Reversing Android malware for the Smart and Lazy

Back to the list of Speakers and Sessions
Watch the stream Level: {"label"=>"Level", "Beginner"=>"Beginner", "Medium"=>"Medium", "Nose bleed"=>"Nose bleed"}
Android malware are packed and obfuscated. There are many ways to defeat this as a reverse engineer. Disassembly with Baksmali, Androguard, JADX etc is rewarding but long (and painful?). If you are just interested in the result (unpacked executable, non obfuscated), there are more efficient tools. In this workshop, hands-on lab will introduce you to Dexcalibur and House. You will unpack and de-obfuscate an Android malware in virtually no time (well, 3 hours for your first time :D).
Pre-requisites/assumed knowledge:

This workshop is best suited for intermediate to advanced reverse engineers/researchers. Basically, you need to be at ease in a Unix environment + be able to read and write small programs.

Participants should prepare by:

Before the workshop, it is recommended to

(1) Download and install Android Studio (2) Setup an Android emulator x86_64 without Google Play

Other software will be installed during the workshop.

Axelle Apvrille Principal Security Researcher, Fortinet

Axelle Apvrille is a Principal Security Researcher at Fortinet, Fortiguard Labs. Her research interests are mobile and IoT malware that she reverses every day. In addition, she is the lead organizer of Ph0wn CTF, an on-site competition which focuses on ethical hacking of smart objects. In a prior life, Axelle used to implement cryptographic algorithms and security protocols.

Axelle has spoken at many conferences such as Black Hat Europe, Confidence, Hack.Lu, Hacktivity, Insomni'hack, ShmooCon, Troopers, Virus Bulletin... NorthSec 2021 ;-) She has also published in academic journals such as IEEE Security & Privacy, or Journal in Computer Virology. She regularly writes in the French magazine MISC and Hackable, and has recently published in Phrack #71.