Presentation information

Workshop: Analysing Android malware

Led by Vitor Ventura (Cisco Talos); hosted by Cisco Talos
Android malware has become prevalent across the landscape. In this workshop Vitor Ventura will show you reverse engineering techniques for Android malware.

This workshop is designed to provide the participants with different approaches to malware analysis, so that they can perform their own analysis without the use of automated tools. When everything else fails, we need to know what's under the hood.

On the analysis side the workshop covers:
  • Malware unpacking

  • String deobfuscation

  • Command and control protocol identification

  • Certificate pinning bypass

  • Feature identification

While performing the analysis workshop participants will apply techniques like patching and instrumentation.

During the workshop attendees will work with Gustuff, DoNot, Loda4Android and other malware. By the end, attendees should be able to apply the same techniques, or adapted versions of them, to new malware samples and even to different approaches.

This workshop will be hosted by Cisco Talos. Details of how to join the workshop will be provided before and during VB2021.
Vitor Ventura
Cisco Talos Vitor Ventura is a Cisco Talos security researcher. As a researcher, he has investigated and published various articles on emerging threats. Most days Vitor hunts for threats, investigating them, reversing code, but also looking for the geopolitical and/or economic context. Vitor has spoken at conferences such as NorthSec, Recon Brussels, DEFCON Crypto Village and BSides Lisbon among others. Previously, he was IBM X-Force IRIS European manager and did penetration testing at IBM X-Force Red. Vitor holds multiple security-related certifications including GREM (GIAC Reverse Engineer Malware) and CISM (Certified Information Security Manager).
arrow left Back

Workshop: Analysing Android malware

Led by Vitor Ventura (Cisco Talos); hosted by Cisco Talos
Android malware has become prevalent across the landscape. In this workshop Vitor Ventura will show you reverse engineering techniques for Android malware.

This workshop is designed to provide the participants with different approaches to malware analysis, so that they can perform their own analysis without the use of automated tools. When everything else fails, we need to know what's under the hood.

On the analysis side the workshop covers:
  • Malware unpacking

  • String deobfuscation

  • Command and control protocol identification

  • Certificate pinning bypass

  • Feature identification

While performing the analysis workshop participants will apply techniques like patching and instrumentation.

During the workshop attendees will work with Gustuff, DoNot, Loda4Android and other malware. By the end, attendees should be able to apply the same techniques, or adapted versions of them, to new malware samples and even to different approaches.

This workshop will be hosted by Cisco Talos. Details of how to join the workshop will be provided before and during VB2021.
Vitor Ventura
Cisco Talos Vitor Ventura is a Cisco Talos security researcher. As a researcher, he has investigated and published various articles on emerging threats. Most days Vitor hunts for threats, investigating them, reversing code, but also looking for the geopolitical and/or economic context. Vitor has spoken at conferences such as NorthSec, Recon Brussels, DEFCON Crypto Village and BSides Lisbon among others. Previously, he was IBM X-Force IRIS European manager and did penetration testing at IBM X-Force Red. Vitor holds multiple security-related certifications including GREM (GIAC Reverse Engineer Malware) and CISM (Certified Information Security Manager).