hills_grid_bg

Dynamic Instrumentation on Linux/Android using Frida

Workshop Image

The ability to perform dynamic instrumentation and peek into processes is close to a superpower when it comes to debugging and reverse engineering applications.

Frida is a world-class scriptable dynamic binary instrumentation toolkit for dynamic analysis and reverse-engineering. FRida lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. FRida also provides you with some simple tools built on top of the Frida API. Simply put, if you want to be a Thor when debugging or reverse engineering black-box apps, Frida is your Mjölnir.

This training is for attendees who would like to get up to speed with FRida and perform dynamic instrumentation in Linux/Android environment. You'll learn to use FRida to peek into black-box binaries on Linux, apps on Android and subvert the protection mechanisms.

The workshop will begin with an introduction to Frida, highlighting its core functionalities and its application in various contexts. We will then delve into several practical use cases, showcasing how Frida can be employed to perform security testing. We will cover some advanced concepts such as writing custom Frida scripts, memory manipulation and RASP hooking.

By the end of the workshop, attendees will gain a comprehensive understanding of Frida's capabilities and be equipped with practical knowledge to leverage advanced dynamic instrumentation for security testing, research and application analysis.

This is a workshop for you if your answer is yes to any of the following questions:
  1. This is a workshop for you if your answer is yes to any of the following questions:
  2. Have your ever wanted to peek inside a black box process on your OS and didn’t know the right tools to use?
  3. Were you tasked with pentesting thick-client apps, binaries or Android apps with no docs and wanted to understand the inner workings?
  4. Did you ever play a desktop game and wondered if you could control the outcome in your favour by fiddling with the game at runtime?
  5. Have you ever wanted to subvert an Android application’s security by bypassing black-box security mechanisms such as encryption/RASP?
Register Now
Bharat Kumar
Bharath is a Security Engineer at PhonePe with a strong passion for cybersecurity and building real-world solutions, actively contributing to communities like null and regularly speaking at premier security conferences including c0c0n, DEFCON (Recon Village), Nullcon, Bugcrowd LevelUp, ThreatCon, HITB Armory, SINCON, and BountyCon.
Prateek Thakare
Prateek Thakare, a Security Engineer at PhonePe, is the lead developer of Mantis—an open-source framework for asset discovery, reconnaissance, and scanning—and specializes in web/mobile app pentesting, secure code reviews, and security automation, with talks presented at Black Hat Arsenal and ThreatCon.