Training Catalog‎ > ‎

3-Day Enterprise Grade Android Security for Cyber Operations

Enterprise Grade Android Security for Cyber Operations

Length: 3 Days

Type: Hands-On

Target Audience: IT Managers, Security Personnels.

In this hands-on course, combining both Android Application Security and Android Enterprise Security modules, you will learn about Android security at all possible levels, from the bootloader, through identifying weaknesses in applications, finding data breach, and applying Enterprise Mobility Management policies at the device. We will learn how to harden both the Operating System (for device builders), and the running device policies,in order to protect the organization’s Intellectual Property and data, via in-depth inspection of the Android Platform and ecosystem. To conclude, we will address Android For Work, discussing and applying Android Provisioning services to support an IT manager perspective. The course is intended for IT Managers and Security personnels with practical Java experience. No previous Android experience is required, but it is highly recommended.

Note: The course is based on the Marshmallow version. Earlier versions can be targeted without additional cost, upon customer request.

Course Outline:

  • Android Overview - Design considerations

    • Android History

    • The android ecosystem: Partners, Entities, Design, Approach, Licensing.

  • Android Overview - Bottom up discussion

    • Hardware overview: What makes an Android device.

    • Linux Kernel boot process and provided functionalities

    • Native User Space: Init services, daemons, executables and libraries

    • Enabling Java (Dalvik + ART)

    • JNI bridge layer

    • Java OS Layer (Android Frameworks)

    • Application (APK) Structure

    • System Applications

    • User Applications

    • Google Play Services

    • Android IPC terminology by example: Browser, Maps.

    • Introduction to working with the AOSP: How and where to find what.

  • Android Platform Security

    • Linux driven security sandbox

    • OS and binary protection and exploitation: ASLR, PIE, DEP, RoP et. al.

    • Android hardware related permission enforcement

    • SELinux on Android

    • Data partition forensics protection via Internal and external storage encryption

    • Secure Boot

    • Android Signature model and verification:

      • Platform keys and platform app signing. Google, OEM’s and integrators.

      • Third party (and play store) application signing.

    • Android application sandbox: Single and multi physical user.

    • Android Permissions:

      • Pre-Marshmallow (API Level < 23)

      • Post-Marshmallow: User policies, user responsibilities, application developer responsibilities, dynamic permission checking and revocation.

      • Defining custom permissions, restricting Application components (Activity, Service, Content Provider, Broadcast Receiver)

    • Android Security Patches

  • Security terminology and real-life attacks, “breaking Android”:

    • Glossary attack vectors, attack surfaces, vulnerabilities and exploits.

    • Privilege escalation attacks - theory and practice

    • Dynamic code loading attacks and mitigation

      • Native code

      • Java code via DexLoader

      • Live (on device) code scanning techniques using the PackageManager

    • Binary exploitation and device rooting

    • Remote exploitation and DoS attacks

    • Signature based attacks

    • SE Linux discussion

    • On device Anti-Virus and Anti-Malware building techniques

  • Penetration Testing and Dynamic Analysis

    • Android “debugging”: Introducing am, pm, wm, service, procfs, sysfs and friends.

    • Android Penetration testing tools

    • Finding exposed application components

    • Android fuzzing tools by example: fuzzing the Stagefright framework

    • Penetration testing and exploitation with drozer/metasploit

  • Reverse-Engineering Applications and Static Analysis

    • Android application installation process, paths, optimized bytecodes, ELF types

    • Dalvik bytecode structure and ART binary format

    • Decompiling/disassembling ART and Dalvik based files.

    • Rejoining and decompiling /disassembling optimized byte code

    • Unpacking APK resources, repacking, resigning

    • Applying Android lint tool, and other commercial static analysis tools

    • Disassembling vs. Decompiling: Tools and strategies: where to spend your time?

    • Survey of opensource and commercial tools and analyzers

    • Off device Anti-Virus and Anti-Malware building techniques

  • Enterprise Mobility Management: Android for Work

    • Enterprise Mobility Management (EMM) - definition and market survey

    • EMM: The IT manager vs. the private user

    • Device administration APIs - an IT manager biased arsenal

    • Work profiles - the compromise between the IT and the user.

    • Application restrictions

    • Dynamic Permission enforcement (API Level >= 23)

    • Device provisioning: Apps, networks, etc.

    • Per platform and Per app Virtual Private Networks (VPNs)