Clubhack is a pioneering Annual Hackers Conference being held in Pune – Unlike previous year’s, this time around Clubhack will be having a lot of talks around Android OS hacks – So if you are an Android developer, you should not miss this event.
- What: Clubhack 2011
- Where: The O Hotel, Pune [Directions here]
- When: 3rd to 5th December 2011
- Registration Fees:
- 2 days Event Only = Rs. 1200/-
- 2 days Event with lunch = Rs 2400/-
- If attendees without lunch cost included want to buy food coupons, they can do so at the venue directly @ Rs 600/- per day.
Here is a great news for all TGF readers – If you use the Discount code – TGF – while registration, you will avail following discounted rates!
For TGF Readers
- 2 days Event Only = Rs. 1200/- Rs. 1000/-
- 2 days Event with lunch = Rs 2400/- Rs. 2000/-
- For Clubhack Workshop = Rs.10,000/- Rs. 8,000/-
What Android Developers should look forward to in Clubhack 2011
Android Tamer (Anant Shrivastava)
This presentation will look at the available toolset for security professionals and will introduce some new combinations in a consolidated form of a VM environment. This will be a one stop tool required to perform any kind of operations on Android devices / applications / network, be it forensic evaluation or source code review or software security testing or customizing ROM with pre embedded stuff.
Environment will be bundled with eclipse, droiddraw, gingerbread source code. And most of the well known security tools in one single package. You can call it swiss army knife for android security.
Android Forensics (Manish Chasta)
Talk starts with brief introduction of Android internals i.e. Dalvik VM, SQLite database, underlying Kernel.
Presentation covers the steps of cyber forensics in context of Android:
- Seizing the phone and maintaining its state so that we don’t lose any important data
- Taking image of the phone memory and memory card. In case of Android, we need to ROOT the device first to take the bit by bit image.
- Recovering useful data from the image. Device memory can contain extremely valuable data including contact list, call logs, sms, emails, passwords, application data, phone data etc.
- Analyzing the data to discover evidences. It will cover decrypting the encrypted files, cracking the passwords, recovering deleted files etc.
- Chain of custody to preserve evidences so that they can be presented in a court of law.
The presentation also demonstrates:
- Rooting Android Phone
- Taking image and Discovering evidences
Takeaway for the audience:
- Insights to the Android System
- Techniques and concepts to recover and analyse evidences from Android phone
- Live Forensics for Android System.
How Android based phone helped me win American Idol (Elad Shapira)
The lecture will enable a rare glimpse into the workings of hackers, when moving rapidly through a wide range of topics by using examples and stories of personal experience –
All in a wild and fun atmosphere but with a serious, in-depth and “out-of-the-box” perspective.
We will discuss and show updated android related attacks, reversing tools and malware analysis methodology, android internals and terminology, android forensics methdology and cool stuff you can do with your phone.
Pentesting Mobile Applications (Prashant Verma)
The presentation briefs the audience on “Penetration Testing the Mobile applications” to assess the level of security built into them. Key aspects in the mobile applications space include-
1. Reading the application stored data on devices.
2. Capturing the requests and manipulating the parameters.
3. Reverse Engineering the application package.
4. Mobile Platform Specific issues.
The presentation further delves into similarities and differences in the manifestation of above issues in Andriod and iOS platforms.
The presentation also demonstrates-
• Configuring a proxy for the phone.
• Reading stored data (iOS and Android).
These are presented based on the internal research work done on these platforms, auditing and pentesting real world mobile applications.
• Vulnerabilities or Insecurities in mobile applications.
• Techniques to find mobile application vulnerabilities.
• Securing mobile applications.
Hacking your Droid (Aditya Gupta)
In this talk, you will learn about the security of the Android OS, How to create a Malware for fun and profit and your brains would finally be filled with how to conduct a mobile application Penetration Testing.
Be ready for the demos.!
Will be starting off with the Android basics, the OS and the Android Security model. After that, he will be diving into Android Applications and Dalvik Virtual Machine. Then he will be talking about the most important part of this presentation “Reverse Engineering” and “How to make our own malware” . The sent details to the server would include the IMEI, IMSI no of the device, Call and SMS Logs, and even some of the files from the SD Card. Ofcourse, there is a lot more possible . He is also be speaking about how to bypass the Anti Viruses for this platform, and where and how to spread. In the end, he would be concluding with a demo on How to conduct a successful mobile application Penetration Test.
Overall, there are some great sessions for Mobile developers. You should not miss this one for sure!