Drozer and SimpleRISK: Two VERY useful pentesting tools to Manage Risk and Secure Android

Drozer and SimpleRISK: Two VERY useful pentesting tools to Manage Risk and Secure Android

Henry Dalziel | Concise Courses, Hacker Hotshots, Pentesting Tools, Product Reviews, Resources and Tutorials | September 17, 2013

Here’s a quick run down to this week’s Hacker Hotshot shows: SimpleRisk and Drozer! By a rather nice coincidence this week’s events are both tools and programs that can be used to make your life, as a security professional, easier.

Update! Go ahead and check out our new Hackers Tools Directory. Hint, you’ll love us for it!

Hacker Hotshot’s presenting security tools is hardly new – in fact we have covered literally dozens of them, examples include:

…and there are plenty more where they came from! Just take a moment to view our past events and you’ll see what we mean.

Pentesting tools make the world go around, well at least they do for us!

Wednesday September 18th: SimpleRisk!
Join us, usual time (12 EST) with what promises to be an excellent presentation with Josh Sokol. Josh @joshsokol is the creator and primary developer of the open source risk management tool, SimpleRisk.

What is SimpleRISK?
Josh is – obviously – going to vastly expand on the question of what exactly SimpleRisk is, but here’s a brief overview. SimpleRisk provides the security pentester, CISO, or security professional with a tool that allows the user to submit risks, plan disaster mitigation, facilitate management reviews, prioritizes project planning and also tracking regular reviews. In summary, it sounds like a really helpful platform from which IT professionals can manage the security posture and management of an organization. SimpleRisk also appears to be the only free and open source risk management tool.

If you are reading this after Wednesday September 18th then we’d encourage you to visit our SimpleRisk page where you can learn more accurate information with the Q&A which typically follows every Hacker Hotshot event.

Josh told us here at Concise Courses that he’d like to cover three main areas during his talk, namely, that viewers will:

  • Learn the basics of enterprise risk management
  • Cover different ways to assess threats, how to plan mitigation, and the best way to raise the visibility of risks to management for proper review.
  • Demonstrate how, using a simple and powerful (cost effective tool) like SimpleRisk and some basic risk management knowledge at your disposal, will allow you to become the security rock star that your business seeks out for risk-based decision making.

Few words on the presenter and creator of SimpleRisk: Josh Sokol
Josh is a CISSP holder and graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since then he has been employed by several large organizations including AMD and BearingPoint, spent some time as a military contractor, and is currently working as the Information Security Program Owner at National Instruments. In his position Josh oversees all compliance, information security architecture, risk assessments and vulnerability management activities for National Instruments.

If you are interested in managing the security of your organization, which incidentally would place you in a much valued role within your organization, then we really encourage you to attend this event and get involved!

Thursday September 19th: Drozer!
The very next day we are blessed and lucky enough to have the excellent and super-talented infosec professional Daniel Bradberry join us on Hacker Hotshots! Daniel @dbradberry@mwrdrozer heads up security tools development at MWR InfoSecurity. Not only is Daniel an amazing talented hacker but he is also the co-creator of Drozer.

What is Drozer?
Drozer is a ‘Security Testing Framework for Android.’ The mobile security tool enables the pentester to search for vulnerabilities in Android apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying Operating System. If Android security is your thing, or if any mobile/ cell security is of interest to you then you really should be attending Daniel’s much anticipated presentation. The trend is, without doubt, moving from desktop to mobile and as a result the security of mobile devices becomes more prevalent.

The mobile malware situation as at September 2013 is serious. In fact, according to research by Trend Micro (August 2013) malware within the Android ecosystem has increased a staggering 40 percent in the last several months. Needless to say that Daniel’s tool is very timely!

Daniel told us that he’d like to discuss the following:

  • The top vulnerabilities in Android apps.
  • How you can find common vulnerabilities in Android apps using Drozer.
  • How you can use Drozer when Red Teaming and therefore be able to secure a foothold through an Android device.

In Summary
Two cooler infosec web shows do not exist on Planet Earth this week. We dare you to contradict us! If you are interested in risk management and to be the rock in your organization that has the courage to stand up and take that role, then get yourself to Josh’s SimpleRisk event this Wednesday.

If Android hacking and securing is your thing then Daniel’s got your back with Drozer. Worth mentioning here that we have another event similar to Drozer titled: “Status of App (in)Security: A look at common risky behaviors in the top 400 iOS and Android Apps” with Domingo Guerra. Domingo is a co-founder of Appthority and he will be explaining, amongst other things, how security and privacy impacts organizations due to BYOD and Bring Your Own Apps.

Leave a comment or reply below...thanks!