top of page





Online / Offline


2 days


Intermediate / Advanced



Manuel Blanco

Manuel Blanco is a Security Researcher, interested in everything related to low level architecture and operating systems internals (Linux Kernel and Android). He has explored different fields, from penetration testing of critical infrastructures, to reverse engineering of complex software applications.
In 2017, Manuel was a member of the spanish national team that won the European Cyber Security Challenge, a CTF competition organized by the European Union Agency for Network and Information Security.
Furthermore, he has experience as a speaker in multiple international security congresses, conducting training for both beginner and advanced users.

About the training

We are living in a world where everyone can be picked as a target by different actors and if you want to fight against advanced persistent threads, first you must understand its capabilities.
Do you want to dissect their cyberwarfare tools? In this training we analyze the root cause of a vulnerability used by Pegasus APT in-the-wild, and its exploitation bypassing all the modern mitigations shipped on a real device.
On the other hand, we explore the Android architecture, understanding the key pieces needed for reverse engineering malware, exploring the state of art.

This training provides students with a quick look into the hidden side of the threat landscape these days - the side of mobile malware. We will guide you through the main aspects of Android security and give you a broad view of modern malware that can be found in the wild. This training gives you hands-on practical tasks, which enables students to analyze any kind of malicious applications in the future.
During the training, you will gain access to stash of samples related to the most famous mobile APTs.

Topics covered:
• Overview of Android architecture and internal structure of applications.
• Basic analysis using Android decompilers (JEB, Jadx, dex2jar).
• Smali/Baksmali. Searching for malicious code injections.
• Tips & tricks to fast check that app is actually malicious.
• The decryption of payloads, configs and other malware artifacts.
• Hunting for new samples. Android and iOS specificity.
• Lots (!) of real-life examples.
• Special focus on mobile APTs like FinFisher, HackingTeam RCS, Pegasus, OceanLotus, etc.

Key takeaways
Understand Android architecture and internal structure of applications
Basic analysis using Android decompilers
Searching for malicious code injections
The decryption of payloads, configs and other malware artifacts
Hunting for new samples on Android and iOS

Level: Intermediate
Duration: 2 days
Prerequisites: Basic programming and reversing understanding.

bottom of page