< NULLCON 2025 - GOA />

About the Speaker

CFP CTF Live Bug Hunting Registration Schedule Speakers Sponsors Training Venue
GO BACK
img
Akshay Jain
Security Engineer PhonePe
img
Bharath Kumar
Security Engineer PhonePe

< Talk Title />

Instrumenting the Unknown: Leveraging Frida for Binary Analysis on Linux

< Talk Category />

Workshop and Villages

< Talk Abstract />

The ability to perform dynamic instrumentation and peek into processes is close to a super power when it comes debugging and reverse engineering applications.

Frida is a world-class scriptable dynamic binary instrumentation toolkit for dynamic analysis and reverse-engineering. Frida lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Frida also provides you with some simple tools built on top of the Frida API. Simply put, if you want to be a Thor when debugging or reverse engineering black-box apps, Frida is your Mjölnir.

This workshop is for attendees who would like to get up to speed with Frida and perform dynamic instrumentation. You’ll learn to use Frida to peek into black-box applications in Linux environment.

The workshop does not cover mobile aspects. However, the principles / techniques stay the same and you can use your knowledge while working in mobile environments.

This is a workshop for you if your answer is yes to any of the following questions:

1. Have your ever wanted to peek inside a black box process on your OS and didn’t know the right tools to use?

2. Were you tasked with pentesting thick-client apps with no docs and wanted to understand the inner working?

3. Did you ever play a desktop game and wondered if you could control the outcome in your favour by fiddling with the game at runtime?

4. Have you ever wanted to subvert an application’s security by bypassing black-box security mechanisms such as encryption?

 

What do you need to know?

  • JavaScript experience will be very helpful but not mandatory to follow the workshop
  • Baics of Linux OS (command-line tools like cd, grep, ps etc)

What not to expect?

  • Usage of Frida in Mobile environments
  • A lot of hand holding about basic concepts already mentioned in the things you should be familiar with.
  • A lot of theory. This is meant to be a completely hands-on training!!
  • To become an Frida maestro in few hours

What do you need to bring?

  • A laptop with Linux running as primary OS, on a VM or in the cloud
  • Docker Desktop installed
  • 8 GB RAM at the minimum
  • 5 GB free hard disk space

< Speaker Bio />

Akshay's Bio

Akshay is a Product security engineer with PhonePe, with extensive experience in the cybersecurity industry. His primary focus lies in application security and reverse engineering.

Akshay has shared his research and conducted training at leading conferences, including Nullcon, Threatcon, Sincon, PHDays, and inCTF.
Throughout his career, Akshay has discovered and responsibly reported multiple vulnerabilities to major tech companies such as Adobe, Apple, HP, and Google, earning numerous CVEs and acknowledgements.

 

Bharath's Bio

Bharath is a Security Engineer with PhonePe. He has a strong passion for information security and building solutions that solve real world problems.

Bharath is an active member and contributor at various security and developer communities including null open security community and Python Malaysia User Group.

His core interest lies in Application security, Infrastructure security, Reconnaissance and Protocol security.

Bharath holds multiple CVEs, the latest include - CVE-2018-15635, CVE-2018-15636, CVE2018-15638, CVE-2018-15639 and CVE-2018-15641.

Bharath has spoken at conferences such as c0c0n, Defcon: Recon Village, Nullcon, Bugcrowd LevelUp, ThreatCon, HITB Armory, Sincon etc.