Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Pen Testing w/ drozer

Similar presentations


Presentation on theme: "Mobile Pen Testing w/ drozer"— Presentation transcript:

1 Mobile Pen Testing w/ drozer
Guillermo Saldivar Roberto Ortiz

2 Agenda What is drozer? Drozer ‘fun facts’ Features Demo

3 About us Working at Softtek for 2 years
2 Years of experience in Information Security Web and mobile application testing Penetration testing Working at Softtek for 1 year 1 year of experience in Information Security Involved in Researching Web and mobile application testing Penetration testing Wireless auditing

4 What is drozer? Comprehensive security and attack framework for Android. Swiss-army knife for Android Pentesting.

5 What is drozer? (cont.) Discover and interact with the attack surface exposed by Android apps.

6 drozer ‘fun facts’ Developed by MWR Labs. Written in python.
Formerly called Mercury. Interactive in nature Consists of 2 parts: a console and an Android agent w/ limited permissions. Is open source.

7 Features Search security vulnerabilities by assuming the role of an app. Interact w/: Dalvik VM Other apps’ IPC endpoints The underlying OS Provides tools to help, share and understand public Android exploits. Helps you remotely exploit Android devices. Discover and interact with the attack surface exposed by Android apps. Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

8 Features (cont.) Discover Installed Packages
Send Intents to IPC Endpoints Broadcast Intents Access Databases from other Apps Interact with Services in other Apps Arbitrary Java Execution Run an Interactive Shell Access a device with Remote Exploits Root Privilege Escalation Command-line Interface Use drozer with Physical Devices Use drozer with Android Emulators

9 Demo

10 Questions? Thank you! Guillermo Saldivar
Roberto Ortiz


Download ppt "Mobile Pen Testing w/ drozer"

Similar presentations


Ads by Google