applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Droid-Sec Exploitation

Register for the March 12-13, 2-day course

Blessen Thomas


The Droid-Sec Exploitation training will enable attendees to master various android application penetration testing techniques and exploitation methods. With the rise of IoT devices, we have also included IoT smart watch wearable application penetration testing methodology and case studies.

This training focuses on practical hands-on exercises on several dedicated vulnerable apps, with the basic theory explained prior to the Do-It-Yourself mind-bending exercises - enabling the attendee to test his acquired skills during the training course.

This two-day fast-paced, brain-melting, revamped, custom-tailored, flag-ship training program will include subjects such as setting up Android pentest environments, identifying and exploiting application vulnerabilities in a variety of mobile application architectures, relevant mobile forensics, malware analysis concepts, and complementary subjects.

Key Learning Objectives:

What not to expect:

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Modules:

Day 1:

Module 1: Lab setup and in-depth analysis

Module 2: Reverse engineering of Android application binaries (static analysis)

Module 3: Insecure data storage

Module 4: Data interception and manipulation (dynamic analysis)

Day 2:

Module 5: Analyzing runtime analysis

Module 6: Exploiting logic and code flaws in applications

Module 7: Automated assessment with Introspy / & Drozer /Mobile Security Framework, Xposed Framework

Module 8: Android forensics

Module 9: Android Malware Analysis

Module 10: Analysing HTML5 applications

Module 11: IoT smart watch wearable application penetration testing


Students could be familiar with below topics but not mandatory:

Who Should Attend:

What you will need to bring:

Participants are required to bring their own laptop (no Netbooks, no tablets, no corporate laptop due to the restrictions enabled) with Windows 7 64 bit in Host machine installed. Min 500 GB free Hard disk space and 8 GB RAM preferred, with antivirus and firewall disabled. Genymotion free version installed (!/ ), Virtual box installed (, with no VPN installed. Attendees must have administrator privilege, orking USB port and wi-fi enabled. Updated to the latest display drivers.

No need for devices, as training will be done using emulator.