Attack & Defend Android Applications

Course Outline

Android is becoming increasingly present in all aspects of our lives, from phones and televisions to fridges and point of sale devices. As the use of Android continues to grow, so do concerns about security and privacy. This has led to a greater need for security assessments and the secure operation of the Android application ecosystem.

This course aims to provide guidance for application security engineers and penetration testers on how to secure the Android application ecosystem. It does cover various aspects of Android security, including analysing and assessing the security of Android applications, identifying vulnerabilities and weaknesses, and implementing security controls. The course provides hands-on experience and practical knowledge for professionals to effectively secure Android applications and protect against threats. The ultimate goal is to equip participants with the necessary skills and knowledge to ensure the security and privacy of the Android ecosystem.

Course focuses on the android application ecosystem covering both attack & defence side of the application development process. Starting with attack we cover the various attacks possible on android application and then we provide answers to various challenges routinely encountered by android security engineers / pen testers:

  • Traffic interception (http/https/web socket/non-http)
  • Root detection bypass
  • Static & dynamic analysis
  • Perform dynamic instrumentation (Frida / Magisk)
  • Analysing non Java/ Kotlin apps (React Native and Flutter)

Then we shift gears and focus on defending the applications and major areas covered are

  • Application Threat Modelling
  • Identifying weaknesses
  • Adding Security into CI / CD Pipeline for the application
  • Analysis of the results (centralised dashboard and prioritizations)

The aim is not to create zero to hero, but to provide a methodical approach with which the participants could perform any android application assessment. We provide students with access to learning portal (cloud VM’s), a soft copy of slides, detailed answer sheets as well as AMI’s to continue learning after class.

Course Syllabus


  • Understanding OS Architecture
  • Android Permission model
  • Inter process communication
  • (Intents / Binders, Deep linking)
  • Application Structure


  • Attack surface mapping
  • Traffic Interception (http/https)
  • root detection bypass
  • Deobfuscating application code
  • Dynamic instrumentation 
  • Static & dynamic analysis 
  • Hybrid app assessment (reactnative, flutter, .net)


  • Threat Modeling
  • Defense Strategies
  • CI / CD Pipeline
  • Static analysis SAST via semgrep
  • Dynamic analysis DAST
  • 3rd Party Library Tracking
  • Supply Chain Security

Previous Run of this class

BlackHat USA 2023

Aug 5-6 2023

BlackHat USA 2022

Aug 6-7 2022 and Aug 8-9 2022


I’m a beginner level but was easy for me to understand all the topics because it was very clear the examples for each topic. Thanks for the help.

Attendee @ BlackHat USA 22

Great delivery, very attentive, excellent knowledge base provided. The provision of material is a highlight.

Attendee @ BlackHat USA 22

The presenters conveyed a significant amount of knowledge and I’m walking away with good value for $. Excellent work and great training

Attendee @ BlackHat USA 22

How to attend

Cyfinoid offers its trainings via multiple international conference such as BlackHat USA and others.

Scroll to Top