Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Pen Testing w/ drozer

Published byBasil Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "Mobile Pen Testing w/ drozer"— Presentation transcript:

1 Mobile Pen Testing w/ drozer
Guillermo Saldivar Roberto Ortiz

2 Agenda What is drozer? Drozer ‘fun facts’ Features Demo

3 About us Working at Softtek for 2 years
2 Years of experience in Information Security Web and mobile application testing Penetration testing Working at Softtek for 1 year 1 year of experience in Information Security Involved in Researching Web and mobile application testing Penetration testing Wireless auditing

4 What is drozer? Comprehensive security and attack framework for Android. Swiss-army knife for Android Pentesting.

5 What is drozer? (cont.) Discover and interact with the attack surface exposed by Android apps.

6 drozer ‘fun facts’ Developed by MWR Labs. Written in python.
Formerly called Mercury. Interactive in nature Consists of 2 parts: a console and an Android agent w/ limited permissions. Is open source.

7 Features Search security vulnerabilities by assuming the role of an app. Interact w/: Dalvik VM Other apps’ IPC endpoints The underlying OS Provides tools to help, share and understand public Android exploits. Helps you remotely exploit Android devices. Discover and interact with the attack surface exposed by Android apps. Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

8 Features (cont.) Discover Installed Packages
Send Intents to IPC Endpoints Broadcast Intents Access Databases from other Apps Interact with Services in other Apps Arbitrary Java Execution Run an Interactive Shell Access a device with Remote Exploits Root Privilege Escalation Command-line Interface Use drozer with Physical Devices Use drozer with Android Emulators

9 Demo

10 Questions? Thank you! Guillermo Saldivar
Roberto Ortiz

Download ppt "Mobile Pen Testing w/ drozer"

Similar presentations

Aurasium: Practical Policy Enforcement for Android Applications

Aurasium: Practical Policy Enforcement for Android Applications
Fabian Lema *I’m not set on the title of the project W1 Remote Monitoring of Android Devices* University Of Queensland, Australia.

Fabian Lema *I’m not set on the title of the project W1 Remote Monitoring of Android Devices* University Of Queensland, Australia.
Android architecture overview

Android architecture overview
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Client and Server-Side Vulnerabilities Stephen Reese.

Client and Server-Side Vulnerabilities Stephen Reese.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
Mobile Application Development

Mobile Application Development
1 2 3 Agenda Goal & Objectives Services in the Cloud Tracker Web Portal Next Step To Do 4.

1 2 3 Agenda Goal & Objectives Services in the Cloud Tracker Web Portal Next Step To Do 4.
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
What is Android? Android is among the most popular operating systems aimed towards mobile devices such as smartphones, and is currently the most widely.

What is Android? Android is among the most popular operating systems aimed towards mobile devices such as smartphones, and is currently the most widely.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.
Android Introduction Platform Overview.

Android Introduction Platform Overview.
Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.

Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.
Introduction to Android Swapnil Pathak www.SecurityXploded.com Advanced Malware Analysis Training Series.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Android Introduction Based on slides made by

Android Introduction Based on slides made by
2015. 6. 26 박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST). 2012.

박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Similar presentations

Ads by Google