Trainer 

8KSec

8ksec was founded in 2022 by cybersecurity experts with over 10 years of experience in the field. The company was established with a focus on equipping businesses and individuals with the tools and knowledge necessary to address evolving cyber threats.

Our experts possess extensive experience in delivering specialized cybersecurity training and consulting to several commercial and defense organizations across the United States, Europe, and the Middle East and North Africa region. 8ksec is recognized by BlackHat as a trusted Cybersecurity Training Provider, underscoring its growing presence in the industry. To date, we’ve trained over 3,000 professionals across more than 20 countries.

While 8ksec offers a comprehensive range of cybersecurity services, our expertise in mobile security is
particularly distinguished. This specialization is showcased in our best-selling, in-depth courses on mobile OS and application security, covering topics not offered by any other training provider.

About the training: 

This course prepares you for the Certified Android Security Engineer (CASE) certification exam. This in-depth and immersive three-day program offers participants an opportunity to enhance their understanding of Android Internals, Reverse Engineering as well as Android Application Exploitation. It provides a broad understanding of Android system architecture, covering topics such as Android Drivers, Modules, Linux Kernel, and the Android Binder. Participants will gain hands-on experience in reverse engineering, exploit development basics for the ARM platform, and deep dive into memory management and related vulnerabilities.

The course also covers Android's boot, recovery, rooting processes, and permissions, along with security features like DAC, CAP, SECCOMP, and SELinux. For a practical learning experience, the course covers how to extract and decrypt boot images for Android devices. The course covers handson exercises for symbolicating the Android kernel and porting exploits to other Android devices.

Advanced Frida techniques such as custom tracing, profiling, and memory inspection are explored with real-world applications. Case studies on prominent malware and custom malware samples designed for the course shed light on reverse engineering and advanced forensics techniques. Application Security related vulnerabilities occurring due to Android components are also covered as a part of the course. The training also includes hands-on learning using vulnerable applications created for the course, and a wide range of real world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications.

​

Recommended for:
Vulnerability researchers, Malware analysts, Penetration testers, Mobile developers, Anyone eager to learn more about the workings of Android devices and applications.

Key takeaways:

• Understand the Android System Architecture and AOSP source code

• Learn about Android Tracing

• Grasp Android Boot, Recovery, and Rooting processes

• Get an understanding of latest ARM64 instruction set, dynamic memory management and related vulnerabilities on the ARM platform

• Acquire skills in ARM Reverse Engineering and exploit development

• Learn how to customize and build Android Kernel for Vulnerability Research

• Gain knowledge about Android Platform Permission, DAC, CAP, SECCOMP, and SELinux Develop practical skills in fuzzing applications and processes on Android devices Overview of Kernel protections and bypasses

• Reverse engineering Android binaries (Apps and system binaries)

• Get PoC applications to perform 1 click exploits on Mobile apps

• Get an intro to common bug various bug categories on Android systems

• Learn to audit Android apps for security vulnerabilities

• Understand and bypass anti-debugging and obfuscation techniques

• Get a detailed walkthrough on using IDA Pro, Hopper, Frida, etc

• Learn how accessibility malwares work, and how to reverse engineer well-known crypto wallet stealers

• Learn how to symbolicate the Android kernel

• Learn how to extract and decrypt boot images for Android devices

• Become a Certified Android Security Engineer (CASE)​

​

What you get after the training:

• An attempt to Certified Android Security Engineer (CASE) certification exam

• Certificate of completion for the Training program

• Source code for vulnerable applications

• Source code for Exploit PoCs' that can be used for Bug Bounties

• Students will be provided with access to Corellium for Android hands-on for the duration of the course 

• Access to cloud instances for the duration of the course 

• Slack access for the class and after for regular mobile security discussions

​