use the AOSP to learn android, use the android code to write your own code. Learn new api usages, o view how android works internally, for develop apps that run on your own android distribution.
In slides, I shared my experience in programming android application, and describe how to programming in right way and using best libraries and how to be a perfect android developer.
Developing an Ember Test Strategy - EmberConf 2019Todd Jordan
Taking lessons from the classic writings on Software Testing, we'll walk through what are industry tried and true approaches for developing a robust and effective test suite.
Many of the Testing philosophies and strategies today have their origins as far back as the 60's, and really got their legs during the advent of "Extreme Programming" and other early "Agile" methodologies from the 1990s.
In this talk we'll take many of these tried and true test strategies and show how one would apply them in a real way to an Ember project.
A Glimpse At The Future Of Apache Spark 3.0 With Deep Learning And KubernetesLightbend
In this special guest webinar with Holden Karau, speaker, author and Developer Advocate at Google, we’ll take a walk through some of the interesting JIRAs, look at external components being developed (like deep learning support), and also talk about the future of running real-time Spark workloads on Kubernetes.
The workshop will also provide a thorough guide on how the mobile applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
Course Content:
Android Introduction & Basics
Setting up the Pen testing environment
Reverse engineering & runtime manipulation
Application dynamic runtime analysis
Application Components and security issues
Data and Network interception – manipulation and analysis
Defensive Tools & Techniques for Android application
use the AOSP to learn android, use the android code to write your own code. Learn new api usages, o view how android works internally, for develop apps that run on your own android distribution.
In slides, I shared my experience in programming android application, and describe how to programming in right way and using best libraries and how to be a perfect android developer.
Developing an Ember Test Strategy - EmberConf 2019Todd Jordan
Taking lessons from the classic writings on Software Testing, we'll walk through what are industry tried and true approaches for developing a robust and effective test suite.
Many of the Testing philosophies and strategies today have their origins as far back as the 60's, and really got their legs during the advent of "Extreme Programming" and other early "Agile" methodologies from the 1990s.
In this talk we'll take many of these tried and true test strategies and show how one would apply them in a real way to an Ember project.
A Glimpse At The Future Of Apache Spark 3.0 With Deep Learning And KubernetesLightbend
In this special guest webinar with Holden Karau, speaker, author and Developer Advocate at Google, we’ll take a walk through some of the interesting JIRAs, look at external components being developed (like deep learning support), and also talk about the future of running real-time Spark workloads on Kubernetes.
The workshop will also provide a thorough guide on how the mobile applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
Course Content:
Android Introduction & Basics
Setting up the Pen testing environment
Reverse engineering & runtime manipulation
Application dynamic runtime analysis
Application Components and security issues
Data and Network interception – manipulation and analysis
Defensive Tools & Techniques for Android application
With the big delays in the time it takes until an iOS jailbreak is public and stable, it is often not possible to test mobile apps in the latest iOS version. Occasionally customers might also provide builds that only work in iOS versions for which no jailbreak is available. On Android the situation is better, but there can also be problems to root certain phone models. These trends make security testing of mobile apps difficult. This talk will cover approaches to defeat common security mechanisms that must be bypassed in the absence of root/jailbreak.
Android application Pentesting with DIVA. This Course is Divided into three main sections:
1) Prepare your envirnment (Setup Kali Linux and Andriod Emulator)
2) Infomation Gathering (Attack surface)
3) Exploitation
Tools used:
1. Adb
2. Apktool
3. unzip
4. Dex2jar
5. JD-GUI
6. sqlitebrowser
7. Drozer
8. Cutter
I hope you find this session interesting. Thanks for joining !!
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
Building a SMS based application involves dealing with 3rd party service providers and mobile network operators. As you can imagine, this is time consuming and, given the cost structures in place, expensive. For quick prototypes it isn't worth the hassle. While waiting for your own short code, only hope would keep you together. However, we've seen the tremendous power and reach of SMS - especially for applications around a social theme at ThoughtWorks' Social Impact Program.
EzSMS is our attempt at providing a SMS gateway that can be setup in minutes. Of course it runs on Ruby! All you need is an Android powered phone, a sim-card and data access. Thus it is very easy to prototype your apps. Gone are the days when we, Android owners, would feel alone. With Android activations outpacing births it seems that a hundred billion phones have found homes.
In this talk we'll explore Ruboto and JRuby and quickly explain how to create a simple Android application. We'll explore the internals of our application and then compare Ruboto and other Ruby flavoured mobile app development frameworks. We'll also apologize to Sting for mishearing his song "Message in a bottle" .
Reverse engineering and instrumentation of android appsGaurav Lochan
Our product (Little Eye Labs) is a performance monitoring and optimization tool for Android apps.
We wanted to expose detailed network usage information from the app, and we explored binary instrumentation as a way to do this.
The presentation covers many learnings from the process - what are different reverse engineering tools on android, which ones specifically help with instrumentation, and a link to some of the source code from this process.
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbolapidays
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Android Applications and API Hacking
Gabrielle Botbol, Ethical Hacker |Award-winning Pentester | Artemis Red Team | Board Member | Speaker | Mentor
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
With the big delays in the time it takes until an iOS jailbreak is public and stable, it is often not possible to test mobile apps in the latest iOS version. Occasionally customers might also provide builds that only work in iOS versions for which no jailbreak is available. On Android the situation is better, but there can also be problems to root certain phone models. These trends make security testing of mobile apps difficult. This talk will cover approaches to defeat common security mechanisms that must be bypassed in the absence of root/jailbreak.
Android application Pentesting with DIVA. This Course is Divided into three main sections:
1) Prepare your envirnment (Setup Kali Linux and Andriod Emulator)
2) Infomation Gathering (Attack surface)
3) Exploitation
Tools used:
1. Adb
2. Apktool
3. unzip
4. Dex2jar
5. JD-GUI
6. sqlitebrowser
7. Drozer
8. Cutter
I hope you find this session interesting. Thanks for joining !!
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
Building a SMS based application involves dealing with 3rd party service providers and mobile network operators. As you can imagine, this is time consuming and, given the cost structures in place, expensive. For quick prototypes it isn't worth the hassle. While waiting for your own short code, only hope would keep you together. However, we've seen the tremendous power and reach of SMS - especially for applications around a social theme at ThoughtWorks' Social Impact Program.
EzSMS is our attempt at providing a SMS gateway that can be setup in minutes. Of course it runs on Ruby! All you need is an Android powered phone, a sim-card and data access. Thus it is very easy to prototype your apps. Gone are the days when we, Android owners, would feel alone. With Android activations outpacing births it seems that a hundred billion phones have found homes.
In this talk we'll explore Ruboto and JRuby and quickly explain how to create a simple Android application. We'll explore the internals of our application and then compare Ruboto and other Ruby flavoured mobile app development frameworks. We'll also apologize to Sting for mishearing his song "Message in a bottle" .
Reverse engineering and instrumentation of android appsGaurav Lochan
Our product (Little Eye Labs) is a performance monitoring and optimization tool for Android apps.
We wanted to expose detailed network usage information from the app, and we explored binary instrumentation as a way to do this.
The presentation covers many learnings from the process - what are different reverse engineering tools on android, which ones specifically help with instrumentation, and a link to some of the source code from this process.
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbolapidays
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Android Applications and API Hacking
Gabrielle Botbol, Ethical Hacker |Award-winning Pentester | Artemis Red Team | Board Member | Speaker | Mentor
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
7. How to get *.apk files from smart
phone?
<Example 1>
One of options –
adb shell
ls /sdcard/MyAppSharer
adb pull /sdcard/MyAppSharer .
8. How to convert *.apk *.jar file?
<Example 2>
dex2jar.bat com.adobe.reader.apk
https://code.google.com/p/dex2jar/
9. How to convert *.jar file *.java files?
<Example 3>
jd-gui
http://jd.benow.ca/
If not enough – use JAD
10. How to unzip *.apk files?
<Example 4>
One of options – WinRAR
Hello, cap
11. How to disassemble classes.dex file?
< Example 5 >
One of options – dexdump.exe
F:androidsdkbuild-tools17.0.0dexdump.exe
-d -f -h classes.dex > classes.dex.out.1
12. Real Life example (1)
Ljbeetle
Open source LiveJournal client for Android
https://bitbucket.org/dotCypress/ljbeetle/wiki/Home
https://play.google.com/store/apps/details?id=c
om.dotcypress.ljbeetle&hl=ru
13. Real Life example (1)
Автор – Виталий Домников
@dotcypress
Hates java and Android
14. Real Life example (2)
1) analytics
com.flurry.android
http://support.flurry.com/index.php?title=Analy
tics
15. Real Life example (3)
2) using http for uploading images
package com.dotcypress.ljbeetle.upload;
public String upload(String paramString)
http://pics.livejournal.com/interface/simple