / ELC 2013Embedded Android Workshop / ELC 2013
Embedded Android Workshop / ELC 2013Opersys inc.
 
Embedded Android Workshop at Embedded World Conference 2013
Embedded Android Workshop at Embedded World Conference 2013Embedded Android Workshop at Embedded World Conference 2013
Embedded Android Workshop at Embedded World Conference 2013Opersys inc.
 
Embedded Android Workshop at Embedded Linux Conference Europe 2011
Embedded Android Workshop at Embedded Linux Conference Europe 2011Embedded Android Workshop at Embedded Linux Conference Europe 2011
Embedded Android Workshop at Embedded Linux Conference Europe 2011Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop at ELC Europe
Embedded Android Workshop at ELC EuropeEmbedded Android Workshop at ELC Europe
Embedded Android Workshop at ELC EuropeOpersys inc.
 
Embedded Android Workshop at AnDevConII
Embedded Android Workshop at AnDevConIIEmbedded Android Workshop at AnDevConII
Embedded Android Workshop at AnDevConIIOpersys inc.
 
Embedded Android Workshop at Android Open 2011
Embedded Android Workshop at Android Open 2011Embedded Android Workshop at Android Open 2011
Embedded Android Workshop at Android Open 2011Opersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowKarim Yaghmour
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 

Ähnlich wie Android Tamer (Anant Shrivastava) (20)

Embedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VEmbedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon V
 
Embedded Android Workshop at AnDevCon IV
Embedded Android Workshop at AnDevCon IVEmbedded Android Workshop at AnDevCon IV
Embedded Android Workshop at AnDevCon IV
 
Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VI
 
Embedded Android Workshop at Embedded World 2014
Embedded Android Workshop at Embedded World 2014Embedded Android Workshop at Embedded World 2014
Embedded Android Workshop at Embedded World 2014
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Security Issues in Android Custom Rom
Security Issues in Android Custom RomSecurity Issues in Android Custom Rom
Security Issues in Android Custom Rom
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 
Embedded Android Workshop / ELC 2013
Embedded Android Workshop / ELC 2013Embedded Android Workshop / ELC 2013
Embedded Android Workshop / ELC 2013
 
Embedded Android Workshop at Embedded World Conference 2013
Embedded Android Workshop at Embedded World Conference 2013Embedded Android Workshop at Embedded World Conference 2013
Embedded Android Workshop at Embedded World Conference 2013
 
Embedded Android Workshop at Embedded Linux Conference Europe 2011
Embedded Android Workshop at Embedded Linux Conference Europe 2011Embedded Android Workshop at Embedded Linux Conference Europe 2011
Embedded Android Workshop at Embedded Linux Conference Europe 2011
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Embedded Android Workshop at ELC Europe
Embedded Android Workshop at ELC EuropeEmbedded Android Workshop at ELC Europe
Embedded Android Workshop at ELC Europe
 
Embedded Android Workshop at AnDevConII
Embedded Android Workshop at AnDevConIIEmbedded Android Workshop at AnDevConII
Embedded Android Workshop at AnDevConII
 
Embedded Android Workshop at Android Open 2011
Embedded Android Workshop at Android Open 2011Embedded Android Workshop at Android Open 2011
Embedded Android Workshop at Android Open 2011
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 

Mehr von ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

Mehr von ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Kürzlich hochgeladen

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Kürzlich hochgeladen (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Android Tamer (Anant Shrivastava)

  • 1. Android Tamer By Anant Shrivastava http://anantshri.info
  • 2. Agenda ● Android and Security ● Tool set available Right Now ● Android Tamer VM ● Source Code Analysis ● Application Development ● Security Analysis Applications ● ROM analysis ● Code Injection ● Demo's 2
  • 3. Android +40% Phone Market ● +10% Tablet Market ● Manufacturer support : LG,Samsung,SE & ● more Supported by Google ● Linux Based ● 3
  • 4. Why Security Review ● Emerging Market. ● Smart phones. ● Easily acessible ● Emerging Target for malware distribution. ● Simply Put whole PC malacious life cycle is getting repeated in Mobile Domain 4
  • 5. How and What to perform ● We Need to perform ● Application / Platform / Protocol Testing ● Malacious Apps / website testing ● Rom Analysis / Modification ● How We perform ● Setup toolset on every machine and still no standards. 5
  • 6. What's the solution ● Define Some standards. ● OWASP is working on it. ● Design some ToolKit ● Basically we need BT style toolkit for android. 6
  • 8. What is Android Tamer ● VM environment Giving you the freedom to perform ● Application Pentesting ● Malware Analysis ● Rom Modification (Core + kernel) ● ROM Analysis ● App / Malware / Native Code Development 8
  • 9. Salient Features ● Based on Ubuntu 10.04 LTS ● All non needed software removed. ● Minimum mix of foreign repositories to avoid upgrade issues. ● Not just tool dump but integrated solution. ● Browser bookmarks. ● Tamer Repository configured to avoid re-download of complete VDI image. (contains only one package as of now) 9
  • 10. Tools : Application Pentesting ● OWASP ZAP ● TSOCK Proxy ● Emulator configured with ZAP certificate. ● Custom Link Given to launch specific AVD. ● DDMS configured 10
  • 11. Tools : Malware Analysis ● DroidBox ● APKInspector ● Apktool ● Dex2jar /JAD / DED / JD-GUI ● Smali / baksmali ● androguard 11
  • 12. Tools : ROM Analysis / Modification ● DSIXDA Android Kitchen ● Unyaffs2 ● Split_bootimg ● DDMS ● Refer Tools : Development and Malware analysis 12
  • 13. Tools : Development ● Eclipse + ADT ● NDK ● CodeSourcery C++ lite ● ARM DS-5 CE 13
  • 14. Tools : Rooting tools ● Scripts ● Rageinthecage ● Psneuter ● Gingerbreak ● ZergRush ● APK’s ● Z4root ● Superoneclick ● Universal Androot Note : tools provided AS-IS, usage is a responsibility of USER 14
  • 16. Future ● Plan to keep it going. ● Applications will be distributed using Tamer Repository (preconfigured) ● Tools and Categories to add ● Agnitio: Source code review ● Forensics Section. ● If you know some other cool tools that could be added send in a mail. 16
  • 17. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ●Email : anant@anantshri.info ●Web : http://anantshri.info ●Blog : http://blog.anantshri.info