Switch branches/tags
Nothing to show
Find file History


Offensive & Defensive Android Reverse Engineering

Training materials crafted and publicly provided by Red Naga members;

  • Jon 'jcase' Sawyer
  • Tim 'diff' Strazzere
  • Caleb 'I need something to put here' Fenton

Due to some issues with the github inline PDF viewer, we would highly suggest downloading the PDF and opening it on your machine. Originally presented at the DEFCON 23 workshops

Vulnerabilities discussed are disclosed in the rednaga/disclosures repo, specifically;

Some of the resources which where originally provided on the USB drive passed around are available in the challenges directory.


Thinking like an attacker, you will learn to identify juicy Android targets, reverse engineer them, find vulnerabilities, and write exploits. We will deep dive into reverse engineering Android frameworks, applications, services, and boot loaders with the end goal of rooting devices.

Approaching from a defensive perspective, we will learn quickly triage applications to determine maliciousness, exploits, and weaknesses. After learning triage skills, we will deep dive into malicious code along while dealing with packers, obfuscators, and anti-reversing techniques.

Between the offensive and defensive aspects of this class, you should walk away with the fundamentals of reverse engineering and a strong understanding of how to further develop your skills for mobile platforms.


We would expect students to know minimal reverse engineering concepts. Would also be good, though not required, to have some of the following non-free tools:

  • IDA Pro
  • Hopper
  • JEB


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. TLDR - free for personal use, commercial use is forbidden unless you contact us and gain permission