Reverse Engineering of Android Malware
Online Training date: October 21-22, 2021.
Learn how to reverse engineer Android malware through practice with numerous labs.
Participants learn how to analyze Android malware. The majority of sessions consist in hands-on labs, with exercises on recent Android samples we caught. We focus on typical questions for malware analysts:
- How to reverse malware safely?
- How to find out, as quickly as possible, if a given sample is malicious or not?
- How to locate the remote CnC?
- How to deal with obfuscated classes, strings and junk code
- How to unpack malware without pain
Day 1: Reverse engineering of Android Malware - Getting started
- Introduction / Welcome
- Android malware trends
- Contents of Android application: manifest, assets, native libraries…
- Presentation of Reverse Engineering tools
- Setup of tools. A dedicated Docker container is provided to attendees
- Several labs: disassembling an app and patching it, using Smalisca, Quark and MobSF
Day 2: Dynamic load and obfuscation
- Dynamically loaded classes
- Unpacking malware with Dexcalibur, House, MobSF
- Decrypting obfuscating strings with Frida
- Implementing a JEB script
- Malware abusing Accessibility Services
- Anti-debug/VM tricks and solutions based
- Detection with APKiD
- Nearly 100% labs!
Optional content: Network activity and native libraries
- Locating the CnC of a malware
- Reversing the contents of an obfuscated HTTP Post
- Re-activating debug messages with a Frida hook
- Dealing with native libraries
- Training exam