Recon 2024

Guerilla Reversing: SMALI steps towards Android reversing
06-29, 15:30–18:30 (US/Eastern), Soprano B

As consumers move to using their phones as their primary device, the financial opportunity for threat actors to deploy mobile malware becomes more appealing. People store their money, memories and digital identities in their pockets, making their phones a ripe avenue for attackers. From the high level threat landscape, down to the nitty gritty of the implementation of mobile malware TTPs, understanding the basics of Android reverse engineering can give an analyst the necessary cutting edge. This workshop will take people from zero to hero in order to give them a more thorough understanding of the Android malware landscape through hands-on labs using Android malware.

This will be a 3 hour version of our Android reverse engineering training covering some of the basics that will allow attendees to gain some initial experience. During the workshop, the topics we will cover will include: the structure of APK and DEX files and how to use them to gain initial RE insight, performing static analysis on Java and native code, overcoming obfuscation and writing a basic decryptor for a piece of Android malware, basics of dynamic analysis using FRIDA and a brief introduction to Android native code and how to approach it.

Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty spans the fields of malware analysis and reverse engineering, with a keen interest in dissecting custom cryptographic systems. Lindsay is an internationally-recognized cybersecurity speaker and author. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

Gabriel Cirlig is Principal Security Researcher at HUMAN Security. A software developer-turned-rogue, Gabriel is the go-to expert for any mobile reverse engineering within HUMAN’s Satori Threat Intelligence and Research team. He went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye open for new opportunities. In the past few years, Gabriel has shifted gears and started his career as a security researcher while speaking at various conferences showcasing what he’s hacked. With a background in electronics engineering and various programming languages, he likes to dismantle and (hopefully) put back whatever he gets his hands on.