SlideShare a Scribd company logo

Android Tamer BH USA 2016 : Arsenal Presentation

Anant Shrivastava
Anant Shrivastava

Arsenal Demo of Android Tamer presented on 3rd Aug 2016.

Technology
1 of 25
Download to read offline
ANDROID TAMER
WHAT IS ANDROID TAMER Single Point of Reference / Resources for Android Contains 1. Virtual machine for Android (Security) Professionals 2. Debian 8 Compatible Tools Repository 3. Custom Emulator for arm devices (Work In Progress) 4. f-droid repository of tools (Work in Progress) 5. Documentation (tools.androidtamer.com) (ever evolving) 6. KnowledgeBase (kb.androidtamer.com) (Work in Progress)
WHO USES ANDROID TAMER 1. Trainers 2. Security professionals 3. Developers 4. iOT Hackers Friendly Plug Catch Sneha Rajguru using AndroidTamer at BSidesLV (whole day 3 Aug 2016) Defcon Workshop (5 Aug 2016 : 10 AM - 2 PM) Catch Anto Joseph using AndroidTamer with Droid-FF at Arsenal Booth (4 Aug 2016 - 2 PM - 3:50 PM) Defcon Workshop (6 Aug 2016 : 2 PM - 6 PM)
OPENSOURCE ALL THE WAY 1. Automated VM Building Process : Vagrant Ansible script ( ) 2. Automated Debian Package Building Scripts ( ) 3. Documentation source markdown ( ) 4. Open to all 5. To be added 1. APK repository 2. apk building process 3. emulator building process 4. Live ISO Creation 5. and more https://github.com/AndroidTamer/VagrantBuild https://github.com/AndroidTamer/Packaging_Tools https://github.com/AndroidTamer/Tools https://github.com/AndroidTamer
VIRTUAL MACHINE Swiss Army knife for Android Security Professionals. Supports VirtualBox VMWare Vagrant / Ansible
WHY Saves time while Finding and installing tools Configuring them Ensuring all other tools are still working Multiple language versions (java, python, perl, ruby more) Managing updates of each tool
TOOLS INCLUDE 1. adb / fastboot / android-sdk 2. dex2jar / enjarify 3. apktool 4. jad / jd-gui / jadx / jadx-gui 5. drozer / MobSF / jaadas 6. DFF / ddrescueview 7. SQLiteManager / SQLiteMan 8. Burp Free / OWASP-ZAP 9. pidcat 10. Droid-FF (Fuzzing Framework) 11. dextra, simplify, imgtool 12. and more....
CUSTOM FEATURES 1. Easy Management of multiple devices 2. One liner commands (apk2java, drozer_start etc) 3. Scripts for automated analysis 4. So ware update managed over apt-get repository (alpha phase) ( ) 5. All Tools pre-configured in PATH (no need to switch directories) 6. ZSH with autosuggestion http://repo.androidtamer.com/
TOOLS REPOSITORY
REPOSITORY IN USE
THAT'S NOT IT
@ TWITTER Follow Us to get Latest Android News@AndroidTamer
FB/ANDROIDTAMER
SECURITY ENHANCEMENTS https://kb.androidtamer.com/android_security_enhancement/
LEARN ANDROID https://androidtamer.com/learn_android_security
DEMO TIME 1. Application decompiling 2. Automated assessment (drozer_checks) 3. Multi devices management (adb list) 4. MobSF 5. Droid Fuzzing Framework 6. Build / Enhance your own Distro (Debian compatible Repository)
DEMO: APK2JAVA
DEMO: DROZER_CHECK
DEMO: ADB LIST 1. Add entries in ~/.adb_list 2. format of entries "ABC;SERIALNO" 3. echo "abc;1234567890" >> ~/.adb_list
DEMO: MOBSF
DEMO: DROID-FF
BUILD YOUR OWN
PACKAGE REPOSITORY
HOW TO CONTRIBUTE 1. Test the tools, suggest changes or improvements / enhancements 2. Use / Promote / Write about the tool 3. Add tools : 4. Report / track / suggest / fix Issues 5. Test Repo on ( ) other distributions (Kali / Ubuntu / other pentest distro and more ) https://github.com/AndroidTamer/Packaging_Tools/Build https://repo.androidtamer.com Report all issues( )https://github.com/AndroidTamer/Tools_Repository/issues How to setup : ( )https://tools.androidtamer.com/General/repo_configure/
THANKS Follow @AndroidTamer for all Updates

Recommended

Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Fastlane
FastlaneFastlane
Fastlaneeurosigdoc acm
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningIda Bagus Budanthara
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionBart Leppens
 
Kali net hunter
Kali net hunterKali net hunter
Kali net hunterPrashanth Sivarajan
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 

Recommended

Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Fastlane
FastlaneFastlane
Fastlaneeurosigdoc acm
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningIda Bagus Budanthara
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionBart Leppens
 
Kali net hunter
Kali net hunterKali net hunter
Kali net hunterPrashanth Sivarajan
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 
Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testingRoshan Kumar Gami
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全Tim Hsu
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebitsMauro Risonho de Paula Assumpcao
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Nicolas Fränkel
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Nicolas Fränkel
 
Slides 29-07-2017
Slides 29-07-2017Slides 29-07-2017
Slides 29-07-2017Soumyak Bhattacharyya
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?Herman Duarte
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingSoumyak Bhattacharyya
 
Continuous Everything v2.0
Continuous Everything v2.0Continuous Everything v2.0
Continuous Everything v2.0Soumyak Bhattacharyya
 
Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - IntroductionSanthosh Baswa
 
Pilotando spock
Pilotando spockPilotando spock
Pilotando spockRuben Eguiluz
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 

More Related Content

What's hot

Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testingRoshan Kumar Gami
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全Tim Hsu
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebitsMauro Risonho de Paula Assumpcao
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Nicolas Fränkel
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Nicolas Fränkel
 
Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - IntroductionSanthosh Baswa
 

What's hot (20)

Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testing
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
 
Slides 29-07-2017
Slides 29-07-2017Slides 29-07-2017
Slides 29-07-2017
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
Continuous Everything v2.0
Continuous Everything v2.0Continuous Everything v2.0
Continuous Everything v2.0
 
Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - Introduction
 
Pilotando spock
Pilotando spockPilotando spock
Pilotando spock
 

Viewers also liked

Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014Anant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for PentestersAnant Shrivastava
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemAnant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Identity thief
Identity thiefIdentity thief
Identity thiefSam Pierce
 
iOS file structure and organization
iOS file structure and organizationiOS file structure and organization
iOS file structure and organizationJenny Chang
 

Viewers also liked (20)

Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control System
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Web2.0 : an introduction
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Avr introduction
Avr introductionAvr introduction
Avr introduction
 
Arsenal
ArsenalArsenal
Arsenal
 
Identity thief
Identity thiefIdentity thief
Identity thief
 
iOS file structure and organization
iOS file structure and organizationiOS file structure and organization
iOS file structure and organization
 

Similar to Android Tamer BH USA 2016 : Arsenal Presentation

Getting Started with Titanium & Alloy
Getting Started with Titanium & AlloyGetting Started with Titanium & Alloy
Getting Started with Titanium & AlloyFokke Zandbergen
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Cheng-Yi Yu
 
Appium Overview - by Daniel Puterman
Appium Overview - by Daniel PutermanAppium Overview - by Daniel Puterman
Appium Overview - by Daniel PutermanApplitools
 
Chapter 1. java programming language overview
Chapter 1. java programming language overviewChapter 1. java programming language overview
Chapter 1. java programming language overviewJong Soon Bok
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011pundiramit
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
 
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...Paris Open Source Summit
 
I os application bundle by flutter
I os application bundle by flutterI os application bundle by flutter
I os application bundle by flutterConcetto Labs
 
Ios application bundle by flutter
Ios application bundle by flutterIos application bundle by flutter
Ios application bundle by flutterConcetto Labs
 
android training_material ravy ramio
android training_material ravy ramioandroid training_material ravy ramio
android training_material ravy ramioslesulvy
 
Extending Android's Platform Toolsuite
Extending Android's Platform ToolsuiteExtending Android's Platform Toolsuite
Extending Android's Platform ToolsuiteOpersys inc.
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Apache mobilefilter 4-03
Apache mobilefilter 4-03Apache mobilefilter 4-03
Apache mobilefilter 4-03Idel Fuschini
 

Similar to Android Tamer BH USA 2016 : Arsenal Presentation (20)

Getting Started with Titanium & Alloy
Getting Started with Titanium & AlloyGetting Started with Titanium & Alloy
Getting Started with Titanium & Alloy
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
 
Appium Overview - by Daniel Puterman
Appium Overview - by Daniel PutermanAppium Overview - by Daniel Puterman
Appium Overview - by Daniel Puterman
 
Chapter 1. java programming language overview
Chapter 1. java programming language overviewChapter 1. java programming language overview
Chapter 1. java programming language overview
 
Core Android
Core AndroidCore Android
Core Android
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoT
 
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
 
I os application bundle by flutter
I os application bundle by flutterI os application bundle by flutter
I os application bundle by flutter
 
Ios application bundle by flutter
Ios application bundle by flutterIos application bundle by flutter
Ios application bundle by flutter
 
android training_material ravy ramio
android training_material ravy ramioandroid training_material ravy ramio
android training_material ravy ramio
 
Extending Android's Platform Toolsuite
Extending Android's Platform ToolsuiteExtending Android's Platform Toolsuite
Extending Android's Platform Toolsuite
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)
 
Building aosp
Building aospBuilding aosp
Building aosp
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Flutter 1
Flutter 1Flutter 1
Flutter 1
 
Apache mobilefilter 4-03
Apache mobilefilter 4-03Apache mobilefilter 4-03
Apache mobilefilter 4-03
 

More from Anant Shrivastava

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldAnant Shrivastava
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romAnant Shrivastava
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaperAnant Shrivastava
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughAnant Shrivastava
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughAnant Shrivastava
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introductionAnant Shrivastava
 

More from Anant Shrivastava (9)

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
 
introduction to Lamp Stack
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
 
Logic Families Electronics
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
 
Filesystem
FilesystemFilesystem
Filesystem
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Android Tamer BH USA 2016 : Arsenal Presentation

  • 2. WHAT IS ANDROID TAMER Single Point of Reference / Resources for Android Contains 1. Virtual machine for Android (Security) Professionals 2. Debian 8 Compatible Tools Repository 3. Custom Emulator for arm devices (Work In Progress) 4. f-droid repository of tools (Work in Progress) 5. Documentation (tools.androidtamer.com) (ever evolving) 6. KnowledgeBase (kb.androidtamer.com) (Work in Progress)
  • 3. WHO USES ANDROID TAMER 1. Trainers 2. Security professionals 3. Developers 4. iOT Hackers Friendly Plug Catch Sneha Rajguru using AndroidTamer at BSidesLV (whole day 3 Aug 2016) Defcon Workshop (5 Aug 2016 : 10 AM - 2 PM) Catch Anto Joseph using AndroidTamer with Droid-FF at Arsenal Booth (4 Aug 2016 - 2 PM - 3:50 PM) Defcon Workshop (6 Aug 2016 : 2 PM - 6 PM)
  • 4. OPENSOURCE ALL THE WAY 1. Automated VM Building Process : Vagrant Ansible script ( ) 2. Automated Debian Package Building Scripts ( ) 3. Documentation source markdown ( ) 4. Open to all 5. To be added 1. APK repository 2. apk building process 3. emulator building process 4. Live ISO Creation 5. and more https://github.com/AndroidTamer/VagrantBuild https://github.com/AndroidTamer/Packaging_Tools https://github.com/AndroidTamer/Tools https://github.com/AndroidTamer
  • 5. VIRTUAL MACHINE Swiss Army knife for Android Security Professionals. Supports VirtualBox VMWare Vagrant / Ansible
  • 6. WHY Saves time while Finding and installing tools Configuring them Ensuring all other tools are still working Multiple language versions (java, python, perl, ruby more) Managing updates of each tool
  • 7. TOOLS INCLUDE 1. adb / fastboot / android-sdk 2. dex2jar / enjarify 3. apktool 4. jad / jd-gui / jadx / jadx-gui 5. drozer / MobSF / jaadas 6. DFF / ddrescueview 7. SQLiteManager / SQLiteMan 8. Burp Free / OWASP-ZAP 9. pidcat 10. Droid-FF (Fuzzing Framework) 11. dextra, simplify, imgtool 12. and more....
  • 8. CUSTOM FEATURES 1. Easy Management of multiple devices 2. One liner commands (apk2java, drozer_start etc) 3. Scripts for automated analysis 4. So ware update managed over apt-get repository (alpha phase) ( ) 5. All Tools pre-configured in PATH (no need to switch directories) 6. ZSH with autosuggestion http://repo.androidtamer.com/
  • 12. @ TWITTER Follow Us to get Latest Android News@AndroidTamer
  • 16. DEMO TIME 1. Application decompiling 2. Automated assessment (drozer_checks) 3. Multi devices management (adb list) 4. MobSF 5. Droid Fuzzing Framework 6. Build / Enhance your own Distro (Debian compatible Repository)
  • 19. DEMO: ADB LIST 1. Add entries in ~/.adb_list 2. format of entries "ABC;SERIALNO" 3. echo "abc;1234567890" >> ~/.adb_list
  • 24. HOW TO CONTRIBUTE 1. Test the tools, suggest changes or improvements / enhancements 2. Use / Promote / Write about the tool 3. Add tools : 4. Report / track / suggest / fix Issues 5. Test Repo on ( ) other distributions (Kali / Ubuntu / other pentest distro and more ) https://github.com/AndroidTamer/Packaging_Tools/Build https://repo.androidtamer.com Report all issues( )https://github.com/AndroidTamer/Tools_Repository/issues How to setup : ( )https://tools.androidtamer.com/General/repo_configure/