44CON 2013 Training

Android Security Workshop

MWR InfoSecurity

The training course is designed for:

  • Android developers who have a basic understanding of Android security but wish to improve their knowledge about the options available to them in more unusual or difficult situations. The workshop will present them with opportunities to see mistakes made by others, witness and recreate exploits and to redesign and secure vulnerable functions under supervision.
  • Android security testers with basic understanding of Java and Android pen-testing. The workshop will give them the opportunity to see difficult to solve security issues, develop tests to locate the issues and write exploits against them.

The training course will teach attendees about the implementation details of the Google Android operating system (OS), the impact this has on the security posture of custom applications and the Google Android device.

Course Length: 2 days

The Web Application Hacker’s Handbook, 2nd Edition: LIVE!

MDSec (Marcus Pinto)

The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

Course Length: 2 days

The Advanced Exploit Laboratory

Saumil Shah

The Advanced Exploit Laboratory is an all new intermediate to advanced level class, for those curious to dig deeper into the art and craft of software exploitation. We begin with a quick overview of stack overflows, exception handler abuse, memory overwrites, and other core concepts. The class then moves on to use-after-free bugs and vtable overwrites, especially applicable to browser and PDF exploits. The class also spends a lot of time focusing on defeating modern day exploit mitigation techniques like DEP and ASLR using Return Oriented Programming (ROP).

To add extra punch, we are introducing an all new section practical exploitation of browsers on the Android platform and working with ARM exploits. This is one class you don’t want to miss!

The Exploit Laboratory requires a lot of hands on work. Lab examples used in this class cover Linux, Windows and Android platforms, featuring popular third party applications and products instead of simulated lab exercises.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over eight years have been working hard in putting together advanced material based on past feedback.

Course Length: 2 days

This is the 100% genuine Exploit Lab! No imitations, no rip-offs

Hacking by Numbers – Mobile Edition


Mobile phone usage continues to grow at an outstanding rate, with mobile applications an increasingly common development target. This course will teach how to go about testing mobile platforms, and installed applications to ensure they have been developed in a secure manner.

Hacking By Numbers Mobile will give you a practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers/auditors/developers who are new to the mobile area and need to understand how to analyse and audit applications on various mobile platforms using a variety of tools and platforms. This course uses a mixture of lectures, hands-on-labs, demonstrations and group exercises. You’ll tear apart 10 mobile applications looking for flaws and exploiting them.

This is a new course in the Hacking By Numbers series and one we are incredibly excited about.

Course Length: 2 days