Android Malware Analysis
•
4 likes•3,788 views
This document analyzes the "machine.apk" Android malware sample using static and dynamic analysis techniques. The summary includes: 1. Static analysis is performed using tools like apktool, dex2jar, and jd-gui to disassemble the app and examine its AndroidManifest.xml and Java source code. This reveals the malware requests dangerous permissions like location, SMS/calls, and implements tapping and tracking services. 2. Dynamic analysis with CopperDroid and Anubis is able to monitor the app's network traffic and activity timeline. The analysis finds the app extracts the phone number and operator, sends this data to Thailand, can make automatic calls, and tracks the device location. 3.
Report
Share
Report
Share
Download to read offline
Recommended
Android malware analysis
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
Malware classification and detection
The document discusses automatic malware clustering and detection. It covers the current state of antivirus classification, which relies primarily on signature-based methods. Automatic malware clustering aims to recognize known malware to filter it out and focus on new threats. The clustering process typically involves malware analysis, feature extraction, and clustering algorithms. Inconsistent labeling of malware families by different antivirus vendors poses challenges. The document advocates improving classification by describing the full malware lifecycle.
Setup Your Personal Malware Lab
This document discusses how to set up a malware analysis lab. It begins by introducing malware analysis and explaining why it is important. It then defines a malware lab as a safe, isolated environment for analyzing malware, noting both physical and virtual options. The document outlines the steps to build a malware lab, including isolating systems, installing behavioral and code analysis tools, and using online analysis tools. Finally, it lists specific tools that could be included in a malware lab, such as honeypots, behavioral monitors, disassemblers, sandboxes, and online scanners.
Malware Classification Using Structured Control Flow
This document summarizes a system for classifying malware using control flow graph signatures. It discusses:
1) Using entropy analysis to identify and unpack packed malware through application-level emulation.
2) Generating control flow graph signatures using a "structuring" technique and calculating similarities to signatures in a malware database.
3) Evaluating the system on real malware, showing high similarities between variants and low similarities between unrelated programs.
Data mining techniques for malware detection.pptx
This document discusses data mining techniques for malware detection. It introduces the concepts of data mining, describes common types of malware like viruses, worms and trojans, and covers techniques for malware detection including anomaly-based detection, signature-based detection and clustering algorithms like k-means. Applications of data mining are also discussed along with potential advantages and disadvantages.
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.Malware Detection -
A Machine Learning Perspective
This document discusses machine learning approaches for malware detection. It notes that millions of new malware are created each year, making it difficult for signature-based antivirus software to keep up. Machine learning is presented as a potential solution by automatically constructing models to detect malware based on training data. However, the quality of the training data and features is critical, as machine learning risks producing garbage outputs from garbage inputs. Different machine learning algorithms and evaluation benchmarks are also discussed.
Semantics aware malware detection ppt
This document presents a technique for semantics-aware malware detection. It aims to design a malware detection algorithm that uses the semantics of instructions to identify malware even after it has been obfuscated. The technique specifies malicious behaviors as templates containing instructions, variables, and symbolic constants. It then uses a formal semantics approach and translation-validation to determine if programs are semantically equivalent and discover malicious programs despite polymorphism or metamorphism techniques used by malware writers. The strengths are robustness to code changes, while limitations include challenges with certain obfuscation techniques.
Recommended
Android malware analysis
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
Malware classification and detection
The document discusses automatic malware clustering and detection. It covers the current state of antivirus classification, which relies primarily on signature-based methods. Automatic malware clustering aims to recognize known malware to filter it out and focus on new threats. The clustering process typically involves malware analysis, feature extraction, and clustering algorithms. Inconsistent labeling of malware families by different antivirus vendors poses challenges. The document advocates improving classification by describing the full malware lifecycle.
Setup Your Personal Malware Lab
This document discusses how to set up a malware analysis lab. It begins by introducing malware analysis and explaining why it is important. It then defines a malware lab as a safe, isolated environment for analyzing malware, noting both physical and virtual options. The document outlines the steps to build a malware lab, including isolating systems, installing behavioral and code analysis tools, and using online analysis tools. Finally, it lists specific tools that could be included in a malware lab, such as honeypots, behavioral monitors, disassemblers, sandboxes, and online scanners.
Malware Classification Using Structured Control Flow
This document summarizes a system for classifying malware using control flow graph signatures. It discusses:
1) Using entropy analysis to identify and unpack packed malware through application-level emulation.
2) Generating control flow graph signatures using a "structuring" technique and calculating similarities to signatures in a malware database.
3) Evaluating the system on real malware, showing high similarities between variants and low similarities between unrelated programs.
Data mining techniques for malware detection.pptx
This document discusses data mining techniques for malware detection. It introduces the concepts of data mining, describes common types of malware like viruses, worms and trojans, and covers techniques for malware detection including anomaly-based detection, signature-based detection and clustering algorithms like k-means. Applications of data mining are also discussed along with potential advantages and disadvantages.
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.Malware Detection -
A Machine Learning Perspective
This document discusses machine learning approaches for malware detection. It notes that millions of new malware are created each year, making it difficult for signature-based antivirus software to keep up. Machine learning is presented as a potential solution by automatically constructing models to detect malware based on training data. However, the quality of the training data and features is critical, as machine learning risks producing garbage outputs from garbage inputs. Different machine learning algorithms and evaluation benchmarks are also discussed.
Semantics aware malware detection ppt
This document presents a technique for semantics-aware malware detection. It aims to design a malware detection algorithm that uses the semantics of instructions to identify malware even after it has been obfuscated. The technique specifies malicious behaviors as templates containing instructions, variables, and symbolic constants. It then uses a formal semantics approach and translation-validation to determine if programs are semantically equivalent and discover malicious programs despite polymorphism or metamorphism techniques used by malware writers. The strengths are robustness to code changes, while limitations include challenges with certain obfuscation techniques.
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
Jugal Parikh, Microsoft
Holly Stewart, Microsoft
Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes.
In this talk, we’ll compare the difficulty of tampering with cloud-based models and client-based models. We then discuss how we developed stacked ensemble models to make our machine learning defenses less susceptible to tampering and significantly improve overall protection for our customers. We talk about the diversity of our base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, we’ll describe suspected tampering activity we’ve witnessed using protection telemetry from over half a billion computers, and whether our mitigation worked.Malware Classification and Analysis
The document discusses malware analysis using machine learning. It proposes collecting malware binaries from online sources and using Cuckoo Sandbox to analyze their behavior dynamically. Features would be extracted from the analysis reports and used to classify the malware into families using machine learning algorithms. The goal is to develop an automated malware classification system that can identify both known and unknown malware types.
The Future of Automated Malware Generation
The document discusses the current and future states of automated malware generation and malware defense techniques. It describes how malware distribution networks currently work and trends showing rising malware samples. The future of malware defense is proposed to apply more machine learning and statistical techniques to model malware behaviors and attributes in order to handle growing sample volumes. This would involve training machine learning classifiers on features identified by human experts to classify and cluster malware more effectively.
"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...
В докладе речь пойдёт о применении алгоритмов машинного обучения для обнаружения вредоносных приложений для Android. Я расскажу, как на базе Матрикснета в Яндексе был спроектирован высокопроизводительный инструмент для решения этой задачи. А также продемонстрирую, в каких случаях аналитические методы выявления вредоносного ПО помогают блокировать множество простых образцов вирусного кода. Затем мы поговорим о том, как можно усовершенствовать такие методы для обнаружения более хитроумных вредных программ.
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
This document discusses techniques for achieving successful automated dynamic analysis of evasive malware through full system emulation. It begins by introducing the speaker and their background in malware research. It then discusses the goals of automated malware analysis, different analysis approaches (such as system call hooking and process emulation), and how full system emulation provides the highest visibility and fidelity while maintaining good performance. The document also covers challenges posed by malware evasion techniques and ways analysis systems can work to bypass triggers and detect stalling code.
Android Application Security
This document discusses program security for Android apps. It begins with an introduction of the speaker and covers topics like Android architecture, app threat models, app components like activities and intents, data storage security, cryptography, injection attacks, and reverse engineering defenses. The document provides examples of real security issues from apps like LinkedIn and Pandora and offers tips to defend against various threats like improper data handling, insecure communication, and client-side injection.
Detecting Evasive Malware in Sandbox
This presentation talk about some of the challenges in detecting advanced malware which uses evasion techniques such as inline assembly or previously unknown approaches. The presentation also focuses on leveraging the static code analysis as an opportunity to detect these evasive malware in the sandbox
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing by Sai Sathya narayan Venkatraman, MWR Infosecurity
This workshop gives you hands on experience in identifying and exploiting the latest categories of vulnerabilities against modern Android applications based on real world examples. You’ll use the latest testing tools to assess, unravel and exploit applications, and learn about vulnerability classes unique to Android.
You will learn:-
-To analyze applications from an attacker’s perspective.
- Basic understanding of the latest attack vectors against Android applications
- To perform black box security assessments against real world applications using the latest and widely used tools
more info here http://www.meetup.com/Null-Singapore-The-Open-Security-Community/events/229931768/
Hunting Layered Malware by Raul Alvarez
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address this issue, automated exploit generation techniques can be adopted. In practice, existing techniques however exhibit an insufficient ability to craft exploits, particularly for the kernel vulnerabilities. On the one hand, this is because their technical approaches explore exploitability only in the context of a crashing process whereas generating an exploit for a kernel vulnerability typically needs to vary the context of a kernel panic. On the other hand, this is due to the fact that the program analysis techniques used for exploit generation are suitable only for simple programs but not the OS kernel which has higher complexity and scalability.
In this talk, we will introduce and release a new exploitation framework to fully automate the exploitation of kernel vulnerabilities. Technically speaking, our framework utilizes a kernel fuzzing technique to diversify the contexts of a kernel panic and then leverages symbolic execution to explore exploitability under different contexts. We demonstrate that this new exploitation framework facilitates exploit crafting from many aspects.
First, it augments a security analyst with the ability to automate the identification of system calls that he needs to take advantages for vulnerability exploitation. Second, it provides security analysts with the ability to achieve security mitigation bypassing. Third, it allows security analysts to automatically generate exploits with different exploitation objectives (e.g., privilege escalation or data leakage). Last but not least, it equips security analysts with an ability to generate exploits even for those kernel vulnerabilities for which the exploitability has not yet been confirmed or verified.
Along with this talk, we will also release many unpublished working exploits against several kernel vulnerabilities. It should be noted that, the vulnerabilities we experimented cover primarily Use-After-Free and heap overflow. Among all these test cases, more than 50% of them do not have working exploits publicly available. To illustrate this release, I have already disclosed one working exploit at my personal website (http://ww9210.cn/). The exploit released on my site pertains to CVE-2017-15649 for which there has not yet been an exploit publicly available with the demonstration of bypassing SMAP.
Malware analysis, threat intelligence and reverse engineering
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Penetration Testing vs. Vulnerability Scanning
For more info on pen testing: securitymetrics.com/sm/pub/penetrationtesting
For more info on vulnerability scanning: securitymetrics.com/sm/pub/vulnerabilityscanning
Even the most experienced administrators may fail to implement the latest secure practices at your business. The easiest and most accurate ways to discover if your business is secure enough to withstand a hack is to test it through the eyes of a hacker. An ethical hacker is simply a computer bodyguard that manually examines a business environment for weaknesses via a penetration test, and determines which weaknesses he can exploit. Discover how penetration testers search for vulnerabilities by using the latest hacking techniques, and learn how to baton down your organizational hatches with penetration testing and vulnerability scanning.
Syrian Malware
This document summarizes a report by Kaspersky Lab on evolving malware attacks originating in Syria. Malicious actors are using social engineering techniques like Skype messages, Facebook posts, and YouTube videos to distribute malware disguised as security programs. The malware payloads identified include remote access Trojans (RATs) like ShadowTech RAT and Dark Comet RAT. Over 100 malware samples have been found targeting activists and others in Syria, Lebanon, Turkey and other countries. The actors operate from locations including Syria, Russia, and Lebanon, and are constantly evolving their methods.
Malicious Client Detection Using Machine Learning
Presented by Satyam Saxena in SecurityXploded cyber security meet. visit: http://www.securitytrainings.net for more information
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
This document discusses building a high performance web application vulnerability scanner. It begins with an introduction of the speaker and agenda. It then defines what a WAVS is and why they are needed for both penetration testers and businesses to discover vulnerabilities. The document discusses why building your own WAVS is typically not recommended and reviews common challenges. It proposes an architecture with core and plugin components and discusses approaches like crawling and fuzzing, CPE and CVE mapping, and public exploit testing. Recommendations are provided around programming languages, code design patterns, and challenges like JavaScript crawling, high overhead, false positives, and other considerations.
Malware Analysis
This document provides an overview of methodologies for handling security incidents, including threat hunting, malware analysis, incident response, and threat intelligence. It discusses the skills, tools, and techniques involved in each methodology. For malware analysis, it describes skills like reverse engineering and static/dynamic analysis. It also lists resources for malware analysis like tools for static analysis, reverse engineering, and reporting.
Basic malware analysis
The document discusses Monnappa, a security investigator at Cisco who focuses on threat intelligence and malware analysis. It provides an overview of static analysis, dynamic analysis, and memory analysis techniques for analyzing malware. It includes steps for each technique and screenshots demonstrating running analysis on a Zeus bot sample, including using tools like PEiD, Dependency Walker, Volatility, and VirusTotal. The analysis uncovered the malware creating registry runs keys for persistence and injecting itself into the explorer.exe process.
Automating malware analysis
This document describes Monnappa K A, a member of Cysinfo who works as an information security investigator at Cisco. It then provides information on malware analysis sandboxes and describes how Monnappa uses an automated analysis system written in Python to safely execute malware in a virtual machine, monitor its behavior, and generate reports including memory dumps and artifacts for further analysis. The system aims to determine a malware's purpose, interactions, and identifiable patterns through static, dynamic, and memory forensics techniques.
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.
DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being seen in the wild could be combined to create a highly evasive new breed of malware, which conceals its malicious intent until it reached a specific victim. It achieves this by using a Deep Neural Network (DNN) AI-model to hide its attack payload in benign carrier applications, while the payload will only be unlocked if—and only if —the intended target is reached. DeepLocker leverages several attributes for target identification, including visual, audio, geolocation, and system-level features. In contrast to existing evasive and targeted malware, this method would make it extremely challenging to reverse engineer the benign carrier software and recover the mission-critical secrets, including the attack payload and the specifics of the target.
We will perform a live demonstration of a proof-of-concept implementation of a DeepLocker malware, in which we camouflage well-known ransomware in a benign application such that it remains undetected by malware analysis tools, including anti-virus engines and malware sandboxes. We will discuss technical details, implications, and use cases of DeepLocker. More importantly, we will share countermeasures that could help defend against this type of attack in the wild.
Android Malware Detection Mechanisms
The document discusses Android malware detection mechanisms. It outlines the major types of Android malware like backdoors and spyware. It then describes several approaches to malware detection like static analysis of APK files to examine permissions, activities, and API calls. Signature-based analysis uses a signature database to classify apps as benign or malware. Tools for static analysis like apktool, aapt, and dex2jar are also mentioned. The document concludes with comparisons of different Android malware detection systems and their abilities.
Android malware overview, status and dilemmas
This document summarizes research on malicious Android apps from 2012-2013. Some key points:
- Over 1,260 app samples were analyzed in 2012, with many found to steal user information, turn devices into bots, or generate revenue through premium calls/texts.
- Early malware like DroidDream, Plankton, and BaseBridge leveraged exploits to gain root access and stealthily update themselves. Later malware got more sophisticated with techniques like anti-analysis tricks.
- Malware has been distributed through third-party app stores and underground affiliate programs. Estimates found infection rates between 0.0009-1% of Android devices by 2013.
- While most stole data or made money fraud
More Related Content
What's hot
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
Jugal Parikh, Microsoft
Holly Stewart, Microsoft
Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes.
In this talk, we’ll compare the difficulty of tampering with cloud-based models and client-based models. We then discuss how we developed stacked ensemble models to make our machine learning defenses less susceptible to tampering and significantly improve overall protection for our customers. We talk about the diversity of our base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, we’ll describe suspected tampering activity we’ve witnessed using protection telemetry from over half a billion computers, and whether our mitigation worked.Malware Classification and Analysis
The document discusses malware analysis using machine learning. It proposes collecting malware binaries from online sources and using Cuckoo Sandbox to analyze their behavior dynamically. Features would be extracted from the analysis reports and used to classify the malware into families using machine learning algorithms. The goal is to develop an automated malware classification system that can identify both known and unknown malware types.
The Future of Automated Malware Generation
The document discusses the current and future states of automated malware generation and malware defense techniques. It describes how malware distribution networks currently work and trends showing rising malware samples. The future of malware defense is proposed to apply more machine learning and statistical techniques to model malware behaviors and attributes in order to handle growing sample volumes. This would involve training machine learning classifiers on features identified by human experts to classify and cluster malware more effectively.
"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...
В докладе речь пойдёт о применении алгоритмов машинного обучения для обнаружения вредоносных приложений для Android. Я расскажу, как на базе Матрикснета в Яндексе был спроектирован высокопроизводительный инструмент для решения этой задачи. А также продемонстрирую, в каких случаях аналитические методы выявления вредоносного ПО помогают блокировать множество простых образцов вирусного кода. Затем мы поговорим о том, как можно усовершенствовать такие методы для обнаружения более хитроумных вредных программ.
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
This document discusses techniques for achieving successful automated dynamic analysis of evasive malware through full system emulation. It begins by introducing the speaker and their background in malware research. It then discusses the goals of automated malware analysis, different analysis approaches (such as system call hooking and process emulation), and how full system emulation provides the highest visibility and fidelity while maintaining good performance. The document also covers challenges posed by malware evasion techniques and ways analysis systems can work to bypass triggers and detect stalling code.
Android Application Security
This document discusses program security for Android apps. It begins with an introduction of the speaker and covers topics like Android architecture, app threat models, app components like activities and intents, data storage security, cryptography, injection attacks, and reverse engineering defenses. The document provides examples of real security issues from apps like LinkedIn and Pandora and offers tips to defend against various threats like improper data handling, insecure communication, and client-side injection.
Detecting Evasive Malware in Sandbox
This presentation talk about some of the challenges in detecting advanced malware which uses evasion techniques such as inline assembly or previously unknown approaches. The presentation also focuses on leveraging the static code analysis as an opportunity to detect these evasive malware in the sandbox
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing by Sai Sathya narayan Venkatraman, MWR Infosecurity
This workshop gives you hands on experience in identifying and exploiting the latest categories of vulnerabilities against modern Android applications based on real world examples. You’ll use the latest testing tools to assess, unravel and exploit applications, and learn about vulnerability classes unique to Android.
You will learn:-
-To analyze applications from an attacker’s perspective.
- Basic understanding of the latest attack vectors against Android applications
- To perform black box security assessments against real world applications using the latest and widely used tools
more info here http://www.meetup.com/Null-Singapore-The-Open-Security-Community/events/229931768/
Hunting Layered Malware by Raul Alvarez
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address this issue, automated exploit generation techniques can be adopted. In practice, existing techniques however exhibit an insufficient ability to craft exploits, particularly for the kernel vulnerabilities. On the one hand, this is because their technical approaches explore exploitability only in the context of a crashing process whereas generating an exploit for a kernel vulnerability typically needs to vary the context of a kernel panic. On the other hand, this is due to the fact that the program analysis techniques used for exploit generation are suitable only for simple programs but not the OS kernel which has higher complexity and scalability.
In this talk, we will introduce and release a new exploitation framework to fully automate the exploitation of kernel vulnerabilities. Technically speaking, our framework utilizes a kernel fuzzing technique to diversify the contexts of a kernel panic and then leverages symbolic execution to explore exploitability under different contexts. We demonstrate that this new exploitation framework facilitates exploit crafting from many aspects.
First, it augments a security analyst with the ability to automate the identification of system calls that he needs to take advantages for vulnerability exploitation. Second, it provides security analysts with the ability to achieve security mitigation bypassing. Third, it allows security analysts to automatically generate exploits with different exploitation objectives (e.g., privilege escalation or data leakage). Last but not least, it equips security analysts with an ability to generate exploits even for those kernel vulnerabilities for which the exploitability has not yet been confirmed or verified.
Along with this talk, we will also release many unpublished working exploits against several kernel vulnerabilities. It should be noted that, the vulnerabilities we experimented cover primarily Use-After-Free and heap overflow. Among all these test cases, more than 50% of them do not have working exploits publicly available. To illustrate this release, I have already disclosed one working exploit at my personal website (http://ww9210.cn/). The exploit released on my site pertains to CVE-2017-15649 for which there has not yet been an exploit publicly available with the demonstration of bypassing SMAP.
Malware analysis, threat intelligence and reverse engineering
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Penetration Testing vs. Vulnerability Scanning
For more info on pen testing: securitymetrics.com/sm/pub/penetrationtesting
For more info on vulnerability scanning: securitymetrics.com/sm/pub/vulnerabilityscanning
Even the most experienced administrators may fail to implement the latest secure practices at your business. The easiest and most accurate ways to discover if your business is secure enough to withstand a hack is to test it through the eyes of a hacker. An ethical hacker is simply a computer bodyguard that manually examines a business environment for weaknesses via a penetration test, and determines which weaknesses he can exploit. Discover how penetration testers search for vulnerabilities by using the latest hacking techniques, and learn how to baton down your organizational hatches with penetration testing and vulnerability scanning.
Syrian Malware
This document summarizes a report by Kaspersky Lab on evolving malware attacks originating in Syria. Malicious actors are using social engineering techniques like Skype messages, Facebook posts, and YouTube videos to distribute malware disguised as security programs. The malware payloads identified include remote access Trojans (RATs) like ShadowTech RAT and Dark Comet RAT. Over 100 malware samples have been found targeting activists and others in Syria, Lebanon, Turkey and other countries. The actors operate from locations including Syria, Russia, and Lebanon, and are constantly evolving their methods.
Malicious Client Detection Using Machine Learning
Presented by Satyam Saxena in SecurityXploded cyber security meet. visit: http://www.securitytrainings.net for more information
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
This document discusses building a high performance web application vulnerability scanner. It begins with an introduction of the speaker and agenda. It then defines what a WAVS is and why they are needed for both penetration testers and businesses to discover vulnerabilities. The document discusses why building your own WAVS is typically not recommended and reviews common challenges. It proposes an architecture with core and plugin components and discusses approaches like crawling and fuzzing, CPE and CVE mapping, and public exploit testing. Recommendations are provided around programming languages, code design patterns, and challenges like JavaScript crawling, high overhead, false positives, and other considerations.
Malware Analysis
This document provides an overview of methodologies for handling security incidents, including threat hunting, malware analysis, incident response, and threat intelligence. It discusses the skills, tools, and techniques involved in each methodology. For malware analysis, it describes skills like reverse engineering and static/dynamic analysis. It also lists resources for malware analysis like tools for static analysis, reverse engineering, and reporting.
Basic malware analysis
The document discusses Monnappa, a security investigator at Cisco who focuses on threat intelligence and malware analysis. It provides an overview of static analysis, dynamic analysis, and memory analysis techniques for analyzing malware. It includes steps for each technique and screenshots demonstrating running analysis on a Zeus bot sample, including using tools like PEiD, Dependency Walker, Volatility, and VirusTotal. The analysis uncovered the malware creating registry runs keys for persistence and injecting itself into the explorer.exe process.
Automating malware analysis
This document describes Monnappa K A, a member of Cysinfo who works as an information security investigator at Cisco. It then provides information on malware analysis sandboxes and describes how Monnappa uses an automated analysis system written in Python to safely execute malware in a virtual machine, monitor its behavior, and generate reports including memory dumps and artifacts for further analysis. The system aims to determine a malware's purpose, interactions, and identifiable patterns through static, dynamic, and memory forensics techniques.
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.
DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being seen in the wild could be combined to create a highly evasive new breed of malware, which conceals its malicious intent until it reached a specific victim. It achieves this by using a Deep Neural Network (DNN) AI-model to hide its attack payload in benign carrier applications, while the payload will only be unlocked if—and only if —the intended target is reached. DeepLocker leverages several attributes for target identification, including visual, audio, geolocation, and system-level features. In contrast to existing evasive and targeted malware, this method would make it extremely challenging to reverse engineer the benign carrier software and recover the mission-critical secrets, including the attack payload and the specifics of the target.
We will perform a live demonstration of a proof-of-concept implementation of a DeepLocker malware, in which we camouflage well-known ransomware in a benign application such that it remains undetected by malware analysis tools, including anti-virus engines and malware sandboxes. We will discuss technical details, implications, and use cases of DeepLocker. More importantly, we will share countermeasures that could help defend against this type of attack in the wild.
What's hot (20)
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...
"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
Viewers also liked
Android Malware Detection Mechanisms
The document discusses Android malware detection mechanisms. It outlines the major types of Android malware like backdoors and spyware. It then describes several approaches to malware detection like static analysis of APK files to examine permissions, activities, and API calls. Signature-based analysis uses a signature database to classify apps as benign or malware. Tools for static analysis like apktool, aapt, and dex2jar are also mentioned. The document concludes with comparisons of different Android malware detection systems and their abilities.
Android malware overview, status and dilemmas
This document summarizes research on malicious Android apps from 2012-2013. Some key points:
- Over 1,260 app samples were analyzed in 2012, with many found to steal user information, turn devices into bots, or generate revenue through premium calls/texts.
- Early malware like DroidDream, Plankton, and BaseBridge leveraged exploits to gain root access and stealthily update themselves. Later malware got more sophisticated with techniques like anti-analysis tricks.
- Malware has been distributed through third-party app stores and underground affiliate programs. Estimates found infection rates between 0.0009-1% of Android devices by 2013.
- While most stole data or made money fraud
Data Hiding in Audio Signals
Nowadays, several methods are used for communicating secret messages for defense purposes or in order to ensure the privacy of communication between two parties. So we go for hiding information in ways that prevent its detection.
Fingerprint identification technique
This document summarizes a research paper on fingerprint identification using wavelet-based feature extraction. The paper proposes a Wavelet-Bands Selection Features (WBSF) method to enhance fingerprint recognition rates. Fingerprint images from 49 individuals were collected and preprocessed before feature extraction. In closed-set tests, recognition rates were initially below 90% but increased to 100% with the WBSF method. The WBSF descriptors provided efficient representation for fingerprint variability. Open-set verification tests on 290 trials from 29 individuals achieved verification rates over 97% using two distance measures. The proposed method effectively extracts wavelet features for fingerprint recognition and verification.
Data hiding in audio signals ppt
The document discusses data hiding in audio signals using watermarking techniques. It provides an introduction to watermarking and its applications. It describes the basic watermarking system as similar to a communication system. It also discusses speech processing, wavelet analysis, hiding techniques, advantages and disadvantages of audio watermarking. The document presents results from watermarking an audio signal and inserting a speech signal. It concludes that audio watermarking can be used for information tracing, tamper detection and other purposes beyond covert communication.
Silent sound technology
Sujit Kumar Das gave a presentation on silent sound technology. The technology allows for communication without using vocal cords by transforming lip movements into computer-generated sound. It was developed in Germany and works by measuring tiny muscle movements in the face with electrodes or cameras and converting them into electrical signals representing speech. While promising for private or covert communication, the technology currently requires many electrodes attached to the face and has difficulties with some languages. Further advances in areas like speech recognition, nano technology and fewer electrodes could lead to more practical applications in the future.
Silent sound technology
The document discusses silent sound technology, which allows communication without speaking aloud. It originated from the idea of interpreting silent speech electronically. The technology uses electromyography to monitor muscle movements when speaking and converts them to electrical signals representing speech. Image processing also analyzes lip movements. Some applications include helping people who lost their voice and covert military communication. The technology could enable silent phone calls and transmitting PIN numbers securely. Overall, silent sound technology implements "talking without talking" and may have useful applications in the future.
Malware- Types, Detection and Future
The presentation describes about various malwares. Its basic types, Working and various malware detection mechanism
Introduction to Malware
Malware can take many forms such as viruses, worms, trojan horses, adware, and spyware. Viruses and worms are programs that can copy themselves and spread from computer to computer, sometimes causing harm. Adware displays advertisements, and spyware tracks personal information without consent. Phishing scams try to steal personal details through fraudulent emails or websites. Users should use antivirus software, avoid suspicious emails/attachments, and practice safe password habits to protect against malware threats.
Silent sound-technology ppt final
This document summarizes a seminar presentation on silent sound technology for voice conversion. It introduces the technology as a way for those who have lost their voice to still communicate by phone by transmitting information without using vocal cords. It discusses two main methods - electromyography and image processing. Electromyography detects electrical signals from muscle movement and converts them to speech, while image processing uses ultrasound to view tongue movement. Some advantages are helping those who lost their voice and enabling silent calls. Disadvantages include unnatural speech and high cost. Future applications could include incorporating the sensors into phones for more natural use.
silent sound technology
Silent Sound Technology is a new technology being developed that allows communication without making any sound. It works by using electromyography sensors to detect tiny muscle movements in the face when speaking, and converts those signals into electrical pulses that can be transformed into speech. It also uses image processing of lip movements to analyze the spoken words and transmit the audio to the other person on the call. This technology has potential applications for silent phone calls, helping those who have lost their voice, and secret military communications. However, it still faces challenges with translation, security, and practical usability due to the sensors currently needing to be attached to the face.
Malware
The document provides an overview of malware types and techniques. It discusses viruses, worms, trojans, rootkits, and other malware. It describes how malware infects systems, propagates, and hides. Historic malware examples like Morris worm, Code Red, and SQL Slammer are summarized. Methods for malware detection like signatures, heuristics, sandboxing, and network monitoring are also covered at a high level.
Silent sound technology NEW
This document discusses silent sound technology, which allows people to communicate without making audible sounds. It works by using electromyography to detect tiny muscle movements involved in speech and processing images of a person's mouth and face. The technology was first conceptualized in a 1968 film and is now being developed to allow "lost calls" in noisy environments to be answered silently. Potential applications include helping mute people communicate, secretly transmitting PIN numbers, and covert military communications. The technology is expected to be incorporated into phones and improve as nanotechnology advances.
Computer Malware
Malware refers to unwanted software that can damage computers, including viruses, trojans, worms, spyware, and more. Viruses attach to files and programs to spread without permission and can damage systems. Trojans also spread unwittingly but allow hackers to access and control infected devices. Worms multiply to use up memory and resources. Spyware collects personal information without consent. Users can protect against malware through antivirus software, firewalls, safe computing habits like avoiding suspicious downloads and emails, and using strong passwords.
Viewers also liked (14)
Similar to Android Malware Analysis
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
This document summarizes a presentation on reverse engineering obfuscated Android applications. It discusses reverse engineering techniques like static and dynamic analysis. It covers analyzing the Android application package (APK) file format and tools like apktool, smali, baksmali, and dex2jar. Common obfuscation techniques like string encryption, call hiding using reflection, and native code are also summarized. The document concludes by recommending further reading on tools and the arms race between attackers and defenders applying obfuscation.
Rapid Android Application Security Testing
This topic will cover key concepts in android application security testing by employing a variety of tools and techniques to fasten the testing process.
This was presented at Null Bangalore Chapter (Saturday April 26 2014, 11:00 AM)
Live Memory Forensics on Android devices
This presentation deals with some RAM forensics on the Android OS using the LiME tool for getting a RAM dump and the Volatility framework for the analysis part!
Mapping Detection Coverage
In this presentation, Jared Atkinson and Jonathan Johnson discuss the problem that many security professionals are facing today. How exactly do I know if my detection will actually detect the thing I want to detect? We discuss the importance of testing telemetry coverage and using abstraction to build a representative sample set of Atomic tests to validate detection coverage.
Scripts used in presentation can be found below:
Process Access: https://gist.github.com/jaredcatkinson/9c7a1af2261a752432230a4148ecfe02
Process Read: https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1
Defending Your "Gold"
This presentation was given at PSConfEU and covers common privilege escalation vectors for Windows systems, as well as how to enumerate these issues with PowerUp.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Android Penetration testing - Day 2
This slide deck covers the automated & manual static code discovery of Android Application using opensource tools, Reverse engineering of apk file and Secure code review
Code Quality - Security
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project: Malware Analysis
CS 6262 Project 3
Agenda
• Part 1: Analyzing Windows Malware
• Part 2: Analyzing Android Malware
Scenario
• Analyzing Windows Malware
• You got a malware sample from the wild. Your task is to discover what
malware does by analyzing it
• How do you discover the malware’s behaviors?
• Static Analysis
• Manual Reverse Engineering
• Programming binary analysis
• Dynamic Analysis
• Network behavioral tracing
• Run-time system behavioral tracing(File/Process/Thread/Registry)
• Symbolic Execution
• Fuzzing
Scenario
• In our scenario, you are going to analyze the given malware with tools
that we provide.
• The tools help you to analyze the malware with static and dynamic
analysis.
• Objective
1. Find which server controls the malware (the command and control (C2)
server)
2. Discover how the malware communicates with the command and control
(C2) server
• URL and Payload
3. Discover what activities are done by the malware payload
• Attack Activities
Scenario
• Requirement
• Make sure that no malware traffic goes out from the virtual machine
• But, updating of malware (stage 2), and downloading payload (stage 3) are required to
be allowed (set as default option)
• The command and control server is dead. You need to reconstruct it
• Use tools to reconstruct the server, then reveal hidden behaviors of the malware
• Analyze network traffic on the host, and figure out the list of available
commands for the malware
• Analyze network traffic trace of the host, and figure out what malware does
• Write down your answer into assignment-questionnaire.txt
Project Structure
• A Virtual Machine for Malware analysis
• Please download and install the latest version or update your virtual box.
• https://www.virtualbox.org/wiki/Downloads
• Download the VM
• Download links
• http://ironhide.gtisc.gatech.edu/vm_2018.7z
• http://bombshell.gtisc.gatech.edu/vm_2018.7z
• Verify the md5 hash of the 7z file: 537e70c4cb4662d3e3b46af5d8223fd
• Please install 7zip or p7zip
• Windows, Linux and MacOs: http://www.7-zip.org/download.html
• Unarchive the 7z file
• Password: GTVM!
https://www.virtualbox.org/wiki/Downloads
http://ironhide.gtisc.gatech.edu/vm_2018.7z
http://bombshell.gtisc.gatech.edu/vm_2018.7z
http://www.7-zip.org/download.html
Project Structure
• Open VirtualBox
• Go to File->Import Appliance.
• Select the ova file and import it.
• For detailed information on how to import the VM, see:
• https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html
• VM user credentials
• Username: analysis
• Password: analysis
https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html
Project Structure
• In the Virtual Machine (VM)
• Files
• init.py
• This initializes the project environment
• Type your Georgia Tech username (same login name as Canvas) after running this
• update.sh
• This script updates the VM if any further update has been made by TA
• DO NOT execute the scri.
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS- Part 1 describes in detail about Malware Investigation steps. It focuses on Identifying process anomalies, RootKit detection,
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1 describes in detail about determining malicious processes/anomalies running in Windows OS systems. PPT focuses on how to differentiate Rogue processes from legitimate ones, Identifying unknown services, Code injection and Rootkits detection and mitigation, Unusual OS artifacts that would arise suspicion, Anomalies detection using Network activity and in determining evidence of persistence.
Part 2 of this series explains about malware detection checklist to ease investigators in identifying malwares.
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group
During this talk, we looked at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll demonstrate analysis and techniques using free open source tooling such as Radare and Frida, and for some parts, we’ll use IDA Pro. And since “automation” is the buzzword of the year, we’ll discuss how to automate some of these activities, which typically take up most of the assessment window.
For more information, please visit our website at www.synopsys.com/softwareThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
The Art of Container Monitoring
According to service scale, there are hundreds or thousands of running containers in your service. Should we monitor each container by microscope or monitor each microservice by magnifier? This depends which granularity can help us find and solve the problems. In this sharing, I will introduce how to use cAdvisor, Icinga2, InfluxDB and Grafana to build a self-hosted monitoring system. In addition, I also discuss with how to embrace open source and share some practical experiences.
Abusing bleeding edge web standards for appsec glory
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
Hacking your Droid (Aditya Gupta)
This document provides an overview of malware on Android systems. It discusses the Android architecture and security model, how to analyze Android application packages (APKs), and techniques for reverse engineering and creating Android malware. Specific malware examples like Trojan-SMS.FakePlayer.a and Geinimi are described. The document also covers tools for mobile application penetration testing and discusses both legal and illegal ways that Android malware can generate money.
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
About the book: the basics of hacking and pernetration testing
한국 책으로 '이제 시작이야 해킹과 침투테스트'를 요약 및 정리함.
Backtrack .
PAC 2019 virtual Christoph NEUMÜLLER
The document describes the journey of automating large scale enterprise crash dump analysis. It details how manual crash analysis used to be a slow and difficult process involving passing large files between experts. Through four steps of automation - automating analysis, adding a web frontend, integrating workflows, and enabling deep analysis in the browser - a tool called SuperDump was created that transformed the process. SuperDump reduced analysis time from days to minutes, enabled non-experts to analyze crashes, and improved productivity, security, and quality by making analysis scalable and easy.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Similar to Android Malware Analysis (20)
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Recently uploaded
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Infrastructure Challenges in Scaling RAG with Custom AI models
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Recently uploaded (20)
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Android Malware Analysis
- 1. Android Malware Analysis Attack & Defense Author: JongWon Kim dikien2012@gmail.com
- 2. Motivation • Someone posted it on the Facebook. I am also curious about the “machine.apk” file.
- 3. Static Analysis - Tools • apktool – can decode resources to nearly original form and rebuild them after making some modifications • dex2jar – used by translator dex to jar • jd-gui – a standalone graphical utility that displays Java source codes of “.class” file
- 4. Dynamic Analysis - Tools • Anubis – can decode resources to nearly original form and rebuild them after making some modifications • CopperDroid – used by dex-translator • VirusTotal – used to check out Anti-Virus results
- 5. AndroidManifest.xml • Convert “AndroidManifest.xml” from binary format to xml format (by apktool) • First, check out “Permission” • Second, check out interesting “Activity, Service, Receiver”
- 6. Permission • Guess that it will track your location, steal sms and contracts, and do tapping. Let’s go details.
- 7. Permission - 1 • Allows an application to create network sockets.
- 8. Permission - 2 • ACCESS_FINE_LOCATION – based on GPS • ACCESS_COARSE_LOCATION – based on WIFI
- 9. Permission - 3 • CALL_PHONE – Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. • READ_PHONE_STATE – Allows read only access to phone state.(ex. phone number)
- 10. Permission - 4 • RECEIVE_BOOT_COMPLETED – Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
- 11. Interesting Things • Figure out interesting service name such as “TappingService” and “GPSTracking”.
- 12. Static Analysis • Decompile – Convert classes.dex to .jar by dex2jar and take a look at it by jd-gui. • Strategy is very Simple 1. Examine the “.MainActivity”. 2. Follow the piece of the code.
- 13. Static Analysis • Set preference to 0(READ/WRITE)
- 14. Static Analysis • Save “AllowTapping” variable to “0”.
- 15. Static Analysis • Let’s check out to “doRegisterUser()”.
- 16. Static Analysis • “doRegisterUser()” extract phone number and Network operators.
- 17. Static Analysis • Send them to Thailand.
- 18. Static Analysis • Let’s check out “PreodicService”. Maybe it originally is from Periodic Service.
- 19. Static Analysis • Service Life Cycle.
- 20. Static Analysis • Let’s Analysis “PreodicService”. – schedule(myTask, start-time, repeat cycle);
- 21. Static Analysis • Let’s Analysis “AutoCallPhone”. – Request 2 times.
- 22. Static Analysis • Let’s check out “TappingService”.
- 23. Static Analysis • Let’s check out MediaRecorder Flow.
- 24. Static Analysis • Let’s check out “startTapping()”.
- 25. Static Analysis • Let’s check out “startTapping()”.
- 26. Static Analysis • Let’s check out “stopTapping()”.
- 27. Static Analysis • Let’s check out “GPSTracking”.
- 28. Static Analysis • Let’s check out “GPSTracking”.
- 29. Static Analysis • Let’s check out “GPSTracking”.
- 30. Static Analysis • Let’s check out “RegDPMActivity”. – Device Policy Manager
- 31. Static Analysis • Let’s check out on create of “RegDPMActivity”.
- 32. Static Analysis • Let’s check out “CallBroadcastReceiver”.
- 33. Static Analysis • Let’s check out “SMSBroadcastReceiver”.
- 34. Dynamic Analysis • CopperDroid and Anubis. – As experienced, CopperDroid works good on network traffic analysis and Anubis works good on timeline analysis.
- 35. Reference - 1 • A collection of mobile security resources – http://wiki.secmobi.com/ • Abunis – http://anubis.iseclab.org • CopperDorid – http://copperdroid.isg.rhul.ac.uk/copperdroid/ • VirusTotal – https://www.virustotal.com • My location – http://blog.naver.com/PostView.nhn?blogId=new efgold777&logNo=90104291392
- 36. Reference - 2 • Preference – http://blog.daum.net/agapeuni/77 • TelephonyManager – http://arabiannight.tistory.com/73 • Service LifeCycle – http://gongdoo.tistory.com/235 – http://www.androes.com/137 • Timer – http://infodev.tistory.com/126 • Flags – http://surprisen.egloos.com/
- 37. Reference - 3 • RequestLocationUpdates – http://blog.naver.com/PostView.nhn?blogId=har a9&logNo=10155762477 • getSystemService – http://promobile.tistory.com/169 • onCallStateChanged – http://daddycat.blogspot.kr/2011/05/android-bro adcastreceiver-event-catch.html • URL Decoder/Encoder – http://meyerweb.com/eric/tools/dencoder/ • Google Maps lat/long finder – http://www.doogal.co.uk/LatLong.php