Aman Sachdev Relatore

Aman Sachdev is a programmer at heart and information security expert with 10+ years of experience in the Information Security Ecosystem having trained over 19000 individuals to date including college grads, corporate developers, and security professionals worldwide. His love for breaking challenging Infrastructures, Firewalls, and Defenses has landed him as a core member of numerous Red Teams and Security Engineering Teams around the globe. He is an avid speaker and has been invited to numerous international security conferences including RSA Singapore, HITB Amsterdam, Confidence Poland+London, Hack Miami, Sec-T Stockholm, LeHack Paris, and numerous others to share his research and experiences. Aman has done his Bachelor's in Computer Applications and also holds OSCP, OSWE and CRTP certification apart from his vast experience in Architecture Review, Secure Code Development, Manual Source Code Analysis, Bug Hunting, Web & Mobile app exploitation, and corporate network penetration testing. At present, he works as a Product Security Engineer at VMware as he solves cyber security problems during the day and creates them at night.
  • Defeating Modern Android Security Measures - Custom Kernels and Anti-Frida This talk aims to explore and understand the various security measures provided by the latest Android OS version (13/14) such as SafetyNet, Google Play Integrity, Device Fingerprint Blacklisting, Anti Objection/Frida modules and ROM integrity checks utilised by sophisticated Financial and Banking Android Applications. First we will discuss the conventional methods used by hackers to bypass hindrances such as Root Checks and SSL pinning which generally involve injecting custom code in runtime with tools such as Magisk, Frida, Objection, Xposed Framework etc. These techniques however do not work on the latest Android versions and we will understand how the advanced security measures detect such techniques. We will then deep dive into novel techniques used by malicious hackers in the wild to defeat such measures. This will cover using Custom Kernels, Custom Recovery images and new frameworks to inject malicious modules into Android and patch the Kernel sneakily to bypass modern detections. We will then discuss how these frameworks can be used to weaponize our attacks and bypass certificate checks to gain complete API level interception. We will showcase our case studies and PoCs where we were able to bypass Root Check and SSL Pinning for sophisticated Banking and Telecom applications on the latest Android versions while utilizing lesser known tools such as KernelSU, Tai Chi, LSposed, Orange Recovery, etc which are used in the blackhat community for carrying out financial frauds and targeted logical attacks on widely used applications. Finally we will talk about numerous tricks and tips developers can use to make the life of hackers more difficult. - 15:15/16:00, 08 Jun 2024