Big Brother is watching. His name is Binder.
Binder is the only vehicle of inter process communication in Android, making it a prime target for attackers.
We'll provide a review of this sophisticated and little known mechanism, describe the multitude of dangers in its compromise and demonstrate several Binder-based data manipulation and theft attacks.
In depth (presentation outline):
* The Android malware world lags behind the PC in sophistication, but rapidly catching up. We believe the next generation of mobile malware is soon to come, and the Binder is a natural target.
* Binder Background (what makes it special?):
- The peculiarity of Android's architecture: on the idea of a userland OS built on top of the Linux kernel, and how Binder is critical to this concept.
- The inevitable security trade-off in Android: Minimizing the attack surface against the kernel, at the cost of introducing Binder as a classic single-point-of-control.
- How a developer sees the Binder (spoiler: he doesn't).
* In depth Binder mechanics (how does it work?):
- A detailed look at the data structures, classes and functions which define the behaviour of Binder, with a special focus on security-critical areas.
- Hooking Binder: How and where to control Android's IPC mechanism.
- Looking at the raw data travelling through Binder, and how to sift through it to find the interesting stuff (passwords, keyboard input, SMS, sound and many more).
- Why modern mobile AVs are having a hard time detecting these methods of operation.
* (Demonstrations) Comparing the "naive malware" approach and Man in the Binder philosophy to:
-> Logging keyboard input.
-> Capturing data sent between Activities.
-> Modifying sensitive information at runtime (i.e. faking a financial transaction, banking-trojan style).
* Mitigation:
- Why code obfuscation and app wrapping won't help you.
- Encrypting your data before it leaves the process (even within the same app!).
- Example: using an in-app keyboard securely.
We believe that this is ground-breaking work that has not been properly researched before: Binder’s central position in the Android architecture means that it is likely to become heavily attacked in the next few years. By shining a bright light on this topic, our research is a significant contribution to the security of the Android platform as a whole.
An earlier version of this research was presented at Black Hat Europe 2014 and Kaspersky SAS2015.
A white paper of the results up until a few months ago can be found here: https://www.blackhat.com/docs/eu-14/materials/eu-14-Artenstein-Man-In-The-Binder-He-Who-Controls-IPC-Controls-The-Droid.pdf
The document provides 7 lessons for internet security for IoT devices: 1) Assume the internet is untrustworthy, 2) Don't trust people near your devices, 3) Don't trust any user input, 4) Don't assume users will behave securely, 5) Software updates are necessary as things change, 6) Weak points can be exploited, 7) Have others review your security rather than assuming your own work is secure. The lessons emphasize not trusting networks, users, or one's own abilities, and maintaining updates and reviews to address changes over time.
Biometric identification might be more secure than passwords, but it’s still vulnerable to hacking. Why not hold up a photograph of the phone owner to fool the new facial recognition system? In this presentation, Adam Englander will walk through the risks and dangers of leveraging biometrics for user authentication, and why we all should be thinking twice about it.
Demolition projects are all about planning and more importantly, explosives. It is a bombastic sight that treats onlookers with its processed destruction of a structure. The process is also necessary in order for the new owners to build something of their own.
The process itself is clean and dirty at the same time. Project managers need a tidy working environment to plan where the explosives should go. The dirty phase happens when they demolish the building, where tons of debris come crashing down to earth for the last time.
Làm sao giảm đau do bệnh trĩ, bệnh trĩ đau rát, đau rát hậu môn, làm sao giảm rát do bệnh trĩ, bệnh trĩ đau hậu môn, đau và sót hậu môn, đã có dầu dừa, dầu dừa cho người bị bệnh trĩ, trĩ nội độ 1, trĩ nội độ 2, trĩ ngoại độ 1, trĩ ngoại độ 2
Sales-Retail Mgmt-Admin Mgmt-Alicia LewisAlicia Lewis
Alicia Lewis has over 21 years of experience in customer service, retail management, and administrative leadership. She has a strong track record of using data analysis to improve performance and increase revenue. Her diverse management experience has helped her develop strong communication, training, and coaching skills. She is proficient in various learning management systems and possesses a wide range of technical and soft skills.
www.deutscheinfach.com
082123151158
Dengan pengalaman yang kami miliki dalam pengajaran Bahasa Jerman, siswa akan mampu menguasai keseluruhan aspek berbahasa dengan baik, seperti tata Bahasa Jerman, kemampuan membaca (Leseverstehen) dan mendengar (Hörverstehen) yang baik dan kemampuan berkomunikasi (Konversation) dengan lancar.
Dầu Dừa Nguyên Chất Khánh Ngọc được xuất phát tự việc yêu thích mùi thơm của dừa, thích uống nước dừa của tôi, Tôi muốn mình tâm huyết nấu những quả dừa trắng phau, đẹp thành những giọt tinh dầu quý giá, vô vàn công dụng tuyệt vời của dầu dừa mà nhiều người Việt Nam vẫn chưa biết đến. Tôi muốn chia sẻ những bí kíp này.
The document provides 7 lessons for internet security for IoT devices: 1) Assume the internet is untrustworthy, 2) Don't trust people near your devices, 3) Don't trust any user input, 4) Don't assume users will behave securely, 5) Software updates are necessary as things change, 6) Weak points can be exploited, 7) Have others review your security rather than assuming your own work is secure. The lessons emphasize not trusting networks, users, or one's own abilities, and maintaining updates and reviews to address changes over time.
Biometric identification might be more secure than passwords, but it’s still vulnerable to hacking. Why not hold up a photograph of the phone owner to fool the new facial recognition system? In this presentation, Adam Englander will walk through the risks and dangers of leveraging biometrics for user authentication, and why we all should be thinking twice about it.
Demolition projects are all about planning and more importantly, explosives. It is a bombastic sight that treats onlookers with its processed destruction of a structure. The process is also necessary in order for the new owners to build something of their own.
The process itself is clean and dirty at the same time. Project managers need a tidy working environment to plan where the explosives should go. The dirty phase happens when they demolish the building, where tons of debris come crashing down to earth for the last time.
Làm sao giảm đau do bệnh trĩ, bệnh trĩ đau rát, đau rát hậu môn, làm sao giảm rát do bệnh trĩ, bệnh trĩ đau hậu môn, đau và sót hậu môn, đã có dầu dừa, dầu dừa cho người bị bệnh trĩ, trĩ nội độ 1, trĩ nội độ 2, trĩ ngoại độ 1, trĩ ngoại độ 2
Sales-Retail Mgmt-Admin Mgmt-Alicia LewisAlicia Lewis
Alicia Lewis has over 21 years of experience in customer service, retail management, and administrative leadership. She has a strong track record of using data analysis to improve performance and increase revenue. Her diverse management experience has helped her develop strong communication, training, and coaching skills. She is proficient in various learning management systems and possesses a wide range of technical and soft skills.
www.deutscheinfach.com
082123151158
Dengan pengalaman yang kami miliki dalam pengajaran Bahasa Jerman, siswa akan mampu menguasai keseluruhan aspek berbahasa dengan baik, seperti tata Bahasa Jerman, kemampuan membaca (Leseverstehen) dan mendengar (Hörverstehen) yang baik dan kemampuan berkomunikasi (Konversation) dengan lancar.
Dầu Dừa Nguyên Chất Khánh Ngọc được xuất phát tự việc yêu thích mùi thơm của dừa, thích uống nước dừa của tôi, Tôi muốn mình tâm huyết nấu những quả dừa trắng phau, đẹp thành những giọt tinh dầu quý giá, vô vàn công dụng tuyệt vời của dầu dừa mà nhiều người Việt Nam vẫn chưa biết đến. Tôi muốn chia sẻ những bí kíp này.
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointDroidConTLV
This document discusses Android application security and how a malicious attacker could intercept and manipulate application data and system services by exploiting the Android Binder inter-process communication (IPC) mechanism. It describes how even novice attackers could potentially perform keylogging or manipulate banking applications, while more advanced "ninja" attackers could intercept SMS messages by hooking into the Binder driver. The core issue is that because all application data and system service requests must pass through Binder, an attacker with root access could intercept this traffic covertly without needing to reverse engineer individual apps. Solutions proposed include app developers better securing their own processes and data, while security firms should explore more proactive monitoring techniques.
This document summarizes a presentation about exploiting Android's Binder inter-process communication (IPC) mechanism to conduct malware attacks. It describes how Binder works and how malware authors have increasingly targeted it. Three demonstration attacks are shown: a keylogger that intercepts keyboard inputs via Binder, grabbing sensitive form data that transits between app activities via Binder, and intercepting SMS messages by intercepting Binder calls made by the SMS app to retrieve messages from the telephony manager. The document advocates encrypting sensitive data moving between apps via Binder to help prevent these kinds of attacks.
This document discusses honeypots and honeynets. It begins by explaining that honeypots are fake vulnerable systems used to collect information from attackers without being harmed. There are two main types - low interaction honeypots that emulate services and high interaction honeypots that use real systems. Honeynets are networks of high interaction honeypots used to capture in-depth information on attacks. The document outlines the benefits of honeypots for gathering threat intelligence and tracking attackers. It also discusses some popular honeypot tools and the growing cybersecurity market.
The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.
We issued 20 young coders with smartphones pre-loaded with an app that gathered data on the network activity of the other apps they used. Their data was captured using the Python-based data portal CKAN, analysed with SciKit-Learn, then returned to them using Docker and the Ipython Notebook. Python also played a role in the reverse-engineering of some of the more interesting apps we discovered.
Workshop on Cyber security and investigationMehedi Hasan
Introduction:
In the fast-evolving digital age of the 21st century, cybersecurity has emerged as a paramount concern for governments, businesses, and individuals. The Workshop on Cybersecurity is a comprehensive and immersive event designed to address the challenges posed by cyber threats and equip participants with the knowledge and tools to safeguard their digital assets. This workshop, to be held over five days, seeks to empower attendees with the latest insights and practices in cyber defense, fostering a culture of resilience and proactive security measures.
Day 1: Understanding the Cyber Landscape
The workshop commences with a deep dive into the complex cyber landscape that defines modern society. Distinguished experts from the cybersecurity field will present an overview of the ever-changing cyber ecosystem, highlighting its interconnectedness and vulnerabilities. Participants will gain valuable insights into the roles of governments, corporations, and individuals in shaping the cyber landscape.
Key topics covered will include the global impact of cyberattacks, the importance of international collaboration in countering cyber threats, and the significance of public-private partnerships. This foundational knowledge will serve as the basis for the subsequent discussions on cyber defense strategies.
Day 2: Unraveling Cyber Threats and Attack Vectors
Day two focuses on understanding the multitude of cyber threats and attack vectors that can target individuals and organizations. Renowned cybersecurity researchers will present real-life case studies of recent cyber incidents, ranging from nation-state-sponsored attacks to financially motivated hacking campaigns. Participants will gain a comprehensive understanding of the tactics employed by threat actors and the motivations behind their actions.
Through interactive sessions, attendees will be immersed in simulated cyber-attack scenarios, enabling them to identify and mitigate potential threats effectively. The day will emphasize the need for a proactive and adaptive approach to cybersecurity, as well as the importance of threat intelligence sharing to bolster collective defense capabilities.
Day 3: Building Robust Cyber Defense Strategies
Day three delves into the development and implementation of robust cyber defense strategies. Experts in the field will introduce participants to cutting-edge tools and technologies that can effectively detect, prevent, and respond to cyber threats. Topics covered will include advanced threat hunting techniques, next-generation firewalls, intrusion detection systems, and incident response best practices.
Serverless Security: What's Left To ProtectGuy Podjarny
Serverless means handing off server management to the cloud platforms – along with their security risks. With the “pros” ensuring our servers are patched, what’s left for application owners to protect? As it turns out, quite a lot.
This talk discusses the aspects of security serverless doesn’t solve, the problems it could make worse, and the tools and practices you can use to keep yourself safe.
Required audience experience
Basic knowledge of how FaaS and Serverless works
Objective of the talk
As many companies explore the world of serverless, it’s important they understand the aspects of security this new world helps them with, and the ones they need to care more about. This talk will provide a framework to understand how to prioritise and approach security for Serverless apps.
The document discusses different approaches to detecting system compromise, including looking for rootkit side effects, signature-based scanning, and explicit compromise detection. It argues that modern malware need not use traditional rootkit techniques like hiding processes or sockets to achieve stealth. A demonstration of a "pretty stealthy backdoor" is presented that modifies only a few kernel data values without installing modules or hiding anything. The document proposes a classification of malware based on what operating system components it modifies and argues that type II malware modifying only data sections will be very difficult to detect.
Serverless Security: What's Left to Protect?Guy Podjarny
Slides from my ServerlessConf Austin 2017.
Serverless means handing off server management to the cloud platforms - along with their security risks. With the “pros” ensuring our servers are patched, what’s left for application owners to protect?
As it turns out, quite a lot. This talk discusses the aspects of security serverless doesn’t solve, the problems it could make worse, and the tools and practices you can use to keep yourself safe
This document discusses cyber security issues and solutions in the modern world. It outlines growing cyber crimes like computer viruses, password cracking, and unauthorized network access. It then describes brute force attacks and software available to detect them. It discusses strong authentication and Snort centers used in US cyber security. The Radar Page and Nessus vulnerability scanner are presented as tools to monitor cyber crimes. Preventions like intrusion alerts, encryption, and network scanning are recommended.
LST Toolkit: Exfiltration Over Sound, Light, TouchDimitry Snezhkov
The document discusses offensive and defensive strategies around exfiltrating sensitive data from secured environments. It describes observing defenses that focus on network-level exfiltration and lack behavioral context. Custom threat modeling and solutions may be needed. Tactics discussed include exploiting existing facilities, avoiding defenses, and transforming data to bypass monitoring. The document also outlines fictional scenarios where innovative techniques like encoding data in screen pixels or QR codes are used to exfiltrate information despite strengthened defenses.
The Hardcore Stuff I Hack:
This talk is going to give a run through of some of the technical challenges paul and his team have overcome over the years - in as much hardcore detail as possible
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
This document discusses the changing threat landscape of cybercrime and the need for new security technologies to address modern threats. It describes how traditional signature-based antivirus defenses are no longer sufficient due to the large number of new malware variants. The document then introduces the concept of "ubiquity" which leverages data from millions of users to identify malware based on how prevalent or widespread files are being used. This new approach shifts security from reactive blacklisting to proactively identifying invisible threats based on file reputation scores. The document claims ubiquity provides improved protection, better performance, and unique endpoint visibility compared to traditional antivirus solutions.
A short presentation on the Latest dumb of nsa tools by Shadowbroker hacker group. How to attack how to prevent the attack. Also about the new ransomware wanna cry 2.0
The document discusses two approaches to social mining from mobile data - NervousNet and MobileMiner. NervousNet collects sensor data from mobile devices and aggregates it on remote proxies. MobileMiner was developed by young coders to record the behavior of other apps on Android smartphones and return the data for analysis. It aims to increase understanding of what personal data apps collect and how frequently they access location, send notifications, or transmit data home.
This document discusses emerging security challenges with new technologies. It begins with an overview of how information security has evolved from a focus on confidentiality to also include integrity and availability. Four emerging technologies are then examined: robotics, 3D printing, the Internet of Things, and wearables. Each section identifies applications of the technology and discusses associated security risks. For example, robotic systems could be hacked and manipulated to cause physical harm. The document emphasizes that security needs to be considered from the early design stages of new technologies and provides some approaches to help secure them.
This document discusses emerging security challenges with new technologies. It begins with an overview of how information security has evolved from a focus on confidentiality to also emphasize integrity and availability. Four emerging technologies are then examined: robotics, 3D printing, the Internet of Things, and wearables. Each section identifies applications of the technology and discusses associated security risks. For example, robotic systems could be hacked and manipulated to cause physical harm. The document emphasizes that security must be considered from the early design stages of new technologies and provides approaches to help secure different areas.
Brick all the internet of things!(with notes)Jimmy Shah
Recently someone released a worm on the Internet that targeted IoT devices. In the past similar worms turned your Internet connected cameras and DVRs into nodes in a massive botnet. This time it used the same entry points into your devices to brick them. The better to prevent them from possibly being turned into weapons of mass denial of service.
We'll cover why that's a Bad Idea. And what are more constructive ways to get IoT/Internet-enabled embedded device manufacturers and vulnerability researchers to sit down at the same table.
The document summarizes the Mirai botnet, which infected hundreds of thousands of internet-connected devices to conduct large-scale DDoS attacks. It describes how Mirai propagated by scanning for vulnerable devices and installing malware. Researchers used network telescopes and honeypots to identify infected devices and attacks. The botnet brought down websites and services but caused no major, lasting damage. Future botnets may become more sophisticated with new infection methods and command infrastructure, leveraging the billions of devices expected to connect to the internet. Improving device security through patching and design is needed to address this growing threat.
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointDroidConTLV
This document discusses Android application security and how a malicious attacker could intercept and manipulate application data and system services by exploiting the Android Binder inter-process communication (IPC) mechanism. It describes how even novice attackers could potentially perform keylogging or manipulate banking applications, while more advanced "ninja" attackers could intercept SMS messages by hooking into the Binder driver. The core issue is that because all application data and system service requests must pass through Binder, an attacker with root access could intercept this traffic covertly without needing to reverse engineer individual apps. Solutions proposed include app developers better securing their own processes and data, while security firms should explore more proactive monitoring techniques.
This document summarizes a presentation about exploiting Android's Binder inter-process communication (IPC) mechanism to conduct malware attacks. It describes how Binder works and how malware authors have increasingly targeted it. Three demonstration attacks are shown: a keylogger that intercepts keyboard inputs via Binder, grabbing sensitive form data that transits between app activities via Binder, and intercepting SMS messages by intercepting Binder calls made by the SMS app to retrieve messages from the telephony manager. The document advocates encrypting sensitive data moving between apps via Binder to help prevent these kinds of attacks.
This document discusses honeypots and honeynets. It begins by explaining that honeypots are fake vulnerable systems used to collect information from attackers without being harmed. There are two main types - low interaction honeypots that emulate services and high interaction honeypots that use real systems. Honeynets are networks of high interaction honeypots used to capture in-depth information on attacks. The document outlines the benefits of honeypots for gathering threat intelligence and tracking attackers. It also discusses some popular honeypot tools and the growing cybersecurity market.
The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.
We issued 20 young coders with smartphones pre-loaded with an app that gathered data on the network activity of the other apps they used. Their data was captured using the Python-based data portal CKAN, analysed with SciKit-Learn, then returned to them using Docker and the Ipython Notebook. Python also played a role in the reverse-engineering of some of the more interesting apps we discovered.
Workshop on Cyber security and investigationMehedi Hasan
Introduction:
In the fast-evolving digital age of the 21st century, cybersecurity has emerged as a paramount concern for governments, businesses, and individuals. The Workshop on Cybersecurity is a comprehensive and immersive event designed to address the challenges posed by cyber threats and equip participants with the knowledge and tools to safeguard their digital assets. This workshop, to be held over five days, seeks to empower attendees with the latest insights and practices in cyber defense, fostering a culture of resilience and proactive security measures.
Day 1: Understanding the Cyber Landscape
The workshop commences with a deep dive into the complex cyber landscape that defines modern society. Distinguished experts from the cybersecurity field will present an overview of the ever-changing cyber ecosystem, highlighting its interconnectedness and vulnerabilities. Participants will gain valuable insights into the roles of governments, corporations, and individuals in shaping the cyber landscape.
Key topics covered will include the global impact of cyberattacks, the importance of international collaboration in countering cyber threats, and the significance of public-private partnerships. This foundational knowledge will serve as the basis for the subsequent discussions on cyber defense strategies.
Day 2: Unraveling Cyber Threats and Attack Vectors
Day two focuses on understanding the multitude of cyber threats and attack vectors that can target individuals and organizations. Renowned cybersecurity researchers will present real-life case studies of recent cyber incidents, ranging from nation-state-sponsored attacks to financially motivated hacking campaigns. Participants will gain a comprehensive understanding of the tactics employed by threat actors and the motivations behind their actions.
Through interactive sessions, attendees will be immersed in simulated cyber-attack scenarios, enabling them to identify and mitigate potential threats effectively. The day will emphasize the need for a proactive and adaptive approach to cybersecurity, as well as the importance of threat intelligence sharing to bolster collective defense capabilities.
Day 3: Building Robust Cyber Defense Strategies
Day three delves into the development and implementation of robust cyber defense strategies. Experts in the field will introduce participants to cutting-edge tools and technologies that can effectively detect, prevent, and respond to cyber threats. Topics covered will include advanced threat hunting techniques, next-generation firewalls, intrusion detection systems, and incident response best practices.
Serverless Security: What's Left To ProtectGuy Podjarny
Serverless means handing off server management to the cloud platforms – along with their security risks. With the “pros” ensuring our servers are patched, what’s left for application owners to protect? As it turns out, quite a lot.
This talk discusses the aspects of security serverless doesn’t solve, the problems it could make worse, and the tools and practices you can use to keep yourself safe.
Required audience experience
Basic knowledge of how FaaS and Serverless works
Objective of the talk
As many companies explore the world of serverless, it’s important they understand the aspects of security this new world helps them with, and the ones they need to care more about. This talk will provide a framework to understand how to prioritise and approach security for Serverless apps.
The document discusses different approaches to detecting system compromise, including looking for rootkit side effects, signature-based scanning, and explicit compromise detection. It argues that modern malware need not use traditional rootkit techniques like hiding processes or sockets to achieve stealth. A demonstration of a "pretty stealthy backdoor" is presented that modifies only a few kernel data values without installing modules or hiding anything. The document proposes a classification of malware based on what operating system components it modifies and argues that type II malware modifying only data sections will be very difficult to detect.
Serverless Security: What's Left to Protect?Guy Podjarny
Slides from my ServerlessConf Austin 2017.
Serverless means handing off server management to the cloud platforms - along with their security risks. With the “pros” ensuring our servers are patched, what’s left for application owners to protect?
As it turns out, quite a lot. This talk discusses the aspects of security serverless doesn’t solve, the problems it could make worse, and the tools and practices you can use to keep yourself safe
This document discusses cyber security issues and solutions in the modern world. It outlines growing cyber crimes like computer viruses, password cracking, and unauthorized network access. It then describes brute force attacks and software available to detect them. It discusses strong authentication and Snort centers used in US cyber security. The Radar Page and Nessus vulnerability scanner are presented as tools to monitor cyber crimes. Preventions like intrusion alerts, encryption, and network scanning are recommended.
LST Toolkit: Exfiltration Over Sound, Light, TouchDimitry Snezhkov
The document discusses offensive and defensive strategies around exfiltrating sensitive data from secured environments. It describes observing defenses that focus on network-level exfiltration and lack behavioral context. Custom threat modeling and solutions may be needed. Tactics discussed include exploiting existing facilities, avoiding defenses, and transforming data to bypass monitoring. The document also outlines fictional scenarios where innovative techniques like encoding data in screen pixels or QR codes are used to exfiltrate information despite strengthened defenses.
The Hardcore Stuff I Hack:
This talk is going to give a run through of some of the technical challenges paul and his team have overcome over the years - in as much hardcore detail as possible
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
This document discusses the changing threat landscape of cybercrime and the need for new security technologies to address modern threats. It describes how traditional signature-based antivirus defenses are no longer sufficient due to the large number of new malware variants. The document then introduces the concept of "ubiquity" which leverages data from millions of users to identify malware based on how prevalent or widespread files are being used. This new approach shifts security from reactive blacklisting to proactively identifying invisible threats based on file reputation scores. The document claims ubiquity provides improved protection, better performance, and unique endpoint visibility compared to traditional antivirus solutions.
A short presentation on the Latest dumb of nsa tools by Shadowbroker hacker group. How to attack how to prevent the attack. Also about the new ransomware wanna cry 2.0
The document discusses two approaches to social mining from mobile data - NervousNet and MobileMiner. NervousNet collects sensor data from mobile devices and aggregates it on remote proxies. MobileMiner was developed by young coders to record the behavior of other apps on Android smartphones and return the data for analysis. It aims to increase understanding of what personal data apps collect and how frequently they access location, send notifications, or transmit data home.
This document discusses emerging security challenges with new technologies. It begins with an overview of how information security has evolved from a focus on confidentiality to also include integrity and availability. Four emerging technologies are then examined: robotics, 3D printing, the Internet of Things, and wearables. Each section identifies applications of the technology and discusses associated security risks. For example, robotic systems could be hacked and manipulated to cause physical harm. The document emphasizes that security needs to be considered from the early design stages of new technologies and provides some approaches to help secure them.
This document discusses emerging security challenges with new technologies. It begins with an overview of how information security has evolved from a focus on confidentiality to also emphasize integrity and availability. Four emerging technologies are then examined: robotics, 3D printing, the Internet of Things, and wearables. Each section identifies applications of the technology and discusses associated security risks. For example, robotic systems could be hacked and manipulated to cause physical harm. The document emphasizes that security must be considered from the early design stages of new technologies and provides approaches to help secure different areas.
Brick all the internet of things!(with notes)Jimmy Shah
Recently someone released a worm on the Internet that targeted IoT devices. In the past similar worms turned your Internet connected cameras and DVRs into nodes in a massive botnet. This time it used the same entry points into your devices to brick them. The better to prevent them from possibly being turned into weapons of mass denial of service.
We'll cover why that's a Bad Idea. And what are more constructive ways to get IoT/Internet-enabled embedded device manufacturers and vulnerability researchers to sit down at the same table.
The document summarizes the Mirai botnet, which infected hundreds of thousands of internet-connected devices to conduct large-scale DDoS attacks. It describes how Mirai propagated by scanning for vulnerable devices and installing malware. Researchers used network telescopes and honeypots to identify infected devices and attacks. The botnet brought down websites and services but caused no major, lasting damage. Future botnets may become more sophisticated with new infection methods and command infrastructure, leveraging the billions of devices expected to connect to the internet. Improving device security through patching and design is needed to address this growing threat.
9. Name: $ echo `uname –r`
Occupation: Holding the world
on its shoulders since 1.1.1970
Feeling neglected now that
system services get all the
attention on Android
51. Attacking The Binder
• Hook libbinder.so at the point where it sends an
ioctl to the kernel
• Stealth: dozens of places to hook
• But don’t you need root?
54. Summary
Features:
• Versatility: one hook – multiple functionalities.
• App agnostic: no need to RE apps.
• Stealth: the Android security model limits 3rd
party security apps just like any other app.
55. Summary
• This is NOT a vulnerability. It’s like man-in-the-
browser, but for literally everything on Android.
• Root is assumed. Rooting won’t go away any
time soon.
57. What are you trying to tell me?
That I can get all permissions on
a device?
No.
I’m trying to tell you that when
you’re ready, you won’t have to
58.
59. Solutions – for developers
• Take control of your own process memory
space.
• Minimize the amount of data going to IPC, and
encrypt what has to go.
60. Solutions – for security industry
• Scan files like it’s the 90’s.
• Be brave – get root yourself:
• Runtime process scanning and monitoring.
• Software firewall (like Avast).
• Binder firewall/anomaly detection.
• Etc.
61. Further Reading
[1] White paper: “Man in the Binder”, Artenstein
and Revivo
[2] “On the Reconstruction of Android Malware
Behaviors”, Fatori, Tam et al
[3] “Binderwall: Monitoring and Filtering Android
Interprocess Communication”, Hausner
Editor's Notes
Need to say something about our group what do we do and maybe a promo for ccc
This is a serious bank application for transferring funds between accounts
To attack a system, one must first understand the system.
And to do first lets take a look at standard OS that we all know … and some of us like… I guess … windows
Application on windows needs to know allot of information about the environment its operating in.
Sound example needs to know:
Kernel version
Enumerate all the audio devices
correct device descriptor
syscall number for transmitting the data
system is engineered in order to do anything specific
It doesn’t mean that if you are a programmer and you open visual studio you don’t to know all that stuff but the compiler knows all that stuff for you , and he incorporate all this data into your binary file.
And this makes your application really heavy.
And this is exactly what the android designers wanted to avoid .
They wanted to create an Object Oriented operating system
And the way to do it is isolate the application from the kernel
In android according to object oriented concept we have what's called system service .
system services come prebuild inside the android operating system ,
Each system service had its own specific role: audio,video,etc…
Basically they handle all the kernel communication for the application.
So the android application can only talk to manger applications to request their services
For example play sound (explain rpc)
Ok so that’s a great approach ,everything is good , everyone is happy but we do have a problem here ,can anyone spot the problem ?
(Windows example)
application cant talk to the kernel so how exactly is send this request to manager application?
And the answer is binder
So you probably asking yourselves what is binder
Binder is an inter-process commination mechanism that in charge on passing remote procedure calls from different process in the system.
What this is actually means is that when our application needs to talk to a specific system service,
the application will send a remote procedure call to the binder and the binder will pass it to the required system service,
Basically what I’m trying to say is here is that basically “everything goes through the binder”
now lets look at how android designers implemented binder
So the binder is implemented in two parts, a userland framework which is loaded inside every application process and a kernel driver.
userland framework part is responsible
Taking remote procedure calls with their arguments and wrap the in special container.
Sending the container to kernel via iocatl syscall.
Unwrapping that data when it arrives at the target process.
That's possible because the Binder framework is a core part of every process in Android, servers as well as application. So when you fork() a process to create a new one,
that new process will also have a copy of the Binder framework in it's memory space.
The kernel driver part responsible
Passing the remote procedure calls between process
it acts more like a router by receiving the container ,parses the destination address of that container, and copies the container data to the target process' address space.
It then wakes up a designated thread in the target process which is supposed to listen for incoming calls from client applications.
So what exactly is this container?
The name of that container is parcel
It’s a flexible and extensible data object that when send to the kernel via ioctl call it’s been marshells into a flat buffer and passed to the other process
The parcel contains
The name of the destination service in this case media player
The function code of the procedure call it needs to invoke
And the arguments for that function
For example here we want to change the volume of the device
So we have two arguments two floats for left and right speaker
Ok now lets do a short recap.
Just to make sure that everyone understand the concept .
The wants to play sound
It warps the arguments in this case an audio file descriptor in a parcel using the userland framework part
then the the process sends an ioctl syscall to kernel with the parcel inside
The kernel driver parses the destination address of that parcell, and ten copies the parcel data to the target process' address space
then the rpc call is invoked and the audio manger trasnmits to kernel to play that audio file
And the the response is sent to back the same way to the application proceess
And now we see the real picture on Android.
A group of client application, here represented as the green islands, constantly send request to system services via the Binder.
On the other side, the system services receive the requests, talk to the hardware via the kernel, and return a reply to the application.
This intricate web is what makes Android tick.
And now you finally understand that ... “everything goes through the binder” .
Now for the fun part of binder attacks I give you nitty
A thread in an app sets up a listener
When the user hits a key, the keyboard server sends a Parcel to an InputContext interface
We sniff the Parcel as it goes through the Binder
When the application process starts a new Activity, it calls the ActivityManager.
Data that needs to be available to another Activity is sent in the parameters of StartActivity()
All we need to do is sniff it in Binder