Workshop: Analysing Android malware

Led by Vitor Ventura (Cisco Talos); hosted by Cisco Talos

Android malware has become prevalent across the landscape. In this workshop Vitor Ventura will provide hands-on reverse engineering techniques for Android malware

This workshop is designed to provide the participants with different approaches to malware analysis, so that they can perform their own analysis without the use of automated tools. When everything else fails, we need to know what's under the hood.

On the analysis side the workshop covers:

Basic Android topics

Triage and feature identification

Malware unpacking

Emulation and root check bypass

String deobfuscation

During the workshop attendees will work with Gustuff, DoNot, Loda4Android and other malware. By the end, attendees should be able to apply the same techniques, or adapted versions of them, to new malware samples and even to different approaches

Vitor Ventura

Cisco Talos

Vitor Ventura is a Cisco Talos security researcher. As a researcher, he has investigated and published various articles on emerging threats. Most days Vitor hunts for threats, investigating them, reversing code, but also looking for the geopolitical and/or economic context. Vitor has spoken at conferences such as NorthSec, Recon Brussels, DEFCON Crypto Village and BSides Lisbon among others. Previously, he was IBM X-Force IRIS European manager and did penetration testing at IBM X-Force Red. Vitor holds multiple security-related certifications including GREM (GIAC Reverse Engineer Malware) and CISM (Certified Information Security Manager).

@_vventura