Android Application Hacking with Damn Vulnerable Bank
2021-09-02, 12:00–13:00, Main track

From mobile devices to smartwatches, automotives, smart refrigerators, and many other devices, Android is ruling the market. This gives an onus on developers to protect the information and integrity of their users by developing a secure code for the applications. This enforces us to secure Android applications used by millions and billions of people across the globe.

This session aims to demonstrate our open-source application, Damn Vulnerable Bank. This application provides an interface for folks interested in android application security to assess their skills. This short course will be packed with static and dynamic analysis, dynamic instrumentation, binary analysis, hacking APKs at a low level, playing with multiple debuggers, and many other interesting discussions. By the end of this session, you will gain an understanding of different threat vectors and exploitability means.

I have released a guide on solving the challenges in Damn Vulnerable Bank:

We are having many more ideas and different scenarios to include in this application. We will release the new version of the application with upgraded features soon.

Rewanth Tammana is a security ninja, open-source contributor, and Senior Security Architect at Emirates NBD. He is passionate about DevSecOps, Application, and Container Security. He added 17,000+ lines of code to Nmap (famous as Swiss Army knife of network utilities). Holds industry certifications like CKS (Certified Kubernetes Security Specialist), CKA (Certified Kubernetes Administrator), etc.

Rewanth speaks and delivers training at multiple international security conferences around the world including BlackHat, Defcon, Hack In The Box (Dubai and Amsterdam), CRESTCon UK, PHDays, Nullcon, Bsides, CISO Platform, null chapters and multiple others.

He was recognized as one of the MVP researchers on Bugcrowd (2018) and identified vulnerabilities in several organizations. He also published an IEEE research paper on an offensive attack in Machine Learning and Security. He was also a part of the renowned Google Summer of Code program.

Hrushikesh Kakade specializes in advanced assessments of Mobile Security (Android and iOS), Network Infrastructure Security, DevSecOps, Container security, Web security, and Cloud security. Hrushikesh is a member of the Synack Red Team and is a holder of renowned OSCP (Offensive Security Certified Professional) certification. He is an active member of local Cybersecurity chapters and has delivered multiple talks and workshops. He is an Open Source Contributor and has a keen understanding of Linux Internals. He has received multiple CVEs to his name for finding vulnerabilities in different applications.

Akshansh Jaiswal is a security engineer at CRED who works closely around Web ,Mobile and Cloud Security.He is also an active CTF player where he has won several CTF's such as Hackerone CTF's -h1 100k CTF, Hacky Holidays CTF,h1-2006 CTF, BugPOC CTF's and community CTF's. He also participates actively in Bug Bounties where he is an active hacker on platforms like Hackerone and Synack Red Team where he finds and reports vulnerabilities to various organisations.He has also been part of Hackerone exclusive Live hacking event h1-2103 where selected hackers got a chance to find security issues in Amazon public applications and infrastructure.