This document summarizes research on malicious Android apps from 2012-2013. Some key points:
- Over 1,260 app samples were analyzed in 2012, with many found to steal user information, turn devices into bots, or generate revenue through premium calls/texts.
- Early malware like DroidDream, Plankton, and BaseBridge leveraged exploits to gain root access and stealthily update themselves. Later malware got more sophisticated with techniques like anti-analysis tricks.
- Malware has been distributed through third-party app stores and underground affiliate programs. Estimates found infection rates between 0.0009-1% of Android devices by 2013.
- While most stole data or made money fraud
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
Android is a Linux based operating system used for smart phone devices. Since 2008, Android devices gained huge market share due to its open architecture and popularity. Increased popularity of the Android devices and associated primary benefits attracted the malware developers. Rate of Android malware applications increased between 2008 and 2016. In this paper, we proposed dynamic malware detection approach for Android applications. In dynamic analysis, system calls are recorded to calculate the density of the system calls. For density calculation, we used two different lengths of system calls that are 3 gram and 5 gram. Furthermore, Naive Bayes algorithm is applied to classify applications as benign or malicious. The proposed algorithm detects malware using 100 real world samples of benign and malware applications. We observe that proposed method gives effective and accurate results. The 3 gram Naive Bayes algorithm detects 84 malware application correctly and 14 benign application incorrectly. The 5 gram Naive Bayes algorithm detects 88 malware application correctly and 10 benign application incorrectly. Mr. Tushar Patil | Prof. Bharti Dhote "Malware Detection in Android Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26449.pdfPaper URL: https://www.ijtsrd.com/engineering/computer-engineering/26449/malware-detection-in-android-applications/mr-tushar-patil
Android mobile platform security and malware surveyeSAT Journals
Abstract As mobile devices become ubiquitous, more people and companies are readily adopting the technology to conduct day-to-day business, and are increasing the amount of personal data transmitted and stored on these devices. These devices are now part of a global infrastructure powering communication and how we do business around the world. In turn, the inherent vulnerabilities are becoming an ever more critical topic of interest and challenge as we continue to see a rapid rate of malware development. This paper is a comprehensive survey on a broad view of the growing Android community, its rapidly growing malware attacks, and security concerns. Serving to aid in the continuous challenge of identifying current and future vulnerabilities as well as incorporating security strategies against them, this survey will focus primarily on mobile devices (also known as smart phones) running the Android mobile operating system between the years of 2007 and 2013. Index Terms: mobile, Android, malware, security
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
Android is a Linux based operating system used for smart phone devices. Since 2008, Android devices gained huge market share due to its open architecture and popularity. Increased popularity of the Android devices and associated primary benefits attracted the malware developers. Rate of Android malware applications increased between 2008 and 2016. In this paper, we proposed dynamic malware detection approach for Android applications. In dynamic analysis, system calls are recorded to calculate the density of the system calls. For density calculation, we used two different lengths of system calls that are 3 gram and 5 gram. Furthermore, Naive Bayes algorithm is applied to classify applications as benign or malicious. The proposed algorithm detects malware using 100 real world samples of benign and malware applications. We observe that proposed method gives effective and accurate results. The 3 gram Naive Bayes algorithm detects 84 malware application correctly and 14 benign application incorrectly. The 5 gram Naive Bayes algorithm detects 88 malware application correctly and 10 benign application incorrectly. Mr. Tushar Patil | Prof. Bharti Dhote "Malware Detection in Android Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26449.pdfPaper URL: https://www.ijtsrd.com/engineering/computer-engineering/26449/malware-detection-in-android-applications/mr-tushar-patil
Android mobile platform security and malware surveyeSAT Journals
Abstract As mobile devices become ubiquitous, more people and companies are readily adopting the technology to conduct day-to-day business, and are increasing the amount of personal data transmitted and stored on these devices. These devices are now part of a global infrastructure powering communication and how we do business around the world. In turn, the inherent vulnerabilities are becoming an ever more critical topic of interest and challenge as we continue to see a rapid rate of malware development. This paper is a comprehensive survey on a broad view of the growing Android community, its rapidly growing malware attacks, and security concerns. Serving to aid in the continuous challenge of identifying current and future vulnerabilities as well as incorporating security strategies against them, this survey will focus primarily on mobile devices (also known as smart phones) running the Android mobile operating system between the years of 2007 and 2013. Index Terms: mobile, Android, malware, security
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...Yandex
В докладе речь пойдёт о применении алгоритмов машинного обучения для обнаружения вредоносных приложений для Android. Я расскажу, как на базе Матрикснета в Яндексе был спроектирован высокопроизводительный инструмент для решения этой задачи. А также продемонстрирую, в каких случаях аналитические методы выявления вредоносного ПО помогают блокировать множество простых образцов вирусного кода. Затем мы поговорим о том, как можно усовершенствовать такие методы для обнаружения более хитроумных вредных программ.
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
The innovation, scarcely four years of age, might be at a critical point, as per Reuters interviews with organizations, specialists, policymakers and campaigners.
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
Millions of developers and third-party organizations have flooded into the Android ecosystem due to Android’s open-source feature and low barriers to entry for developers. .However, that also attracts many attackers. Over 90 percent of mobile malware is found targeted on Android. Though Android provides multiple security features and layers to protect user data and system resources, there are still some overprivileged applications in Google Play Store or third-party Android app stores at wild. In this paper, we proposed an approach to map system level behavior and Android APIs, based on the observation that system level behaviors cannot be avoidedbut sensitive Android APIs could be evaded.To the best of our knowledge, our approach provides the first work to decompose Android application behaviors based on system-level behaviors. We then map system level behaviors and Android APIs through System Call Dependence Graphs. The study also shows that our approach can effectively identify potential permission abusing, with an almost negligible performance impact.
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
Application development has come a long way in last two decades, but it is puzzling to see that despite major security breaches, security testing takes a back seat as compared to other forms of quality testing measures such as usability or functional testing.
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...Yandex
В докладе речь пойдёт о применении алгоритмов машинного обучения для обнаружения вредоносных приложений для Android. Я расскажу, как на базе Матрикснета в Яндексе был спроектирован высокопроизводительный инструмент для решения этой задачи. А также продемонстрирую, в каких случаях аналитические методы выявления вредоносного ПО помогают блокировать множество простых образцов вирусного кода. Затем мы поговорим о том, как можно усовершенствовать такие методы для обнаружения более хитроумных вредных программ.
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
The innovation, scarcely four years of age, might be at a critical point, as per Reuters interviews with organizations, specialists, policymakers and campaigners.
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
Millions of developers and third-party organizations have flooded into the Android ecosystem due to Android’s open-source feature and low barriers to entry for developers. .However, that also attracts many attackers. Over 90 percent of mobile malware is found targeted on Android. Though Android provides multiple security features and layers to protect user data and system resources, there are still some overprivileged applications in Google Play Store or third-party Android app stores at wild. In this paper, we proposed an approach to map system level behavior and Android APIs, based on the observation that system level behaviors cannot be avoidedbut sensitive Android APIs could be evaded.To the best of our knowledge, our approach provides the first work to decompose Android application behaviors based on system-level behaviors. We then map system level behaviors and Android APIs through System Call Dependence Graphs. The study also shows that our approach can effectively identify potential permission abusing, with an almost negligible performance impact.
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
Application development has come a long way in last two decades, but it is puzzling to see that despite major security breaches, security testing takes a back seat as compared to other forms of quality testing measures such as usability or functional testing.
I will be giving this presentation on IT Security, for healthcare professionals, at the Health Sciences Learning Center, University of Wisconsin-Madison, School of Medicine and Public Health, tomorrow morning, at 11:00 CST. It will be held in room #1325 and is open to the public. I hope to see you there.
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls.
BIO
Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.
Экспресс-анализ вредоносов / Crowdsourced Malware TriagePositive Hack Days
Ведущие: Сергей Франкофф и Шон Уилсон
Сортировка вредоносного ПО представляет собой процесс быстрого анализа потенциально опасных файлов или URL. Любая тщательно продуманная система реагирования на инциденты безопасности обладает этой важной функцией. Но что, если у вас не установлена программа реагирования на инциденты? Как быть, если вы только начали ее настраивать? А вдруг у вас нет программных средств для проведения анализа? Грамотно выбранный бесплатный онлайн-инструмент, веб-браузер и блокнот — вот все, что вам пригодится. На мастер-классе участники самостоятельно будут заниматься сортировкой вредоносного ПО. Ведущий предоставит информацию о необходимых инструментах.
Ведущий: Андрей Масалович
Целый арсенал средств информационного воздействия используется в корпоративном коммуникационном маркетинге и в астротурфинге. Докладчик расскажет о том, как подготавливаются информационные атаки, как распознавать их на ранних стадиях и противостоять им. Проанализирует особенности восприятия и распространения информации в социальных сетях с использованием троллей и ботов. Рассмотрит метод экспресс-анализа социальных портретов участников массовых обсуждений — рядовых пользователей, политиков, медийных персон, подростков, вербовщиков и их жертв.
Do you think malware is only a threat to PCs and desktops? Think again...
Mobile malware is all the rage among cyber criminals. The potential threat from mobile malware is only just beginning to come onto the radar for many organizations. But the popularity of Android devices makes them an increasingly attractive target for malware writers. Learn what you can do to keep mobile malware at bay.
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
Honeypot is used for botnet analysis, traffic capturing and revealing C&C hostnames. It’s also used for detecting subscribers with infected devices and monitoring malware activities like funds withdrawal and remote control.
Speaker:Santhosh Kumar
Event:Defcon Kerala
Date:8/03/2014
Android-Forensic and Security Analysis.
Android one of the leading Mobile Operating System which is managed by Google released back in 2008 now stands with a 4.4.x version Android KitKat.The Study Shows that increasing Crime Rates are switching from Computer Centered to PDA Based.Crime against Women,Children And Abuse.As the Digital Forensics and Law Enforcement Agencies find new Hard Challenges Cracking Down different Situation in the Android Environment.Google Play Store which has over 1 Million Application Active has also added to the Pain.
The Talk Focus on various Methods,the Various Situation where the forensics is useful.
The Methods are classified as Logical and physical which involves from breaking the passcodes to exploring virtual NAND memory.
The talk also focus on various places where is information is available to the forensic point of view.
Affected by Mobile Cyber Attack? Tortured by a Android Smartphone ? Relax there is a solution to each and everything.
The Talk also focus on using both Windows And linux as the Forensic Investigation Environment.
Android Which has the linux kernel at Heart can be best paradise when it comes to Forensic Data.
Various Tools on way this can be done in faster way.
Forensic always useful whether you are from a corporate environment or even from the massive Law enforcement Agencies.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
Presentation by Saurabh Harit att he mobile security summit in johannesburg 2011.
This presentation is about security on the iPhone and Android platforms. The presentation begins with a discussion on decrypting iPhone apps and its implications. The Android security model is discussed. The presentation ends with a series of discussions on practical Android attacks.
One step further in the surveillance society the case of predictive policingTech and Law Center
This paper is concerned with the study of predictive policing as a tool for surveillance. With regard to the European legal framework, this research studies the influence of the predictive policing model primarily on the principle of presumption of innocence (Article 6.2 ECHR) and on reasonable suspicion.
The goal is to identify if predictive policing might be used ‘preventively’ against potential perpetrators of a criminal offence, or more precisely, whether it represents an allowed policing practice given the presumption of innocence as enshrined in Article 6.2 ECHR (European Convention on Human Rights).
Presented on 6.11.2015 during the Tech and Law Center event (ITA) Intercettazioni: tutto quello che non avreste voluto sapere
http://www.techandlaw.net/news/intercettazioni-tutto-quello-che-non-avreste-voluto-sapere.html
Andrea Molino: Applicazione delle tecnologie ICT al settore AgricoloTech and Law Center
INTERNET OF (EVERY)THING & SMART AGRICULTURE 10 Settembre 2015 EXPO, Milano
The interaction between physical objects and sensors connected to Internet makes it possible to exchange information in a manner which has never previously been possible anywhere in the world and to render smart objects inanimate in order to provide functionality and services which have not yet been fully explored.
Internet of (Every)Thing (IoE) entails various levels: from the smart home to the production of goods, among which food, and to the management of natural resources, like water. The IoE can therefore vary from examples of “consumer” oriented interconnected devices to more “enterprise” driven business cases, raising the interest of Governments and public administrations as well.
One of the most interesting field for our State’s future is the “smart agriculture”, monitoring micro- climate parameters supporting agriculture to improve products’ quality, to reduce risks coming from unpredictable weather phenomenon, to rationalize resources and to reduce the environmental impact.
If on one hand the IoE will make the world a better place to live, on the other hand it will be paramount to prevent and impede possible future abuses and violations.
The goal of the meeting is to gather international technical and legal experts to discuss opportunities and risks of IoE world.
http://www.technandlaw.net
INTERNET OF (EVERY)THING & SMART AGRICULTURE 10 Settembre 2015 EXPO, Milano
The interaction between physical objects and sensors connected to Internet makes it possible to exchange information in a manner which has never previously been possible anywhere in the world and to render smart objects inanimate in order to provide functionality and services which have not yet been fully explored.
Internet of (Every)Thing (IoE) entails various levels: from the smart home to the production of goods, among which food, and to the management of natural resources, like water. The IoE can therefore vary from examples of “consumer” oriented interconnected devices to more “enterprise” driven business cases, raising the interest of Governments and public administrations as well.
One of the most interesting field for our State’s future is the “smart agriculture”, monitoring micro- climate parameters supporting agriculture to improve products’ quality, to reduce risks coming from unpredictable weather phenomenon, to rationalize resources and to reduce the environmental impact.
If on one hand the IoE will make the world a better place to live, on the other hand it will be paramount to prevent and impede possible future abuses and violations.
The goal of the meeting is to gather international technical and legal experts to discuss opportunities and risks of IoE world.
http://www.technandlaw.net
INTERNET OF (EVERY)THING & SMART AGRICULTURE 10 Settembre 2015 EXPO, Milano
The interaction between physical objects and sensors connected to Internet makes it possible to exchange information in a manner which has never previously been possible anywhere in the world and to render smart objects inanimate in order to provide functionality and services which have not yet been fully explored.
Internet of (Every)Thing (IoE) entails various levels: from the smart home to the production of goods, among which food, and to the management of natural resources, like water. The IoE can therefore vary from examples of “consumer” oriented interconnected devices to more “enterprise” driven business cases, raising the interest of Governments and public administrations as well.
One of the most interesting field for our State’s future is the “smart agriculture”, monitoring micro- climate parameters supporting agriculture to improve products’ quality, to reduce risks coming from unpredictable weather phenomenon, to rationalize resources and to reduce the environmental impact.
If on one hand the IoE will make the world a better place to live, on the other hand it will be paramount to prevent and impede possible future abuses and violations.
The goal of the meeting is to gather international technical and legal experts to discuss opportunities and risks of IoE world.
http://www.technandlaw.net
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...Tech and Law Center
The presentation addresses both topics of the legitimacy of predictive crime prevention and data protection. The analysis focuses on the potential influence that the E.U. reform on data protection may have on the future of social suerveillance.
http://www.techandlaw.net/
Questa indagine ha un duplice obiettivo: da un lato l'attenzione si è concentrata sulla consapevolezza e conoscenza degli studenti universitari per cercare di capire qual è la loro percezione di sicurezza rispetto alla loro conoscenza effettiva, dall'altro si è cercato di delineare il panorama dei possibili rischi sulla base delle loro abitudini, dal modo in cui usano i dispositivi mobili, dal tipo di dati che salvano e dalle funzioni che eseguono
The project sets out to study the level of awareness and perception of IT security amongst university students, paying particular attention to the world of mobile devices. The report analyses the answers given by 1012 students from over 15 Italian universities to a multiple-choice questionnaire. The analysis shows that students’ perception of their knowledge is generally wrong and that they are unaware of the risks arising from their behaviour. In view of these risks, a proposal has been made to implement technical and legal measures to reduce future problems deriving from faulty or lax adoption of security measures on their mobile devices.
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)Tech and Law Center
Even if the term “digital native” have been debated for years by several esteemed scholars, this article aims to seek the digital natives’ attitude towards data protection and safety. It is fundamental, in a society which is evolving so fast, not to focus solely on the present, but to endeavour to improve the future by paying the utmost attention to the new generations. What balance of interests must we achieve between privacy vs transparency, secrecy vs security, reputation vs freedom of expression in a world of internet which is increasingly regulated by Moore’s Law, rather than by state legislation? The purpose is to analyze the current tension between privacy and other fundamental rights from a predominantly legal standpoint, pointing out that the solutions adopted by legislation and case law are not sufficient and that maybe it is also necessary to reconsider this value from an ethical viewpoint.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. 1,260 Samples Analyzed (2012)
Manual analysis of samples by Yajin Zhou & Xuxian Jiang
36.7% leverage root-level exploits
90% turn devices into bots
45.3% dial/text premium numbers in background
51.1% harvest user information
Other goods
encrypted root-level exploit or obfuscated C&C
address
3. Attackers Goals
Steal Sensitive Data
intercept texts or calls
steal passwords
Turn Devices Into Bots
perform malicious actions
gain root privileges
Direct Financial Gain
call or text premium numbers
steal online banking credentials
4. ZitMo & SpitMo (2011)
● Companion of the famous ZeuS and
SpyEye trojans.
● Steal the mTAN or SMS used for 2-factor
authentication.
5. The attack scheme (1)
www.yourbank.com
username: user
password: ************
INFECTED
COMPUTER
er
***
: us *******
me
rna ord: **
use sw
pas
$$
$$
$
$$
$
$
$$
$$
7. The attack scheme (2)
www.yourbank.com
username: user
password: ************
ONE TIME SECRET CODE
INFECTED
COMPUTER
TYPE IN THE ONE TIME SECRET CODE
OK
EXPIRED
TYPE IN THE ONE TIME SECRET CODE
8. The attack scheme (2)
www.yourbank.com
username: user
password: ************
INFECTED
COMPUTER
inject QR code
9. Luring Users with a QR Code
USERNAME user
PASSWORD ************
SCAN
TO LOGIN
Login
11. The attack scheme (4)
www.yourbank.com
username: user
password: ************
ONE TIME SECRET CODE
INFECTED
COMPUTER
INFECTED
SMARTPHONE
TYPE IN THE ONE TIME SECRET CODE
OK
12. The attack scheme (5)
FINANCIAL TRANSACTIONS
$$$$$$$
ALERT
THE MALWARE HIDES SMSs FROM THE BANK
13. Perkele (2013)
● Sold for $1,000 on underground
markets/forums
● Development kit for bypassing 2-factor
authentication
22. Alternative Markets (91)
Andapponline
Aptoide
Soc.io
92Apk
T Store
Cisco Market
SlideMe
Insydemarket
Android Downloadz
AppChina
Yandex App Store
Lenovo App Store
AndroidPit
PandaApp
MerkaMarket
CoolApk
Pdassi
Omnitel Apps
AppsZoom
AppsEgg
Good Ereader
Anzhi Market
iMedicalApps
TIM Store
ApkSuite
AppTown
Mobile9
EOE Market
Barnes & Noble
T-Store
Opera App Store
AppBrain
Phoload
HiApk
Nvidia TegraZone
T-Market
Brothersoft
AppsLib
Androidblip
Nduoa
AppCake
AT&T
Camangi
ESDN
1Mobile
Baidu App Store
Handmark
CNET
Blackmart Alpha
Mobilism
Brophone
D.cn
Appolicious
F-Droid
Mob.org
LG World
Gfan
Appitalism
Android games
room
Amazon
Handango
Samsung App Store
Millet App Store
WhiteApp
AndroLib
Mikandi
Handster
Taobao
AppCity
GetJar
Nexva market
AppsFire
Tencent App Gem
AlternativeTo
Tablified Market
Yet Another Android Market
Mobango
Hyper Market
Appzil
AndroidTapp
No Crappy Apps
Naver NStore
Fetch
Moborobo
91mobiles
mobiles24
Android Freeware
MplayIt
Hami
Olleh Market
wandoujia
23. DroidDream (2011) - Host Apps
Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone
Maker
Super Sex Positions
Chess
Hilton Sex Sound
Screaming Sexy
Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
24. DroidDream (2011) - Info Stealing
Steals
C&C
http://184.105.245.17:8080/GMServer/GMServlet
IMEI
IMSI
exploid root-level exploit.
device model
SDK version
Copy of the original public exploit!
language
country
25. DroidDream (2011) - More Details
Downloads 2nd payload. Encrypts C&C
messages.
Installs payload under
/system
No icon nor installed
application is visible to
the user.
zHash uses the same
exploit.
31. Plankton (2011)
● Update only some
components.
● Silent update, no user
participation.
● Payload hosted on
Amazon.
● Inspired the AnserverBot
family.
33. Countermeasures
Google Play app vetting
Install and permission confirmation
SMS/call blacklisting and quota
App verify (call home when apps are
installed - incl. 3rd party)
● App sandboxing
● SELinux in enforcing mode (Android 4.4)
● AV apps
●
●
●
●
40. Perms: Malware
Goodware
vs.
Source: Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution,” in Proceedings of the 33rd IEEE Symposium
on Security and Privacy, 2012, pp. 95–109.
41. No primitives for process auditing
User1
User2
User3
App1
Malicious
App
...
ANTIVIRUS
APP
Virtual
machine
Process1
...
PERMISSIONS
Linux kernel
Malicious
App
SD card
42. Workarounds (back in the '80s)
Signature-based matching (evaded by
repackaging).
Scan (limited) portion of the storage.
Send sample to cloud service (malware can
sniff network).
Custom kernel (not market proof).
43. TGLoader (2012) - Root 'n text
No permissions.
Root the phone.
Loads 3 malicious APKs.
Premium texting.
C&C communication.
Exploid root exploit
45. Malware Apps on Google Play
2010 (2)
TapSnake, SMSReplicator
2011 (13)
DroidDream, zHash, DroidDreamLight,
Zsone, Plankton
YZHC, SndApps, Zitmo, Asroot, Gone60,
DroidKungFu (2)
46. App Verify
Source: A. Ludwig, E. Davis, and J. Larimer, “Android - Practical Security From the Ground Up,” in Virus
Bulletin Conference, 2013.
47. Countermeasures and Downsides
Google Play app vetting Few apps made it
through it
Permission
confirmation
Unaware users
SMS/call blacklisting and
Must know the numbers
quota
Must know the malware
App verify
Root exploits + ask
App sandboxing
permissions
48. Application Signing
● No PKI
○ Apps signed with self-signed certs
○ AppIntegrity proposes a lightweight,
neat solution
● Signature not checked at runtime
○ Can add new code at runtime and break the
signature
● MasterKey vulnerability (CVE-2013-4787,
50. BaseBridge (2011)
● Asset file hides the payload.
● Register to lots of events.
● Gains root privileges via RATC exploit.
○ spawn RLIMIT_NPROC-1 processes
○ kill adbd
○ spawn 1 process to race against adbd setuid()-ing
● Steals data (e.g., IMEI) + premium texts.
51. BaseBridge (2011)
Source: Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution,” in Proceedings of the 33rd IEEE Symposium
52. Academic Measurements
2010–October 2011 [Zhou et al., 2012]
49 families
20–76% detection rate
October 2011 [Vidas et al., 2013]
194 markets facilitate malware
distribution
0–32% detection rate (I don't really buy
55. CarrierIQ (2011) - Not Really Malware
140M devices including Sprint, HTC, Samsung.
Controversial app used for enhancing "customer
experience".
Log keystrokes.
Record calls.
Store text messages.
Track location.
56. Fake CarrierIQ Detector :-)
Detects CarrierIQ.
It actually finds IQ if
is there.
Premium texter
malware.
http://www.symantec.com/connect/blogs/day-afteryear-mobile-malware
57. Find if IQ services are installed.
Tries to send premium SMSs (notice the
nested try-catch).
58. RootSmart (2012)
● 2nd malware w/ GingerBreak exploit (1st was
GingerMaster)
● Asks lots of permissions (suspicious ones)
○ MOUNT_UNMOUNT_FILESYSTEMS
○ RECEIVE_BOOT_COMPLETED
○ CHANGE_WIFI_STATE
● Suspicious broadcast receiver
○ NEW_OUTGOING_CALL
● Fetches the exploit from obfuscated URL
60. Moghava (2012) - Annoying
No monetary gain.
Protest intended.
Yet, very annoying.
http://www.symantec.
com/connect/blogs/androidmoghava-recipe-mayhem
61.
62. LuckyCat (2012) - Used in APT
1st known used in APT.
SMS initiated: "[...] time to renew data plan [...]"
URL with WebKit exploit (this is drive-by!)
Track user GPS, steal data.
Naïvely encrypted C&C communication.
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_adding-android-and-mac-
63. Chuli (2012) - Again, in APT
High-profile Tibetan activist email hacked.
Used to send malicious APK to other activists.
Steals data (SMS, contacts, IMEI, GPS, etc).
https://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack
64. Registration Service Provided By: SHANGHAI MEICHENG
TECHNOLOGY INFORMATION DEVELOPMENT CO., LTD.
Domain Name: DLMDOCUMENTSEXCHANGE.COM
Registration Date: 08-Mar-2013
Expiration Date: 08-Mar-2014
Status:LOCKED
The domain registration data indicates the following
owner:
Registrant Contact Details:
peng jia (bdoufwke123010@gmail.com)
beijingshiahiidienquc.d
beijingshi
beijing,100000
CN
Tel. +86.01078456689
Fax. +86.01078456689
65.
66. Obad (2013) - Sophisticated
Raises the bar.
Could propagate via Bluetooth and WiFi.
First emulator-aware malware.
Anti dynamic analysis (corrupted XML)
Anti static analysis (packed instr. + anti
decompiling + encrypted strings)
Gains device administration rights to hides itself.
70. Device Admin Privs
Used to administer
devices.
http://www.comodo.
com/resources/Android_OBAD_Tech_Reportv3.pdf
Fool the user.
http://developer.android.
com/guide/topics/admin/device-admin.html
72. Mouabad (2013) - Sneaky Dialer
Works when device goes to lock mode.
Stops working right away when the user
unlocks the device.
Calls premium numbers located in China.
No sophisticated anti-analysis techniques.
73. Stels (2013) - Spreads via Botnet
Spreads through Cutwail botnet via spam
emails.
Vulnerable website to drop PHP script.
PHP script fingerprints the client.
Malicious (non-sophisticated) APK if browser
== Android.
Steals the usual data.
http://www.secureworks.com/cyber-threat-intelligence/threats/stels-android-trojan-malware-analysis/
74. How Many Infected Devices?
Damballa & GaTech
DNS traffic
analysis (2012)
Mobile devices
(0.0009%)
3,492 of
380,537,128
Kindsight Security Lab
Mobile devices
0.50% (Q1)
0.52% (Q2)
Android devices
1.00% (Q2)
75. Conclusions
● Many infected apps (hundreds of
thousands)
● Low infection rate (0.0009–1.0%)
○ Wide range of uncertainty
○ The ROI per infected device must be high!
● Authors have just started to show what
they can do.