Creation of an Android Security Training Lab
| dc.contributor.advisor | Xenakis, Christos | |
| dc.contributor.advisor | Ξενάκης, Χρήστος | |
| dc.contributor.author | Papoutsis, Grigoris | |
| dc.contributor.author | Παπουτσής, Γρηγόρης | |
| dc.date.accessioned | 2022-10-06T11:19:12Z | |
| dc.date.available | 2022-10-06T11:19:12Z | |
| dc.date.issued | 2022-02-28 | |
| dc.identifier.uri | https://dione.lib.unipi.gr/xmlui/handle/unipi/14658 | |
| dc.identifier.uri | http://dx.doi.org/10.26267/unipi_dione/2081 | |
| dc.format.extent | 148 | el |
| dc.language.iso | en | el |
| dc.publisher | Πανεπιστήμιο Πειραιώς | el |
| dc.rights | Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/gr/ | * |
| dc.title | Creation of an Android Security Training Lab | el |
| dc.type | Master Thesis | el |
| dc.contributor.department | Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών Συστημάτων | el |
| dc.description.abstractEN | Mobile attack incidents have increased in recent years both on enterprise and personal level. One way to fight this is keeping our security teams up to date with the latest trends, and have security awareness as individuals. In order to achieve this goal, this thesis will provide a comprehensive methodology on how to perform Android application security assessment. It will teach the reader what are the fundamental things that someone needs to know before starting the Android app assessment, explain in depth some of the most common techniques that are used, and give a full hands-on experience on the latest mobile security trends, through an immersive gamified Android Application Security Lab. The topics that we will study on this thesis include information gathering and local storage enumeration, reverse engineering, static and dynamic analysis methods, traffic analysis methods and Android forensics. Usage of various tools and setting up operating systems and virtual environments are going to be described as well. Finally, we will show how to configure and deploy an open source CTF web-based platform using the latest technologies like docker, in order for anyone to be able to create their own security lab. To write this document, it was necessary to have a solid understanding of the needs for training, the Android OS structure, the structure of the Android applications and how they are compiled and archived in different file types, the various programming languages that are used for the creation of the challenges and the other platforms that involved, the various and different security assessment methodologies, the technologies, services and virtual environment that were set up, as well as the vulnerabilities and bad practices that were incorporated in the challenges, and examined later in depth when assessing them. As the problem has grown, the security training companies have already paid attention on how to provide a good training content. Similar security training with the one we are going to see in this project has already been provided online. However, while most of the existing online projects are providing mostly theoretical content, this project gives a fully hands-on gamified experience, in a comprehensive and methodical way. To create this lab, the following technologies/services and opensource projects were used: Android Studio, AVD Emulator, CTFd platform and Docker. The programming languages that needed were Java and C++. Finally, the operating systems that used on this project were Parrot Linux and Android OS. In order to read this thesis and play the Lab, one should know the fundamentals of cyber security, have a good understanding of Linux systems and be able to handle command line tools, be familiar with an objective programming language like Java or C++, and be passionate about mobile application security assessment. On completion of this Lab, one should be able to understand the need for cyber security training, the structure of an android phone and apps, how to assess android applications, how to use tools to automate the assessment, how to do Android forensics, and how to create detailed writeups when completing a CTF security challenge. | el |
| dc.contributor.master | Ασφάλεια Ψηφιακών Συστημάτων | el |
| dc.subject.keyword | Mobile | el |
| dc.subject.keyword | Android | el |
| dc.subject.keyword | Security | el |
| dc.subject.keyword | Hacking | el |
| dc.subject.keyword | Penetration testing | el |
| dc.subject.keyword | Training lab | el |
| dc.date.defense | 2022-03-27 |
Αρχεία σε αυτό το τεκμήριο
Αυτό το τεκμήριο εμφανίζεται στις ακόλουθες συλλογές
-
Τμήμα Ψηφιακών Συστημάτων
Department of Digital Systems
Εκτός από όπου διευκρινίζεται διαφορετικά, το τεκμήριο διανέμεται με την ακόλουθη άδεια:
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα