Enterprise Grade Android Security for Cyber Operations

Rating:
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
Loading...
Please Log in or register to rate

Enterprise Grade Android Security for Cyber Operations

SEC-213

In this hands-on course, combining both Android Application Security and Android Enterprise Security modules, you will learn about Android security at all possible levels, from the bootloader, through identifying weaknesses in applications, finding data breach, and applying Enterprise Mobility Management policies at the device.
We will learn how to harden both the Operating System (for device builders), and the running device policies,in order to protect the organization’s Intellectual Property and data, via in-depth inspection of the Android Platform and ecosystem. To conclude, we will address Android For Work, discussing and applying Android Provisioning services to support an IT manager perspective.

Note: The course is based on the Marshmallow version. Earlier versions can be targeted without additional cost, upon customer request.

Audience

Target Audience:
The course is intended for IT Managers and Security personnels with practical Java experience. No previous Android experience is required, but it is highly recommended.

Course Topics

Android Overview – Design considerations

Android History
The android ecosystem: Partners, Entities, Design, Approach, Licensing

Android Overview – Bottom up discussion

Hardware overview: What makes an Android device
Linux Kernel boot process and provided functionalities
Native User Space: Init services, daemons, executables and libraries
Enabling Java (Dalvik + ART)
JNI bridge layer
Java OS Layer (Android Frameworks)
Application (APK) Structure
System Applications
User Applications
Google Play Services
Android IPC terminology by example: Browser, Maps
Introduction to working with the AOSP: How and where to find what

Android Platform Security

Linux driven security sandbox
OS and binary protection and exploitation: ASLR, PIE, DEP, RoP et. al.
Android hardware related permission enforcement
SELinux on Android
Data partition forensics protection via Internal and external storage encryption
Secure Boot
Android Signature model and verification:
Android application sandbox: Single and multi physical user.
Android Permissions
Android Security Patches

Security terminology and real-life attacks, “breaking Android”:

Glossary attack vectors, attack surfaces, vulnerabilities and exploits
Privilege escalation attacks – theory and practice
Dynamic code loading attacks and mitigation
Binary exploitation and device rooting
Remote exploitation and DoS attacks
Signature based attacks
SE Linux discussion
On device Anti-Virus and Anti-Malware building techniques

Penetration Testing and Dynamic Analysis

Android “debugging”: Introducing am, pm, wm, service, procfs, sysfs and friends
Android Penetration testing tools
Finding exposed application components
Android fuzzing tools by example: fuzzing the Stagefright framework
Penetration testing and exploitation with drozer/metasploit

Reverse-Engineering Applications and Static Analysis

Android application installation process, paths, optimized bytecodes, ELF types
Dalvik bytecode structure and ART binary format
Decompiling/disassembling ART and Dalvik based files
Rejoining and decompiling /disassembling optimized byte code
Unpacking APK resources, repacking, resigning
Applying Android lint tool, and other commercial static analysis tools
Disassembling vs. Decompiling: Tools and strategies: where to spend your time?
Survey of opensource and commercial tools and analyzers
Off device Anti-Virus and Anti-Malware building techniques

Enterprise Mobility Management: Android for Work

Enterprise Mobility Management (EMM) – definition and market survey
EMM: The IT manager vs. the private user
Device administration APIs – an IT manager biased arsenal
Work profiles – the compromise between the IT and the user
Application restrictions
Dynamic Permission enforcement (API Level >= 23)
Device provisioning: Apps, networks, etc.
Per platform and Per app Virtual Private Networks (VPNs)

Detailed Course Outline
© Copyright - Skilit - Site by Dweb