Reversing Android malware for the Smart and Lazy

Back to the list of Speakers and Sessions
Watch the stream
Android malware are packed and obfuscated. There are many ways to defeat this as a reverse engineer. Disassembly with Baksmali, Androguard, JADX etc is rewarding but long (and painful?). If you are just interested in the result (unpacked executable, non obfuscated), there are more efficient tools. In this workshop, hands-on lab will introduce you to Dexcalibur and House. You will unpack and de-obfuscate an Android malware in virtually no time (well, 3 hours for your first time :D).

Pre-requisites/assumed knowledge:

This workshop is best suited for intermediate to advanced reverse engineers/researchers. Basically, you need to be at ease in a Unix environment + be able to read and write small programs.

Participants should prepare by:

Before the workshop, it is recommended to

(1) Download and install Android Studio (2) Setup an Android emulator x86_64 without Google Play

Other software will be installed during the workshop.


Axelle Apvrille Principal Security Researcher, Fortinet

Axelle is Principal Security Researcher at Fortinet. She has been working there for over 10 years on mobile malware and IoT malware. She is also the lead organizer of Ph0wn CTF, a CTF dedicated to smart objects, which takes place on the French Riviera. In a previous life, Axelle worked on cryptography (implementation) and security protocols.