SlideShare a Scribd company logo

Android Tamer BH USA 2016 : Arsenal Presentation

Anant Shrivastava
Anant Shrivastava

Arsenal Demo of Android Tamer presented on 3rd Aug 2016.

Technology
1 of 25
Download to read offline
ANDROID TAMER
WHAT IS ANDROID TAMER Single Point of Reference / Resources for Android Contains 1. Virtual machine for Android (Security) Professionals 2. Debian 8 Compatible Tools Repository 3. Custom Emulator for arm devices (Work In Progress) 4. f-droid repository of tools (Work in Progress) 5. Documentation (tools.androidtamer.com) (ever evolving) 6. KnowledgeBase (kb.androidtamer.com) (Work in Progress)
WHO USES ANDROID TAMER 1. Trainers 2. Security professionals 3. Developers 4. iOT Hackers Friendly Plug Catch Sneha Rajguru using AndroidTamer at BSidesLV (whole day 3 Aug 2016) Defcon Workshop (5 Aug 2016 : 10 AM - 2 PM) Catch Anto Joseph using AndroidTamer with Droid-FF at Arsenal Booth (4 Aug 2016 - 2 PM - 3:50 PM) Defcon Workshop (6 Aug 2016 : 2 PM - 6 PM)
OPENSOURCE ALL THE WAY 1. Automated VM Building Process : Vagrant Ansible script ( ) 2. Automated Debian Package Building Scripts ( ) 3. Documentation source markdown ( ) 4. Open to all 5. To be added 1. APK repository 2. apk building process 3. emulator building process 4. Live ISO Creation 5. and more https://github.com/AndroidTamer/VagrantBuild https://github.com/AndroidTamer/Packaging_Tools https://github.com/AndroidTamer/Tools https://github.com/AndroidTamer
VIRTUAL MACHINE Swiss Army knife for Android Security Professionals. Supports VirtualBox VMWare Vagrant / Ansible
WHY Saves time while Finding and installing tools Configuring them Ensuring all other tools are still working Multiple language versions (java, python, perl, ruby more) Managing updates of each tool
TOOLS INCLUDE 1. adb / fastboot / android-sdk 2. dex2jar / enjarify 3. apktool 4. jad / jd-gui / jadx / jadx-gui 5. drozer / MobSF / jaadas 6. DFF / ddrescueview 7. SQLiteManager / SQLiteMan 8. Burp Free / OWASP-ZAP 9. pidcat 10. Droid-FF (Fuzzing Framework) 11. dextra, simplify, imgtool 12. and more....
CUSTOM FEATURES 1. Easy Management of multiple devices 2. One liner commands (apk2java, drozer_start etc) 3. Scripts for automated analysis 4. So ware update managed over apt-get repository (alpha phase) ( ) 5. All Tools pre-configured in PATH (no need to switch directories) 6. ZSH with autosuggestion http://repo.androidtamer.com/
TOOLS REPOSITORY
REPOSITORY IN USE
THAT'S NOT IT
@ TWITTER Follow Us to get Latest Android News@AndroidTamer
FB/ANDROIDTAMER
SECURITY ENHANCEMENTS https://kb.androidtamer.com/android_security_enhancement/
LEARN ANDROID https://androidtamer.com/learn_android_security
DEMO TIME 1. Application decompiling 2. Automated assessment (drozer_checks) 3. Multi devices management (adb list) 4. MobSF 5. Droid Fuzzing Framework 6. Build / Enhance your own Distro (Debian compatible Repository)
DEMO: APK2JAVA
DEMO: DROZER_CHECK
DEMO: ADB LIST 1. Add entries in ~/.adb_list 2. format of entries "ABC;SERIALNO" 3. echo "abc;1234567890" >> ~/.adb_list
DEMO: MOBSF
DEMO: DROID-FF
BUILD YOUR OWN
PACKAGE REPOSITORY
HOW TO CONTRIBUTE 1. Test the tools, suggest changes or improvements / enhancements 2. Use / Promote / Write about the tool 3. Add tools : 4. Report / track / suggest / fix Issues 5. Test Repo on ( ) other distributions (Kali / Ubuntu / other pentest distro and more ) https://github.com/AndroidTamer/Packaging_Tools/Build https://repo.androidtamer.com Report all issues( )https://github.com/AndroidTamer/Tools_Repository/issues How to setup : ( )https://tools.androidtamer.com/General/repo_configure/
THANKS Follow @AndroidTamer for all Updates

Recommended

Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Fastlane
FastlaneFastlane
Fastlaneeurosigdoc acm
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningIda Bagus Budanthara
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionBart Leppens
 
Kali net hunter
Kali net hunterKali net hunter
Kali net hunterPrashanth Sivarajan
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 

Recommended

Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Fastlane
FastlaneFastlane
Fastlaneeurosigdoc acm
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningIda Bagus Budanthara
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionBart Leppens
 
Kali net hunter
Kali net hunterKali net hunter
Kali net hunterPrashanth Sivarajan
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 
Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testingRoshan Kumar Gami
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全Tim Hsu
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebitsMauro Risonho de Paula Assumpcao
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Nicolas Fränkel
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Nicolas Fränkel
 
Slides 29-07-2017
Slides 29-07-2017Slides 29-07-2017
Slides 29-07-2017Soumyak Bhattacharyya
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?Herman Duarte
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingSoumyak Bhattacharyya
 
Continuous Everything v2.0
Continuous Everything v2.0Continuous Everything v2.0
Continuous Everything v2.0Soumyak Bhattacharyya
 
Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - IntroductionSanthosh Baswa
 
Pilotando spock
Pilotando spockPilotando spock
Pilotando spockRuben Eguiluz
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 

More Related Content

What's hot

Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testingRoshan Kumar Gami
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全Tim Hsu
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebitsMauro Risonho de Paula Assumpcao
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Nicolas Fränkel
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Nicolas Fränkel
 
Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - IntroductionSanthosh Baswa
 

What's hot (20)

Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testing
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
 
Slides 29-07-2017
Slides 29-07-2017Slides 29-07-2017
Slides 29-07-2017
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
Continuous Everything v2.0
Continuous Everything v2.0Continuous Everything v2.0
Continuous Everything v2.0
 
Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - Introduction
 
Pilotando spock
Pilotando spockPilotando spock
Pilotando spock
 

Viewers also liked

Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014Anant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for PentestersAnant Shrivastava
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemAnant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Identity thief
Identity thiefIdentity thief
Identity thiefSam Pierce
 
iOS file structure and organization
iOS file structure and organizationiOS file structure and organization
iOS file structure and organizationJenny Chang
 

Viewers also liked (20)

Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control System
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Web2.0 : an introduction
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Avr introduction
Avr introductionAvr introduction
Avr introduction
 
Arsenal
ArsenalArsenal
Arsenal
 
Identity thief
Identity thiefIdentity thief
Identity thief
 
iOS file structure and organization
iOS file structure and organizationiOS file structure and organization
iOS file structure and organization
 

Similar to Android Tamer BH USA 2016 : Arsenal Presentation

Getting Started with Titanium & Alloy
Getting Started with Titanium & AlloyGetting Started with Titanium & Alloy
Getting Started with Titanium & AlloyFokke Zandbergen
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Cheng-Yi Yu
 
Appium Overview - by Daniel Puterman
Appium Overview - by Daniel PutermanAppium Overview - by Daniel Puterman
Appium Overview - by Daniel PutermanApplitools
 
Chapter 1. java programming language overview
Chapter 1. java programming language overviewChapter 1. java programming language overview
Chapter 1. java programming language overviewJong Soon Bok
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011pundiramit
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
 
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...Paris Open Source Summit
 
I os application bundle by flutter
I os application bundle by flutterI os application bundle by flutter
I os application bundle by flutterConcetto Labs
 
Ios application bundle by flutter
Ios application bundle by flutterIos application bundle by flutter
Ios application bundle by flutterConcetto Labs
 
android training_material ravy ramio
android training_material ravy ramioandroid training_material ravy ramio
android training_material ravy ramioslesulvy
 
Extending Android's Platform Toolsuite
Extending Android's Platform ToolsuiteExtending Android's Platform Toolsuite
Extending Android's Platform ToolsuiteOpersys inc.
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Apache mobilefilter 4-03
Apache mobilefilter 4-03Apache mobilefilter 4-03
Apache mobilefilter 4-03Idel Fuschini
 

Similar to Android Tamer BH USA 2016 : Arsenal Presentation (20)

Getting Started with Titanium & Alloy
Getting Started with Titanium & AlloyGetting Started with Titanium & Alloy
Getting Started with Titanium & Alloy
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
 
Appium Overview - by Daniel Puterman
Appium Overview - by Daniel PutermanAppium Overview - by Daniel Puterman
Appium Overview - by Daniel Puterman
 
Chapter 1. java programming language overview
Chapter 1. java programming language overviewChapter 1. java programming language overview
Chapter 1. java programming language overview
 
Core Android
Core AndroidCore Android
Core Android
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoT
 
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
 
I os application bundle by flutter
I os application bundle by flutterI os application bundle by flutter
I os application bundle by flutter
 
Ios application bundle by flutter
Ios application bundle by flutterIos application bundle by flutter
Ios application bundle by flutter
 
android training_material ravy ramio
android training_material ravy ramioandroid training_material ravy ramio
android training_material ravy ramio
 
Extending Android's Platform Toolsuite
Extending Android's Platform ToolsuiteExtending Android's Platform Toolsuite
Extending Android's Platform Toolsuite
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)
 
Building aosp
Building aospBuilding aosp
Building aosp
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Flutter 1
Flutter 1Flutter 1
Flutter 1
 
Apache mobilefilter 4-03
Apache mobilefilter 4-03Apache mobilefilter 4-03
Apache mobilefilter 4-03
 

More from Anant Shrivastava

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldAnant Shrivastava
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romAnant Shrivastava
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaperAnant Shrivastava
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughAnant Shrivastava
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughAnant Shrivastava
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introductionAnant Shrivastava
 

More from Anant Shrivastava (9)

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
 
introduction to Lamp Stack
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
 
Logic Families Electronics
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
 
Filesystem
FilesystemFilesystem
Filesystem
 

Recently uploaded

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Android Tamer BH USA 2016 : Arsenal Presentation

  • 2. WHAT IS ANDROID TAMER Single Point of Reference / Resources for Android Contains 1. Virtual machine for Android (Security) Professionals 2. Debian 8 Compatible Tools Repository 3. Custom Emulator for arm devices (Work In Progress) 4. f-droid repository of tools (Work in Progress) 5. Documentation (tools.androidtamer.com) (ever evolving) 6. KnowledgeBase (kb.androidtamer.com) (Work in Progress)
  • 3. WHO USES ANDROID TAMER 1. Trainers 2. Security professionals 3. Developers 4. iOT Hackers Friendly Plug Catch Sneha Rajguru using AndroidTamer at BSidesLV (whole day 3 Aug 2016) Defcon Workshop (5 Aug 2016 : 10 AM - 2 PM) Catch Anto Joseph using AndroidTamer with Droid-FF at Arsenal Booth (4 Aug 2016 - 2 PM - 3:50 PM) Defcon Workshop (6 Aug 2016 : 2 PM - 6 PM)
  • 4. OPENSOURCE ALL THE WAY 1. Automated VM Building Process : Vagrant Ansible script ( ) 2. Automated Debian Package Building Scripts ( ) 3. Documentation source markdown ( ) 4. Open to all 5. To be added 1. APK repository 2. apk building process 3. emulator building process 4. Live ISO Creation 5. and more https://github.com/AndroidTamer/VagrantBuild https://github.com/AndroidTamer/Packaging_Tools https://github.com/AndroidTamer/Tools https://github.com/AndroidTamer
  • 5. VIRTUAL MACHINE Swiss Army knife for Android Security Professionals. Supports VirtualBox VMWare Vagrant / Ansible
  • 6. WHY Saves time while Finding and installing tools Configuring them Ensuring all other tools are still working Multiple language versions (java, python, perl, ruby more) Managing updates of each tool
  • 7. TOOLS INCLUDE 1. adb / fastboot / android-sdk 2. dex2jar / enjarify 3. apktool 4. jad / jd-gui / jadx / jadx-gui 5. drozer / MobSF / jaadas 6. DFF / ddrescueview 7. SQLiteManager / SQLiteMan 8. Burp Free / OWASP-ZAP 9. pidcat 10. Droid-FF (Fuzzing Framework) 11. dextra, simplify, imgtool 12. and more....
  • 8. CUSTOM FEATURES 1. Easy Management of multiple devices 2. One liner commands (apk2java, drozer_start etc) 3. Scripts for automated analysis 4. So ware update managed over apt-get repository (alpha phase) ( ) 5. All Tools pre-configured in PATH (no need to switch directories) 6. ZSH with autosuggestion http://repo.androidtamer.com/
  • 12. @ TWITTER Follow Us to get Latest Android News@AndroidTamer
  • 16. DEMO TIME 1. Application decompiling 2. Automated assessment (drozer_checks) 3. Multi devices management (adb list) 4. MobSF 5. Droid Fuzzing Framework 6. Build / Enhance your own Distro (Debian compatible Repository)
  • 19. DEMO: ADB LIST 1. Add entries in ~/.adb_list 2. format of entries "ABC;SERIALNO" 3. echo "abc;1234567890" >> ~/.adb_list
  • 24. HOW TO CONTRIBUTE 1. Test the tools, suggest changes or improvements / enhancements 2. Use / Promote / Write about the tool 3. Add tools : 4. Report / track / suggest / fix Issues 5. Test Repo on ( ) other distributions (Kali / Ubuntu / other pentest distro and more ) https://github.com/AndroidTamer/Packaging_Tools/Build https://repo.androidtamer.com Report all issues( )https://github.com/AndroidTamer/Tools_Repository/issues How to setup : ( )https://tools.androidtamer.com/General/repo_configure/