腾讯腾讯安全-移动端安全研究工程师-Android 逆向方向
社招全职5年以上业务安全-二部技术地点:深圳状态:招聘
任职要求
1.扎实的 Android 系统底层原理,熟悉 AOSP 源码结构(Framework /Kernel 层); 2.精通 Android 逆向工具链:IDA Pro / Ghidra、jadx、frida、objection、adb 等; 3.熟练阅读 ARM/ARM64 汇编; 4.具备网络协议分析能力,熟练使用 Wireshark、Burp Suite、Charles、m…
登录查看完整任职要求
微信扫码,1秒登录
工作职责
1.负责 Android平台安全攻防研究,主要工作包括对APP/系统进行逆向分析、网络协议还原、漏洞挖掘,为业务提供安全能力支撑; 2.对 Android App(含加固、混淆、反调试)进行静态 & 动态逆向分析; 3.针对 HTTPS/TLS、自定义加密传输、WebSocket 等通信方式进行抓包与协分析; 4.基于 Frida / Xposed / Magisk 等框架开发 Hook 工具及自动化逆向脚本; 5.跟踪 Android 安全社区最新动态,复现 & 研究 CVE 及 1day/0day 漏洞; 6.撰写清晰的技术分析报告。
包括英文材料
Android+
https://roadmap.sh/android
Step by step guide to becoming an Android developer .
https://www.youtube.com/playlist?list=PLQkwcJG4YTCSVDhww92llY3CAnc_vUhsm
开发框架+
[英文] Understanding Modern Development Frameworks: A Guide for Developers and Technical Decision-makers
https://www.freecodecamp.org/news/understanding-modern-development-frameworks-guide-for-devs/
内核+
https://www.youtube.com/watch?v=C43VxGZ_ugU
I rummage around the Linux kernel source and try to understand what makes computers do what they do.
https://www.youtube.com/watch?v=HNIg3TXfdX8&list=PLrGN1Qi7t67V-9uXzj4VSQCffntfvn42v
Learn how to develop your very own kernel from scratch in this programming series!
https://www.youtube.com/watch?v=JDfo2Lc7iLU
Denshi goes over a simple explanation of what computer kernels are and how they work, alonside what makes the Linux kernel any special.
Interactive Disassembler+
https://www.youtube.com/watch?v=hM2Zvsak3GM
A step-by-step IDA Pro tutorial on reverse engineering dynamic imports in malware.
https://www.youtube.com/watch?v=I37--xkTsiQ
In this video, part of a 3 video series, we'll look at what a basic structure is, discuss how it uses memory and use a sample program to create a compiled binary for reverse engineering.
Frida+
[英文] Quick-start guide
https://frida.re/docs/quickstart/
For the impatient, here’s how to do function tracing with Frida.
ARM64+
https://mariokartwii.com/armv8/
This page includes chapters of information that will teach a Beginner about the ARMv8 AArch64/ARM64 Assembly Language.
ProtoBuf+
https://learnxinyminutes.com/protocol-buffer-3/
Protocol buffers are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data – think XML, but smaller, faster, and simpler.
https://protobuf.dev/getting-started/
Each tutorial in this section shows you how to implement a simple application using protocol buffers in your favorite language.
https://www.baeldung.com/google-protocol-buffer
In this article, we’ll be looking at the Google Protocol Buffer (protobuf) – a well-known language-agnostic binary data format.
还有更多 •••