Download presentation
Presentation is loading. Please wait.
1
Mobile Pen Testing w/ drozer
Guillermo Saldivar Roberto Ortiz
2
Agenda What is drozer? Drozer ‘fun facts’ Features Demo
3
About us Working at Softtek for 2 years
2 Years of experience in Information Security Web and mobile application testing Penetration testing Working at Softtek for 1 year 1 year of experience in Information Security Involved in Researching Web and mobile application testing Penetration testing Wireless auditing
4
What is drozer? Comprehensive security and attack framework for Android. Swiss-army knife for Android Pentesting.
5
What is drozer? (cont.) Discover and interact with the attack surface exposed by Android apps.
6
drozer ‘fun facts’ Developed by MWR Labs. Written in python.
Formerly called Mercury. Interactive in nature Consists of 2 parts: a console and an Android agent w/ limited permissions. Is open source.
7
Features Search security vulnerabilities by assuming the role of an app. Interact w/: Dalvik VM Other apps’ IPC endpoints The underlying OS Provides tools to help, share and understand public Android exploits. Helps you remotely exploit Android devices. Discover and interact with the attack surface exposed by Android apps. Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.
8
Features (cont.) Discover Installed Packages
Send Intents to IPC Endpoints Broadcast Intents Access Databases from other Apps Interact with Services in other Apps Arbitrary Java Execution Run an Interactive Shell Access a device with Remote Exploits Root Privilege Escalation Command-line Interface Use drozer with Physical Devices Use drozer with Android Emulators
9
Demo
10
Questions? Thank you! Guillermo Saldivar
Roberto Ortiz
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.