2026-04-14 –, Room 1
Android malware analysis can be intimidating, especially when samples employ aggressive obfuscation, layered encryption, anti-analysis techniques, and native code to conceal their behavior. This workshop is designed to guide analysts beyond these barriers and into a disciplined, scientific approach to understanding what modern Android malware actually does. Rather than treating obfuscation as a blocker, the workshop focuses on identifying it, understanding its purpose, and actively defeating it. Participants will learn how to recognize common and advanced obfuscation patterns, isolate relevant logic, and reconstruct the overall malware execution flow. The methodology presented combines static reverse engineering with dynamic analysis and runtime instrumentation, reflecting real-world workflows used by professional malware analysts.
A core theme of the workshop is analyst efficiency and automation. Attendees will explore techniques to dynamically resolve encrypted code paths, automatically identify and neutralize encryption routines, and interact with malware at runtime. This includes injecting into the execution flow, patching binaries or memory on the fly, and forcing the execution of specific instructions to extract hidden behavior.
The workshop begins with a custom-built Android application and progressively introduces techniques commonly found in modern Android malware. These techniques are applicable across malware families, including banking trojans, spyware, and more advanced threats, and are not tied to a single campaign or actor. To make the overall learning experience effective, the workshop includes a custom Capture the Flag (CTF) designed specifically for attendees. The challenges mirror real-world analysis scenarios, allowing participants to apply the techniques covered during the sessions immediately.
Solid background in Penetration testing and modern malware analysis. His main research topics are threat intelligence and computer forensics. Nevertheless, he is passionate about binary exploitation, reverse engineering, and privilege escalation techniques. He now works as a principal malware analyst at Cleafy. He has spoken at Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, and Botconf 2025 as well as DEFCon 2025.
Federico is passionate about technology in general, with a deep interest in cybersecurity, particularly Penetration Testing, Malware Analysis, and Social Engineering. He's currently leading the Threat Intelligence Team and Incident Response at Cleafy. He oversees all activities related to monitoring and uncovering new threats and attack patterns used by malicious actors. He has spoken at HackInBO 2022, Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, Botconf 2025, DEFCON33 and other private events managed by CertFIN in the Italian territory.
Cybersecurity professional with experience in malware analysis and threat intelligence. I’m specialized in reverse engineering Windows and Android malware, gaining deep insights into malicious operations and behaviors. Currently, I am a Malware Analyst at Cleafy, focusing on analyzing and mitigating emerging mobile cyber threats.