Meetup — Deep dive into Android exploitation & Investigate Kidnapping with OSINT

⚠️⚠️ RSVP on BOTH google form & meetup.
Google Form — https://forms.gle/2d8YxzuP1ztk4Vc58 ⚠️⚠️
—
AGENDA

• 6.30pm: Registration & Networking (30mins)
• 7.00pm: Introduction & Announcement (20mins)
• 7.20pm: "Deep dive into Android exploitation" by Ilya Dreytser
  VP, Solutions Engineering at Quokka
• 8.00pm: "Assisting a Kidnapping Investigation Using OSINT" by Sodinokibi
• Till Late: Networking

SPONSORS

• VENUE SPONSOR: CyberSG TIG Collaboration Centre
• DIV0 SUSTAINING OFFICIAL SPONSOR: Red Alpha Cybersecurity

ABSTRACTS
Deep dive into Android exploitation
With over 3 billion active devices this year, Android dominates the global mobile market with a 70.69% market share. But with this widespread usage comes an increasing number of vulnerabilities. In this event, we will dive deep into the world of Android app and firmware exploits and showcase live demonstrations of a few exploits on a live real device. Attendees will gain a clear understanding of how interprocess communication, privileged apps, and Android's interprocess communication models can lead to common exploit patterns resulting in data leakage or exposing personally identifiable information (PII).

​Join us for a hands-on session that not only highlights the risks but also provides practical insights into how these exploits work and how to mitigate them in your own apps and systems.

​Key Topics Covered Will Include:

• ​Common exploit patterns in Android apps and firmware
• ​How interprocess communication creates vulnerabilities
• ​Exploiting privileged apps for data leakage
• ​A live demo of key Android exploits with step-by-step walkthroughs
• ​Protecting data and minimizing personally identifiable information (PII) exposure

​Why Attend?

• ​Live Demonstrations: See real-world Android exploits in action with a guided walkthrough for each.
• ​Practical Takeaways: Learn how to identify and mitigate mobile vulnerabilities in your own development and security operations.
• ​Expert Insights: Gain knowledge from an industry expert with years of hands-on experience in mobile app testing and security.
• ​Cutting-Edge Knowledge: Stay informed about the latest trends and threats in the rapidly evolving mobile security landscape.

​Interactive Learning: Understand the technical aspects of Android exploits through live demos and actionable insights.

Assisting a Kidnapping Investigation Using OSINT
In this talk, I will share how my team was tasked with supporting one of the most high-profile kidnapping cases in the cryptocurrency sector, which occurred in January. Due to the sensitivity of the investigation, authorities shared minimal information. I will walk through our thought process, the OSINT techniques we employed, and how we were able to uncover critical leads—despite an unexpected twist at the end. This case highlights the importance of proactive intelligence sharing in time-sensitive investigations.

BIOS
Ilya Dreytser | Ilya has been testing mobile apps for security, performance, and functionality for the past 8 years. A seasoned expert in mobile app security, Ilya has presented at DroidCon and other notable events. Known for his engaging speaking style, Ilya’s journey began as a developer before transitioning into security testing. He has a unique ability to break down complex mobile vulnerabilities into easy-to-understand concepts while providing real-world solutions. When he's not diving into mobile security, you might catch him enjoying the sunshine after years of basement coding! Ilya is currently leading the Solutions Engineering team Quokka focusing on securing mobile devices and apps.

Sodinokibi | A former desktop support technician turned security engineer who transitioned into penetration testing before becoming an intelligence analyst for two of the largest US banks. Since his interest in blockchain and cryptocurrency, Sodinokibi currently serves as an intelligence analyst at one of the world’s largest cryptocurrency exchanges.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice