Security BSides Ljubljana

Docker with finux (Arron “finux” Finnon)

Blah, blah, blah, docker isn’t a secure control, something, something, it’s basically a chrooted environment, something, blah. Now we have the usual objections out of the way this workshop looks at how security researchers can benefit from using docker (linux container not the toolbar thingy) in their labs. This training course will be guide from zero to hero and show you what docker is, how to get it up and running, how to use it, how to deploy services, and how you could go about testing these services for research and education purposes. Think of the cloud, you know that thing we like telling people means ‘someone else’s computer’, except its your computer.

Requirements: You’ll need a laptop, with linux or a vm with linux. You can use a mac, you’ll need vagrant installed though.

Hello Android Applications (Milan Gabor & Danijel Grah)

In the workshop tools and technics will be demonstrated to analyze Android applications. Participates will get basic knowledge about how Android application are build, how to reverse engineer them, what tools can be used and how to use them, what to look for in source code, how to convince the mobile application to send data over a proxy and at last how to analyze mobile applications at runtime.

We will start by showing how to connect to an android based phone or emulator using adb. After connecting we will download a demo application. The demo application will be used in further demonstrations where tools like dex2jar, JD-GUI, apktool, Apkyzer will be shown in action. We will also give brief introduction to smali (language and tool).

I the second part of Hello Android Applications we will focus on dynamic analysis of APK’s. We will show how to configure your phone to send traffic over a proxy and use Burp proxy tool to intercept and modify traffic. For dynamical analysis of Android application we will use Vaccine. Basic introduction about Vaccine architecture and the process of preparation of an Android application will be given. At the end we will show Vaccine in action.