BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.recon.cx//recon-2026//talk//U3DWWA
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-recon-2026-U3DWWA@cfp.recon.cx
DTSTART;TZID=EST:20260621T130000
DTEND;TZID=EST:20260621T160000
DESCRIPTION:As malware authors shift tactics\, they increasingly hide malic
 ious functionality within popular mobile application frameworks\, allowing
  them to evade static and dynamic analysis. This workshop will introduce p
 articipants to some of the more popular frameworks used in App development
  as well as techniques leveraging open source tools to approach reverse en
 gineering said mobile applications for malware analysis and defensive thre
 at intelligence.\n\nThe workshop will comprise two sections\, one for Flut
 ter and Unity. Both will begin with a quick foundational overview of the r
 espective framework\, including the basics on the Dart and Unity programmi
 ng languages as well as a high-level overview of the Dart VM\, its compila
 tion models\, and the resulting "snapshot" artifacts that analysts encount
 er. We then explain how both frameworks present unique obstacles for rever
 se engineering and walk through different techniques and tools (Il2CPPDump
 er and Blutter) used to produce higher-level code\, as well as their short
 comings and limitations.\n\nStudents attending will get hands-on practice 
 reversing In-the-Wild Android malware built with each respective framework
 \, and be exposed to more advanced anti-analysis techniques employed by fr
 amework malware to impede dynamic analysis.
DTSTAMP:20260612T171853Z
LOCATION:Soprano A
SUMMARY:Reversing Framework Mobile Applications with Open Source Tools - Ni
 ck Anderson\, Roy Tu\, Roy Tu
URL:https://cfp.recon.cx/recon-2026/talk/U3DWWA/
END:VEVENT
END:VCALENDAR