A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Android Patchwork: Convincing Apps to Do What You Want Them To - William McLaughlin Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Android Patchwork: Convincing Apps to Do What You Want Them To
William McLaughlin
Derbycon 2016

For better or worse, Java applications are all over the place. Our favorite cross-platform nightmare can be seen basically everywhere, powering all types of software. We can observe it in the wild running at the heart of an Android application, acting as the backend of a web application, and sometimes even pretending to be a desktop application. The popularity of Java means we, as security professionals, need to be able to understand and dissect Java applications effectively. An essential tool in accomplishing this is a powerful debugger. When it comes to Java, many Integrated Development Environments (IDEs) come bundled with a debugger. These include Netbeans, Eclipse, and IntelliJ IDEA. However, a command line user will find options limited. A popular choice is jdb, the Java DeBugger. jdb is a command line debugger created as a demonstration of the Java Platform Debugger Architecture (JPDA). Basically, it's a proof of concept that has kinda become the standard for command line Java debugging. This isn't ideal. As such, I've set out to make a better Java debugger. Starting where Oracle left off, I have been aiming to bring jdb up to the level of other powerful debuggers by implementing some much needed functionality. Functionality such as command history, tab completion, more intuitive keybindings, and various other features suggested by fellow security professionals. This talk focuses on my work so far, and my continuing work, on the path to making the jdb dream come true.

Billy McLaughlin is an Associate Security Analyst for Independent Security Evaluators, where he is challenged with assessing security implementations for Fortune 500 companies including DRM and cryptographic systems, and secure configurations/development for mobile and web applications. Mr. McLaughlin holds a dual B.S. in Computer Science and Computer Security and is pursing an M.S. in Computer Science, both at East Stroudsburg University of Pennsylvania. Security was a hobby during his years as a student, and it has evolved into a profession.

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast