This document provides an overview and agenda for securing Android applications. It discusses working with the Android SDK and emulator, setting up the vulnerable GoatDroid application, analyzing application memory and traffic, reverse engineering Android apps, and analyzing SQLite databases. It also demonstrates analyzing the GoatDroid and ExploitMe applications using tools like Burp Suite, SQLite Browser, and Agnitio. The document contains information on Android architecture, developing for Android, common vulnerabilities, and techniques for auditing Android security.
Evolution of Android Operating System and it’s Versionsijtsrd
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. It can be considered as a software platform as well as an operating system for mobile devices based on the Linux operating system and currently developed by Google. It is designed primarily for touch screens mobile devices such as smartphones and tablet computers. One of the most widely used mobile OS these days is android. It is free and open source software its source code is known as Android Open Source Project AOSP , which is primarily licensed under the Apache License. This Paper Contains android architecture consists of key applications, Application framework, Native libraries, Android runtime, DVM, Linux Kernal., Many versions of Android Operating System are KitKat, JellyBean, Honeycomb, Froyo etc… Advantages and Disadvantages of Android and also the conclusion. Aishwarya Gujar | Prof. Pratibha Adkar "Evolution of Android Operating System and it’s Versions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd42519.pdf Paper URL: https://www.ijtsrd.comengineering/computer-engineering/42519/evolution-of-android-operating-system-and-it’s-versions/aishwarya-gujar
This Presentation slide include all the basic things that need to know a beginner to start his/her android career. Even though this slide presentation for beginner but mid level developer also could be benefited.
This Presentation (Android) is prepared by me for Education Purpose. And be careful for Hyperlinks. There are so many Hyperlinks. Just click on them.
Thank You
Mr. SOM
This presentation gives detailed overview of Android, Android Architecture, Software Stack, Platform, Database Support, Licensing, File System, Network Connectivity, Security and Permissions, IDE and Tools, Other IDEs Overview, Development Evaluation, Singing your application, Versioning your application, Preparing to publish your application, Publish your App on Android Market. This presentation also includes links to sample exampled.
Note: Few slides from this presentation are taken from internet or slideshare.com as it is or modified little bit. I have no intention of saying someone’s else work as mine. I prepared this presentation to just educate co-workers about android. So I want the best material from internet and slideshare.com.
JCON 2020: Mobile Java Web Applications with MVC and OpenDDRWerner Keil
Mobile Java Web Applications with MVC and OpenDDR
We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches or home assistants and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR). This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the MVC 1.0 standard for Java (JSR-371) leveraging the power of OpenDDR to simplify the development of cross device web applications. Both offer automatic device detection based on OpenDDR, configuration of user preferences, automatically switch the path to the most appropriate view for a particular device or device type. As well as device aware templates, view engines and more.
Smartphones are changing the IT and Communication landscape vastly. A Smartphone can do almost every good thing a computer can do. Today most of the corporate employee access and manage their official e-mails through the e-mail client installed in their Smartphone.
Evolution of Android Operating System and it’s Versionsijtsrd
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. It can be considered as a software platform as well as an operating system for mobile devices based on the Linux operating system and currently developed by Google. It is designed primarily for touch screens mobile devices such as smartphones and tablet computers. One of the most widely used mobile OS these days is android. It is free and open source software its source code is known as Android Open Source Project AOSP , which is primarily licensed under the Apache License. This Paper Contains android architecture consists of key applications, Application framework, Native libraries, Android runtime, DVM, Linux Kernal., Many versions of Android Operating System are KitKat, JellyBean, Honeycomb, Froyo etc… Advantages and Disadvantages of Android and also the conclusion. Aishwarya Gujar | Prof. Pratibha Adkar "Evolution of Android Operating System and it’s Versions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd42519.pdf Paper URL: https://www.ijtsrd.comengineering/computer-engineering/42519/evolution-of-android-operating-system-and-it’s-versions/aishwarya-gujar
This Presentation slide include all the basic things that need to know a beginner to start his/her android career. Even though this slide presentation for beginner but mid level developer also could be benefited.
This Presentation (Android) is prepared by me for Education Purpose. And be careful for Hyperlinks. There are so many Hyperlinks. Just click on them.
Thank You
Mr. SOM
This presentation gives detailed overview of Android, Android Architecture, Software Stack, Platform, Database Support, Licensing, File System, Network Connectivity, Security and Permissions, IDE and Tools, Other IDEs Overview, Development Evaluation, Singing your application, Versioning your application, Preparing to publish your application, Publish your App on Android Market. This presentation also includes links to sample exampled.
Note: Few slides from this presentation are taken from internet or slideshare.com as it is or modified little bit. I have no intention of saying someone’s else work as mine. I prepared this presentation to just educate co-workers about android. So I want the best material from internet and slideshare.com.
JCON 2020: Mobile Java Web Applications with MVC and OpenDDRWerner Keil
Mobile Java Web Applications with MVC and OpenDDR
We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches or home assistants and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR). This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the MVC 1.0 standard for Java (JSR-371) leveraging the power of OpenDDR to simplify the development of cross device web applications. Both offer automatic device detection based on OpenDDR, configuration of user preferences, automatically switch the path to the most appropriate view for a particular device or device type. As well as device aware templates, view engines and more.
Smartphones are changing the IT and Communication landscape vastly. A Smartphone can do almost every good thing a computer can do. Today most of the corporate employee access and manage their official e-mails through the e-mail client installed in their Smartphone.
1. Automatic scans do not make a web security program jump like a duck
2. Hype around auto scans and why they fail to deliver most of the times
3. How to detect logical flaws - the bed-rock of almost all impactful web application vulnerabilities
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
We asked LinkedIn members worldwide about their levels of interest in the latest wave of technology: whether they’re using wearables, and whether they intend to buy self-driving cars and VR headsets as they become available. We asked them too about their attitudes to technology and to the growing role of Artificial Intelligence (AI) in the devices that they use. The answers were fascinating – and in many cases, surprising.
This SlideShare explores the full results of this study, including detailed market-by-market breakdowns of intention levels for each technology – and how attitudes change with age, location and seniority level. If you’re marketing a tech brand – or planning to use VR and wearables to reach a professional audience – then these are insights you won’t want to miss.
CODE BLUE 2014 : Persisted: The active use and exploitation of Microsoft's Ap...CODE BLUE
Microsoft has often used Fix It patches, which are a subset of Application Compatibility Fixes, as a way to stop newly identified active exploitation methods against their products. At Derbycon 2013 Mark Baggett discussed ways that attackers can use them for creating rootkits. Then in March of 2014 I presented an analysis of the previously undocumented in-memory patch and showed how attackers could use these to create patches and maintain persistence on a system.
This talk will provide an overview and summary of the previous work and then show how it’s currently being used in the wild. I’ll first show how third parties are using the application toolkit for valid reasons. I will then show two instances, active and ongoing in the wild, of malware using the methods we’ve described.
Introduction to Android
The Android Platform, Understanding Android Market, Layers of Android, Intent of Android Development, Types of Android Components, Mapping Applications to Processes, Creating
an Android Application.
Android’s Development Environment: Introduction to Android SDK, Exploring Android Development Environment and Building Android Application in Eclipse, Android Emulator
and User Interfaces, Working with Views, Using Resources, and Understanding and Exploring Android Manifest File.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
1. PRESENTED BY
Manish Chasta | CISSP, CHFI, ITIL
Principal Consultant, Indusface
Securing Android
Applications
01 www.indusface.com | Copyright 2012
2. Agenda
Introduction to Android and Mobile Applications
Working with Android SDK and Emulator
Setting up GoatDroid Application
Memory Analysis
Intercepting Layer 7 traffic
Reverse Engineering Android Applications
SQLite Database Analysis
Demo: ExploitMe application
02 www.indusface.com | Copyright 2012
3. What NUMBERS say!!!
Gartner Says:
8.2 Billion mobile applications have been
downloaded in 2010
17.7 Billion by 2011
185 Billion application will have been downloaded
by 2014
03 www.indusface.com | Copyright 2012
5. Introduction to Android
Most widely used mobile OS
Developed by Google
OS + Middleware + Applications
Android Open Source Project (AOSP) is
responsible for maintenance and further
development
05 www.indusface.com | Copyright 2012
7. Android Architecture: Linux Kernel
Linux kernel with system services:
Security
Memory and process management
Network stack
Provide driver to access hardware:
Camera
Display and audio
Wifi
…
07 www.indusface.com | Copyright 2012
8. Android Architecture: Android RunTime
Core Libraries:
Written in Java
Provides the functionality of Java programming language
Interpreted by Dalvik VM
Dalvik VM:
Java based VM, a lightweight substitute to JVM
Unlike JVM, DVM is a register based Virtual Machine
DVM is optimized to run on limited main memory and less CPU
usage
Java code (.class files) converted into .dex format to be able to
run on Android platform
08 www.indusface.com | Copyright 2012
10. Mobile Apps vs Web Applications
Thick and Thin Client
Security Measures
User Awareness
010 www.indusface.com | Copyright 2012
11. Setting-up Environment
Handset / Android Device
Android SDK and Eclipse
Emulator
Wireless Connectivity
And of course… Application file
011 www.indusface.com | Copyright 2012
12. Setting-up Lab
What we need:
Android SDK
Eclips
GoatDroid (Android App from OWASP)
MySQL
.Net Framwork
Proxy tool (Burp)
Agnitio
Android Device (Optional)
SQLitebrowser
012 www.indusface.com | Copyright 2012
13. Working with
Android SDK
013 www.indusface.com | Copyright 2012
14. Android SDK
Development Environment for Android
Application Development
Components:
SDK Manager
AVD Manager
Emulator
014 www.indusface.com | Copyright 2012
15. Android SDK
Can be downloaded from :
developer.android.com/sdk/
Requires JDK to be installed
Install Eclipse
Install ADT Plugin for Eclipse
015 www.indusface.com | Copyright 2012
17. Android SDK: Configuring Eclipse
Go to Help->Install new Software
Click Add
Give Name as ADT Plugin
Provide the below address in Location: http://dl-
ssl.google.com/android/eclipse/
Press OK
Check next to ‘Developer Tool’ and press next
Click next and accept the ‘Terms and Conditions’
Click Finish
017 www.indusface.com | Copyright 2012
18. Android SDK: Configuring Eclipse
Now go to Window -> Preferences
Click on Android in left panel
Browse the Android SDK directory
Press OK
018 www.indusface.com | Copyright 2012
24. ADB: Android Debug Bridge
Android Debug Bridge (adb) is a versatile command
line tool that lets you communicate with an emulator
instance or connected Android-powered device.
You can find the adb tool in <sdk>/platform-tools/
024 www.indusface.com | Copyright 2012
25. ADB: Important Commands
Install an application to emulator or device:
025 www.indusface.com | Copyright 2012
26. ADB: Important Commands
Push data to emulator / device
adb push <local> <remote>
Pull data to emulator / device
adb pull <remote> <local>
Remote - > Emulator and Local -> Machine
026 www.indusface.com | Copyright 2012
27. ADB: Important Commands
Getting Shell of Emulator or Device
adb shell
Reading Logs
adb logcat
027 www.indusface.com | Copyright 2012
28. ADB: Important Commands
Reading SQLite3 database
adb shell
Go to the path
SQLite3 database_name.db
.dump to see content of the db file and .schema to print the
schema of the database on the screen
Reading Logs
adb logcat
028 www.indusface.com | Copyright 2012
34. Rooting Android Phone
Step 4: Reboot the phone in
download mode
Step 5: Connect to the PC
034 www.indusface.com | Copyright 2012
35. Rooting Android Phone
Step 6: Select required file i.e: PDA, Phone, CSC files
Step 7: Click on Auto Reboot and F. Reset Time and hit Start button
035 www.indusface.com | Copyright 2012
36. Rooting Android Phone
If your phone is Rooted... You will see PASS!! In Odin3
036 www.indusface.com | Copyright 2012
38. Setting Proxy
Both Android Phone and laptop (machine to be used
in auditing) needs to be in same wireless LAN.
Provide Laptops IP address and port where proxy is
listening in proxy tool (transproxy) installed in
machine.
038 www.indusface.com | Copyright 2012
39. Intercepting Traffic (Burp)
Burp is a HTTP proxy tool
Able to intercept layer 7 traffic and allows
users to manipulate the HTTP Requests and
Response
039 www.indusface.com | Copyright 2012
43. Lab: GoatDroid
A vulnerable Android
application from the
OW ASP
043 www.indusface.com | Copyright 2012
44. GoatDroid : Setting up
Install MySQL
Install fourgoats database.
Create a user with name as "goatboy", password as
"goatdroid" and Limit Connectivity to Hosts Matching
"localhost". Also "goatboy" needs to have insert,
delete, update, select on fourgoats database.
044 www.indusface.com | Copyright 2012
45. GoatDroid : Setting up
Run goatdroid-beta-v0.1.2.jar file
Set the path for Android SDK Root directory
and Virtual Devices:
Click Configure -> edit and click on Android tab
Set path for Android SDK, typically it should be
C:Program FilesAndroidandroid-sdk
Set path for Virtual Devices, typically it should be
C:Documents and SettingsManishandroidavd
045 www.indusface.com | Copyright 2012
46. GoatDroid : Setting up
Start web services
Start emulator through GoatDroid jar file
Push / Install the application to Device
Run FourGoat application from emulator
Click on Menu and then click on Destination Info
Provide following information in required fields:
Server: 10.0.2.2 and Port 8888
046 www.indusface.com | Copyright 2012
47. GoatDroid : Setting up
Demo / Hands On
047 www.indusface.com | Copyright 2012
48. GoatDroid : Setting up proxy
Assuming FourGoat is already installed
Run goatdroid-beta-v0.1.2.jar file and start web services
Start any HTTP Proxy (Burp) tool on port 7000
Configure Burp to forward the incoming traffic to port 8888
Start emulator from command line by giving following
command:
emulator –avd test2 –http-proxy 127.0.0.1:7000
048 www.indusface.com | Copyright 2012
49. GoatDroid : Setting up proxy
Open the FourGoat application in emulator
Click on Mene to set Destination Info
Set Destination Info as below:
Server: 10.0.2.2 and port as 7000
Now see if you are able to intercept the trrafic
in Burp
049 www.indusface.com | Copyright 2012
50. GoatDroid : Setting up Proxy
Demo / Hands On
050 www.indusface.com | Copyright 2012
54. GoatDroid: Auditing from Android Device
Install the app in Android device
Set the destination info as below:
Server: IP address (WLAN) of your laptop
and port as 8888 (incase no proxy is
listening)
Memory Analysis through Terminal Emulator
and DD command
054 www.indusface.com | Copyright 2012
57. Reverse Engineering Android Application
Vulnerabilities can be found through Reverse
Engineering :
Vulnerabilities in Source Code
Re-compile the application
Commented Code
Hard coded information
057 www.indusface.com | Copyright 2012
58. Reverse Engineering Android Application
Dex to jar (dex2jar)
C:dex2jar-versiondex2jar.bat someApk.apk
Open code files in any Java decompile
058 www.indusface.com | Copyright 2012
60. Agnitio
Mobile Application Coder Review tool
Install: Next-Next process
Can analyze Codebase as well as .apk file
060 www.indusface.com | Copyright 2012
63. Analyzing SQLite Database
SQLite Database:
SQLite is a widely used, lightweight database
Used by most mobile OS i.e. iPhone, Android, Symbian, webOS
SQLite is a free to use and open source database
Zero-configuration - no setup or administration needed.
A complete database is stored in a single cross-platform disk file.
063 www.indusface.com | Copyright 2012
64. Analyzing SQLite Database
Pull the .db files out of the emulator / Device
as explained eirler
Tools
SQLite browser
Epilog
064 www.indusface.com | Copyright 2012