Eleonora Losiouk
- Personal Information
- Google Scholar
- Scopus
- elosiouk[at]math.unipd.it
- eleonora.losiouk
- Room 530, Dipartimento di Matematica, Via Trieste 63, 35121 Padova, Italy
Course Information:
Important information:
Bring your own laptop at the lectures because there will be a lot of practical activities.
Credits:
3 CFU, including
- 16 hours of frontal lectures in dual mode (in presence and online) between Oct, 10 and Oct 14.
- Exercises to be solved at home by the students after Oct, 14.
- Final exam which requires the students to submit a write-up with the solutions of the exercises and a brief oral exam.
Lectures mode:
- At the start of the lecture, I will give a brief overview of the concepts you need to solve the new challenge and I will administer a short questionnaire to check if you are all aligned
- I will then release the CTF challenge
- You will be divided into groups to work together on the challenge
- The first group that completes the challenge will illustrate the solution to the other students
Schedule (available online at this Zoom link):
- Mon Oct 10: 9.00 - 13.00
- Tue Oct, 11: 9.00 - 13.00
- Wed Oct, 12: 9.00 - 11.30
- Thu Oct, 13: 9.00 - 11.30
- Fri Oct, 14: 14.30 - 17.30
Location: Pankratiusstraße 2, Darmstadt (S2|20, seminar room 9.
Slack Group: Students enrolled to this course are invited to join THIS Slack group.
Course Content:
The purpose of this course is to introduce you to the Android OS security through a practical approach. After gaining knowledge on the Android security foundations, you will solve exercises that emulate real-world security issues.
The exercises follow the Capture The Flag format, i.e. you will exploit an Android app vulnerability to find the hidden "flag".
The course covers the following topics:
- Internal architecture of the Android OS.
- Mobile app components (Activity, Service, Content Provider, Broadcast Receiver).
- Mobile app reverse engineering techniques.
- Static and dynamic analysis techniques for mobile apps.
During the course, I will release 8 different challenges, one for each lecture, addressing the following topics:
- Activity.
- Service.
- Broadcast Receiver.
- Content Provider.
- Static analysis.
- Dynamic analysis.
- Native code reverse engineering.
- Real-world exploit.
