In today’s increasingly digitized world, cybersecurity has become a top priority for organizations of all sizes and sectors. With the constant evolution of cyber threats, it is imperative for businesses to stay ahead of the curve and ensure the security of their sensitive information and assets. One of the most effective ways to achieve this is through cybersecurity training programs that educate employees on the best practices and strategies for identifying and mitigating potential cyber risks.
Arrownex Information Technology (hereafter referred to as “Arrownex” or “Vendor”) is a leading provider of cybersecurity services and training programs, specializing in equipping organizations with the knowledge and skills needed to defend against cyber threats. Through our comprehensive training programs, we aim to empower employees to identify potential security risks, respond to incidents promptly and effectively, and maintain a proactive approach to cybersecurity. Our experienced trainers bring a wealth of knowledge and expertise to the table, drawing on their industry experience and up-to- date knowledge of the latest threats and trends to provide relevant and actionable training content. We work closely with your organization to understand your unique security needs and develop a training program that addresses your specific pain points and vulnerabilities.
Arrownex would like to thank (hereafter referred to as “” or “Client”) for giving us the opportunity through this training outline document to present our offering for conducting training for the employees of . In this training outline document, we outline our approach to delivering high-quality cybersecurity training to your organization, including the scope of the engagement, assumptions and exclusions, estimated timelines, and associated commercials. Our goal is to work collaboratively with your team to develop a tailored training program that meets the unique needs of your organization and equips your employees with the knowledge and skills they need to keep your business safe and secure in today’s ever- changing digital landscape.
Learning Malware Analysis is a multi-disciplinary approach that involves understanding assembly language, operating systems, networking, file formats, and programming concepts, along with practical experience in using analysis tools and reverse engineering techniques to dissect and understand the behavior of malicious software.
The training will prepare you to evaluate effectively and assess the security weaknesses of built-in and third-party Android applications. You’ll learn to assess an application and understand all the risks so that you can characterize threats basing on industry standards such as OWASP MASVS.
Understanding and identifying vulnerabilities and threats to Android devices is a valuable skill as mobile device applications introduce new threats to organizations, including data leakage, and the disclosure of enterprise secrets, intellectual property, and personally identifiable information assets.
Training starts with the overview of Android internals, security architecture and application development ecosystem. We look into industry adopted reverse engineering techniques, including static and dynamic analysis. We use tools such as jadx, apktool, medusa, RMS, Frida etc. Finally, we make use of an a vulnerable Android application to write exploits and do penetration testing.
1.1 Android Architecture
1.2 Android Application Interaction
Android application interaction through
1.3 Environment
Android mobile application analysis with Android Debug Bridge (ADB) tools Uploading, downloading, and installing applications with ADB
2.1 APK Structure
2.2 Analysis Techniques
2.2 Third-Party Application Frameworks
Identifying Flutter & React-Native applications
3.1 Instrumentation & Analysis
3.2 Network analysis
SSL unpinning techniques and capturing network traffic
4.1 Testing the vulnerable application
Sensitive Functionality Exposure Through IPC
4.3 Exploiting live applications
Proof-of-concept demo
CTF
Participants will be provided with multiple Android apps containing vulnerabilities.
Participant should analyze the applications, find the vulnerability, write specific exploit, perform successful attack and grab the flag
1.1 Android Architecture
1.2 Android Application Interaction
Android application interaction through
1.3 Environment
Android mobile application analysis with Android Debug Bridge (ADB) tools Uploading, downloading, and installing applications with ADB
2.1 APK Structure
2.2 Analysis Techniques
2.2 Third-Party Application
Frameworks
Identifying Flutter & React-Native applications
3.1Instrumentation & Analysis
3.2Network analysis
SSL unpinning techniques and capturing network traffic
4.1Testing the vulnerable application
Sensitive Functionality Exposure Through IPC
4.3 Exploiting live applications
CTF
Participants will be provided with multiple Android apps containing vulnerabilities.
Participant should analyze the applications, find the vulnerability, write specific exploit, perform successful attack and grab the flag
Founded 15 years ago, Arrownex is a leading UAE-based company with a strong presence across the region. With offices strategically located in Abu Dhabi, Dubai, Fujairah, India, and partner locations in Saudi Arabia, Qatar, and Nepal, we specialize in delivering cutting-edge cybersecurity awareness programs, comprehensive cybersecurity solutions, and professional services.
Dubai
Al Saheel-2 Business Tower
Office 505, 5TH Floor
Al Nadha-1, Dubai, UAE
Tel: 971-04-4456708
Abu Dhabi
AL ARYAM TOWER BLOCK A
OFFICE NO 104 - 1st Floor
Abu Dhabi, UAE
Tel: 971-02-6228107
Email: info@arrownex.com
Copyright © 2024 cybal All Rights Reserved.
Security Researcher – Chief Business Strategist
Vivek N J is a seasoned Security Researcher specializing in IoT pentesting, Firmware Analysis, System Security, and Cryptography. With over 10+ years of experience, Vivek has developed a strong expertise in securing IoT devices and analyzing firmware for vulnerabilities. As a Mentor and Lead of the Hardware Security Team, Vivek has played a key role in shaping and guiding fellow researchers in the field. He has extensive experience in testing and creating exploits for products like TP-Link, Asus, and Draytek routers, enhancing the overall security posture of these devices. Vivek is well-versed in performing Vulnerability Assessment and Penetration Testing (VAPT) assessments, providing comprehensive security evaluations for various systems. Additionally, Vivek possesses a deep technical interest in areas such as Applied Crypto, Public Key Crypto, Homomorphic Encryption, Multi-Party Computation, Post-Quantum Crypto, Linear and Differential Cryptanalysis, and Zero Knowledge Proof, showcasing a strong passion for cryptographic research and advancements.
Security Researcher – Chief Business Strategist
Sreekumar R Koyickal is a versatile Chief Business Strategist with nearly 3 decades of experience in software development, corporate training, business analysis, and product management. With expertise in Agile and waterfall methodologies, Sreekumar has hands-on experience across the software development life cycle (SDLC). Their collaborative approach and ability to work with diverse stakeholders, from CXOs to software developers, contribute to the successful delivery of projects. Sreekumar’s entrepreneurial background adds a unique perspective to problem-solving, innovation, and strategic planning. They have successfully ventured into software development and consultancy in India and the UK since 2004, while also mentoring startups and sharing their knowledge and experience. Beyond IT, Sreekumar’s interests span organic cosmetics, Indian handlooms, and agriculture. With a wealth of experience in software development and a strong business mindset, Sreekumar is well-equipped to drive successful outcomes in the industry
Security Researcher – ICS / SCADA System Security
Season Cherian is a skilled Security Researcher specializing in ICS/SCADA System Security, IoT Eco-system which includes Wireless Security, Hardware Security, Radio and Communication Security and Firmware Security Assessment. With over 6+ years of experience, Season possesses a comprehensive understanding of securing critical infrastructure systems and IoT devices. He has developed CTF tournament challenges in the areas of ICS/SCADA, Wireless, Reverse Engineering, and IoT for esteemed clients like Schneider Electric and Cisco. Season has a proven track record in conducting IoT security assessments, identifying vulnerabilities, and implementing robust security measures. As a Project Lead, Season has been instrumental in creating an ICS miniature prototype to showcase real-world attack scenarios, enhancing awareness and preparedness in the field.
Founder – amFOSS / BI0S
Vipin Pavithran is a highly accomplished individual with over 10+ years of industry experience and 15+ years in academia. As the Founder and Chief Mentor of renowned student clubs such as amFOSS, Team bi0s, and Team Shakti, Vipin has made significant contributions to the field of cybersecurity. Additionally, he serves as the Director of Traboda CyberLabs, a leading cybersecurity company. Vipin’s expertise and leadership in both academic and industry settings have helped shape the future of cybersecurity professionals, while his role as a Directos at Traboda CyberLabs ensures that cutting-edge solutions and services are provided to clients in the cybersecurity domain.
Security Researcher – IoT / Firmware / Cryptography
Vivek N J is a seasoned Security Researcher specializing in IoT pentesting, Firmware Analysis, System Security, and Cryptography. With over 10+ years of experience, Vivek has developed a strong expertise in securing IoT devices and analyzing firmware for vulnerabilities. As a Mentor and Lead of the Hardware Security Team, Vivek has played a key role in shaping and guiding fellow researchers in the field. He has extensive experience in testing and creating exploits for products like TP-Link, Asus, and Draytek routers, enhancing the overall security posture of these devices. Vivek is well-versed in performing Vulnerability Assessment and Penetration Testing (VAPT) assessments, providing comprehensive security evaluations for various systems. Additionally, Vivek possesses a deep technical interest in areas such as Applied Crypto, Public Key Crypto, Homomorphic Encryption, Multi-Party Computation, Post-Quantum Crypto, Linear and Differential Cryptanalysis, and Zero Knowledge Proof, showcasing a strong passion for cryptographic research and advancements.
Security Researcher – Web / Mobile / Windows
Varun Nair is an accomplished Security Consultant with expertise in Web, Network, Mobile, API, Windows AD, and Linux Pentesting. With over 6+ years of experience, Varun has successfully conducted security assessments in diverse environments. They possess a strong background in cloud security, particularly in Kubernetes, Docker, AWS, and Azure Active Directory. Varun’s proficiency in various tools such as Burp Suite, Empire Tools, Kali pentest tools, x32/x64 dbg, and Ghidra enables them to efficiently identify vulnerabilities and implement robust security measures. With a broad programming language knowledge encompassing Java, C++, Python, C, .NET, Go, Assembly, SQL, Unix scripting, and Ethereum Smart Contract, Varun brings a versatile skill set to tackle complex security challenges
Security Researcher – Web/ API / Mobile
Aswin M Gupta is a highly skilled Security Researcher specializing in Web, API, and Mobile security. With over 10+ years of experience as a cybersecurity consultant, Aswin has worked with prominent organizations like Schneider Electric, where he has developed 50+ training labs for educating employees on cybersecurity. Aswin has extensive experience in conducting penetration testing for a diverse range of clients, including hospitals, colleges, and financial institutions. Additionally, Aswin actively mentors with Team bi0s and organizes Capture the Flag (CTF) programs to foster the growth of junior professionals, college students, and cybersecurity enthusiasts.
Security Researcher – Mobile & Web
Arjun TU is a highly experienced Security Researcher specializing in Reverse Engineering, System Security, Cryptography, and Malware Analysis. With over 10+ years of expertise, Arjun has developed an integrated Secure Coding Framework and possesses in-depth knowledge of offensive and defensive security techniques. As an accomplished trainer in cybersecurity, Arjun brings valuable skills and insights to educate and empower others in the field.
Security Researcher – Mobile & Web
Abhinand N is a seasoned Security Researcher with 6+ years of experience in Mobile and Web vulnerability analysis and penetration testing. He has successfully identified and reported vulnerabilities in various Android apps on the Google Play Store and has been leading the Mobile Security team in various VAPT projects. With expertise in OWASP Top 10 Mobile, Frida, Burp Suite, and more, Abhinand provides comprehensive security assessments, ensuring robust protection for clients’ applications. His ethical behavior, strong communication skills, and commitment to confidentiality make him a trusted professional in the field.