On This Page

Practical Android Exploitation

Senrio Inc. & Xipiter LLC | August 4-7


There are more Android users than there are of any other mobile operating system worldwide. It is used not only in mobile devices but increasingly in infotainment, industrial, and enterprise products. "Practical Android Exploitation" is a course developed by Stephen A. Ridley (who also co-authored of "The Android Hacker's Handbook" by Wiley & Sons publishing) and Stephen C. Lawler (editor of "Practical Malware Analysis" and other books published by No Starch Press). "Practical Android Exploitation" is a comprehensive course aimed to teach all about Android software security and exploitation. Following the creation of their industry renown course ARMExploitation.com the creators of this course focused this new course on thoroughly exploring the inner-workings of the Android ecosystem and along the way teach participants how to reverse engineer and exploit software on Android. Participants will do it all: from decompiling applications, to writing their own shellcode FROM SCRATCH to exploit native code on Android systems. Jailbreaks, the history of public Android exploits, ARM exploitation, all will be covered in this intensive course.

Jail-breaks and how they work
Software exploitation (native and Dalvik) on Android
Analyze Mobile Malware
Perform hardware attacks on Mobile devices

Participants of "Practical Android Exploitation" will get hands on experience with the AndroidSDK/NDK and related toolchains and use that knowledge to write and analyze exploits on Android. This class is aimed to be an indispensable training for mobile developers, forensics investigators, software security professionals, and others. All participants of this course will also receive their own custom printed copy of "The Android Hacker's Handbook".

Who Should Take this Course

Android Developers, Mobile Developers, Hackers, Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, jail breakers.

More details available on: http://AndroidExploitation.com

Student Requirements

Students taking Practical Android Exploitation should have an intermediate software exploitation background on another architecture (such as x86). They should have hands-on familiarity with the following concepts:
  • Exploitation of stack overflows
  • Exploitation of heap overflows
  • Basic experience with IDA
  • Basic experience with a debugger
  • Cursory knowledge of Python or some equivalent high-level scripting language (Java, Ruby, etc)
  • C++ and C coding experience

What Students Should Bring

A laptop (running their favorite OS) capable of connecting to wired and wireless networks.
An installed valid VMWare
An installed copy of at least IDA Standard.
An SSH/Telnet client to access the hosted QEMU images and class hardware devices

What Students Will Be Provided With

Custom printing of "The Android Hacker's Handbook"
170+ page coil bound lab manual and reference guide
Access to the embedded systems (targets), and tools, that comprise the entire class environment
Undoubtedly some free swag and free hardware of some kind ;-)


Stephen A. Ridley was principal researcher at Xipiter and is CTO, and Founder at Senrio Inc (http://senr.io) . He has more than 10 years of experience in software development, software security, and reverse engineering. Prior to Xipiter, Mr. Ridley served as the Chief Information Security Officer of a financial services firm and prior to that was a Senior Researcher at Matasano. He also was Senior Security Architect at McAfee, and a founding member of the Security and Mission Assurance (SMA) group at a major U.S defense contractor where he did vulnerability research and reverse engineering in support of the U.S. intelligence community. He has spoken about reverse engineering and software security at Black Hat, ReCon, CanSecWest, EuSecWest, Syscan and other prominent information security conferences. Stephen is a co-author of "The Android Hacker's Handbook" published by Wiley & Sons.

Stephen Lawler is the Founder and President of a small computer software and security consulting firm. Mr. Lawler has been actively working in information security for over 10 years, primarily in reverse engineering, malware analysis, and exploit development. While working at Mandiant he was a principal malware analyst for high-profile computer intrusions affecting several Fortune 100 companies. Prior to this, as a founding member of ManTech International’s Security and Mission Assurance (SMA) division he discovered numerous “0-day” vulnerabilities in COTS software and pioneered several exploitation techniques that have only been recently published. Prior to his work at ManTech, Stephen Lawler was the lead developer for the AWESIM sonar simulator as part of the US Navy SMMTT program. Stephen is also the technical editor of a malware analysis book currently under development by No Starch Press.