Xipiter co-authored the Android Hacker's Handbook, a leading text on Android security, reverse engineering, and development. The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others

Concepts taught (hands-on) in the course include:

  • Analyze real Jail-breaks and see how they work

  • Write exploits against userland AND kernel 

  • Bypass modern protection mechanisms on Android (ASLR, XN, etc)

  • Perform Dalvik reverse engineering and learn about the Android NDK 

  • Analyze Mobile Malware

  • Perform hardware attacks on Mobile devices 

Who should attend?

Android Developers, Mobile Developers, Hackers, Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, jail breakers.

Student requirements

  • Students taking Practical Android Exploitation should have an intermediate software exploitation background on another architecture (such as x86). They should have hands-on familiarity with the following concepts:

    • Exploitation of stack overflows

    • Exploitation of heap overflows

    • Basic experience with IDA

    • Basic experience with a debugger

    • Cursory knowledge of Python or some equivalent high-level scripting language (Java, Ruby, etc)

    • C++ and C coding experience

What students should bring

  • A laptop (running their favorite OS) capable of connecting to wired and wireless networks

  • An installed valid VMWare Player, Workstation or Fusion (freeware is sufficient)

  • An installed copy of at least IDA Standard.(freeware is also sufficient)

  • An SSH/Telnet client to access the hosted QEMU images 

What students will be provided with

  • Lab manual

  • Access to the embedded systems (targets), and tools, that comprise the entire class environment

  • Undoubtedly some Xipiter swag of some kind ;-)

Find out more!



2 days

20th, 21st  September 



Up to 31/08 

USD 1250


  • Discount buying the 2 Xipiter courses!!


Para realizar consultas sobre el training o alguno de sus beneficios, contacta a


Stephen A. Ridley is a security researcher with more than 15 years of experience in software development, software security, and reverse engineering. Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every Continent except Antarctica. Stephen and his work have been featured on NPR and NBC and in the Wall Street Journal, Wired, Washington Post, Fast Company, VentureBeat, Slashdot, The Register, and other publications.

Stephen serves as CTO and Founder of Senrio Inc. a VC-backed network intelligence, asset identification,and embedded device security company. Stephen  holds several patents* some of which are specifically in support of Senrio’s machine learning and firmware technologies.Prior to Senrio, Stephen founded Xipiter, a small New York-based boutique (~10 employees), an information security practice with a focus on mobile/embedded device security services and training. Although a small practice, Xipiter’s customers included “Fortune 50” businesses, as well as Government and Defense/Intelligence Agencies.Stephen has authored a number information security articles, open-source security tools, and co-written several texts. The most recent of which is the "Android Hackers Handbook" published by Wiley &  Sons. Stephen has guest lectured at NYU, Rensselaer PolyTechnic (RPI), Dartmouth, and other universities on subject of software exploitation and reverse  engineering. Stephen has served on the programming/review committees of USENIX Woot, SecuringSmartCities, BuildItSecurely, et al. Stephen also serves on the board of, a California 501(c)(3) non-profit devoted to making "Open Source"  pharmaceuticals a reality


Stephen Lawler has been working in information security for over 10 years, primarily in reverse engineering, malware analysis, and exploit development.  While working at Mandiant he was a principal malware analyst for high-profile computer intrusions affecting several Fortune 100 companies.  Prior to this, he was lead developer for the AWESIM simulator as part of the US Navy SMMTT program.  He is also technical editor of the book "Practical Malware Analysis" published by No Starch Press.