SlideShare a Scribd company logo

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

viaForensics
viaForensics

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

Education
1 of 36
Download to read offline
SESSION ID: Mobile Analysis Kung Fu, Santoku Style ANF-W03 Andrew Hoog CEO/Co-founder viaForensics @ahoog42 Sebastián Guerrero Mobile Security Analyst viaForensics @0xroot
#RSAC Agenda  Santoku Intro  Mobile Forensics Kung Fu  Mobile Security Kung Fu  Mobile Malware Analysis Kung Fu 2
Santoku Intro
#RSAC Santoku – Why? 0 200 400 600 800 1000 1200 1400 1600 2012 2017 (Projected) Desktop PC Portable PC Tablet Smartphone 4
#RSAC https://santoku-linux.com/ - It’s Free! 5
#RSAC Santoku – What? 6
#RSAC Santoku – How?  Install Lubuntu 12.04 (precise) x86_64  Santoku-ize it 7
#RSAC You should get (after reboot) 8
Mobile Forensics Kung Fu
#RSAC Forensic Acquisition Types 10
#RSAC iOS Logical  Connect device (Enter PIN if needed)  Ideviceback2 backup <backup dir>  Ideviceback2 unback <backup dir>  View backup|unpacked backup 11
#RSAC iOS Logical 12
#RSAC iPhone Backup Analyzer 13
#RSAC Android Logical  AFLogical OSE (https://github.com/viaforensics/android-forensics)  Reads Content-Providers  Push to phone, run, store on SD-Card  Pull CSVs to Santoku for review 14
#RSAC AFLogical OSE 15
#RSAC Install, run, extract 16
#RSAC viaExtract 17
Mobile Security Kung Fu
#RSAC App Selection  Apps were selected based on popularity, number of downloads, or potential sensitivity of data  Approximately 80 apps have been reviewed and organized into categories 20
#RSAC 2013 App testing result  81 tested apps, 32 iOS, 49 Android 21 0% 20% 40% 60% 80% Failed MiTM or SSL Stored Password (Plaintext or hashed) Stored sensitive app data on memory At least one 'High risk' rating iOS Android
#RSAC 22
#RSAC Any.Do  Business and personal task management app iOS and Android  Millions of users  Many vulnerabilities, no response from company  https://viaforensics.com/mobile-security/security-vulnerabilities- anydo-android.html 23
#RSAC Any.Do Analysis - Forensics  Locat Any.DO app directory  Adb pull /data/data/com.anydo  Examine database/binary files  Capture network traffic 24
#RSAC Any.Do Analysis - Forensics 25
Mobile Malware Analysis Kung Fu
#RSAC NQ Mobile 27
#RSAC Bad News  Android Malware, masquerades as an innocent advertising network  Packaged in many legitimate apps, usually targeting Russian market  Has ability to download additional apps, and propmts the user to install them, posing as “Critical Updates”. Uses this mechanism to spread known malware, typically Premium Rate SMS fraud.  For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/ 28
#RSAC apktool  Tool for reverse engineering Android apk  Dissasembles code to smali files, also decodes resources contained into the apk.  It can also repackage the applications after you have modified them  We can run it on Badnews Badnews Sample 29
#RSAC From apktool to smali  We can grep for known sensible method calls and strings 30
#RSAC From apktool to smali  We can manually analyze the disassembled smali coded provided by apktool  For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application 31
#RSAC Badnews sample – Dex2Jar - JDGui 32
#RSAC Korean Banking Malware 33
#RSAC Korean Banking Malware (Analysis) 34
#RSAC A little help fu, please  HOWTOs  New/existing tool development  .deb package maintenance  Forums, spreading the word 35
#RSAC Q&A | Contact | Feedback  Thanks for listening… @0xroot / @ahoog42 github/0xroot / github/viaforensics sguerrero@viaforensics.com / ahoog@viaforensics.com 36

Recommended

Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
NowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
NowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 

Recommended

Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
NowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
NowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
CODE BLUE
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
Prayukth K V
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
Cyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
Cyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015
Clare Nelson, CISSP, CIPP-E
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
Cyren, Inc
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
Alison Gianotto
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
Gregory Hanis
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beings
zekivazquez
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Nipun Jaswal
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
sebis research profile
sebis research profilesebis research profile
sebis research profile
sebistum
 

More Related Content

What's hot

It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
CODE BLUE
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
Prayukth K V
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
Cyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
Cyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015
Clare Nelson, CISSP, CIPP-E
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
Cyren, Inc
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
Alison Gianotto
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
Gregory Hanis
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beings
zekivazquez
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Nipun Jaswal
 

What's hot (20)

It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beings
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
 

Viewers also liked

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
sebis research profile
sebis research profilesebis research profile
sebis research profile
sebistum
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
Ange Albertini
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
viaForensics
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
Aditya K Sood
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
OpenDNS
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
OpenDNS
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
Nilay Mistry ACE, ISMS LA, OSFCE
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
InMobi Technology
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
anupriti
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
arnaudsoullie
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
Santhosh Kumar
 
Social Media at NASA, 2012 Edition
Social Media at NASA, 2012 EditionSocial Media at NASA, 2012 Edition
Social Media at NASA, 2012 Edition
NASA - National Aeronautics and Space Administration
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpoint
guested929b
 

Viewers also liked (19)

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
sebis research profile
sebis research profilesebis research profile
sebis research profile
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
Social Media at NASA, 2012 Edition
Social Media at NASA, 2012 EditionSocial Media at NASA, 2012 Edition
Social Media at NASA, 2012 Edition
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpoint
 

Similar to Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
Judy Ngure
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Priyanka Aash
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Priyanka Aash
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android Apps
Priyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
viaForensics
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
Outhai SAIOUDOM
 
Hey android, Where is my car?
Hey android, Where is my car?Hey android, Where is my car?
Hey android, Where is my car?
Priyanka Aash
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
Priyanka Aash
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Mobodexter
 
Stop Passing the Bug: IoT Supply Chain Security
Stop Passing the Bug: IoT Supply Chain SecurityStop Passing the Bug: IoT Supply Chain Security
Stop Passing the Bug: IoT Supply Chain Security
Synopsys Software Integrity Group
 
How to Analyze an Android Bot
How to Analyze an Android BotHow to Analyze an Android Bot
How to Analyze an Android Bot
Priyanka Aash
 
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdfPTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
Shadowman Kung
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
SensePost
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
Tom Eston
 
Mobile security
Mobile securityMobile security
Mobile security
Stefaan
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
Wolfgang Kandek
 

Similar to Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014 (20)

The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android Apps
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
Hey android, Where is my car?
Hey android, Where is my car?Hey android, Where is my car?
Hey android, Where is my car?
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Stop Passing the Bug: IoT Supply Chain Security
Stop Passing the Bug: IoT Supply Chain SecurityStop Passing the Bug: IoT Supply Chain Security
Stop Passing the Bug: IoT Supply Chain Security
 
How to Analyze an Android Bot
How to Analyze an Android BotHow to Analyze an Android Bot
How to Analyze an Android Bot
 
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdfPTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Mobile security
Mobile securityMobile security
Mobile security
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 

Recently uploaded

ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Fresher’s Quiz 2023 at GMC Nizamabad.pptx
Fresher’s Quiz 2023 at GMC Nizamabad.pptxFresher’s Quiz 2023 at GMC Nizamabad.pptx
Fresher’s Quiz 2023 at GMC Nizamabad.pptx
SriSurya50
 

Recently uploaded (20)

ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Fresher’s Quiz 2023 at GMC Nizamabad.pptx
Fresher’s Quiz 2023 at GMC Nizamabad.pptxFresher’s Quiz 2023 at GMC Nizamabad.pptx
Fresher’s Quiz 2023 at GMC Nizamabad.pptx
 

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

  • 1. SESSION ID: Mobile Analysis Kung Fu, Santoku Style ANF-W03 Andrew Hoog CEO/Co-founder viaForensics @ahoog42 Sebastián Guerrero Mobile Security Analyst viaForensics @0xroot
  • 2. #RSAC Agenda  Santoku Intro  Mobile Forensics Kung Fu  Mobile Security Kung Fu  Mobile Malware Analysis Kung Fu 2
  • 4. #RSAC Santoku – Why? 0 200 400 600 800 1000 1200 1400 1600 2012 2017 (Projected) Desktop PC Portable PC Tablet Smartphone 4
  • 7. #RSAC Santoku – How?  Install Lubuntu 12.04 (precise) x86_64  Santoku-ize it 7
  • 8. #RSAC You should get (after reboot) 8
  • 11. #RSAC iOS Logical  Connect device (Enter PIN if needed)  Ideviceback2 backup <backup dir>  Ideviceback2 unback <backup dir>  View backup|unpacked backup 11
  • 13. #RSAC iPhone Backup Analyzer 13
  • 14. #RSAC Android Logical  AFLogical OSE (https://github.com/viaforensics/android-forensics)  Reads Content-Providers  Push to phone, run, store on SD-Card  Pull CSVs to Santoku for review 14
  • 16. #RSAC Install, run, extract 16
  • 19.
  • 20. #RSAC App Selection  Apps were selected based on popularity, number of downloads, or potential sensitivity of data  Approximately 80 apps have been reviewed and organized into categories 20
  • 21. #RSAC 2013 App testing result  81 tested apps, 32 iOS, 49 Android 21 0% 20% 40% 60% 80% Failed MiTM or SSL Stored Password (Plaintext or hashed) Stored sensitive app data on memory At least one 'High risk' rating iOS Android
  • 23. #RSAC Any.Do  Business and personal task management app iOS and Android  Millions of users  Many vulnerabilities, no response from company  https://viaforensics.com/mobile-security/security-vulnerabilities- anydo-android.html 23
  • 24. #RSAC Any.Do Analysis - Forensics  Locat Any.DO app directory  Adb pull /data/data/com.anydo  Examine database/binary files  Capture network traffic 24
  • 25. #RSAC Any.Do Analysis - Forensics 25
  • 28. #RSAC Bad News  Android Malware, masquerades as an innocent advertising network  Packaged in many legitimate apps, usually targeting Russian market  Has ability to download additional apps, and propmts the user to install them, posing as “Critical Updates”. Uses this mechanism to spread known malware, typically Premium Rate SMS fraud.  For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/ 28
  • 29. #RSAC apktool  Tool for reverse engineering Android apk  Dissasembles code to smali files, also decodes resources contained into the apk.  It can also repackage the applications after you have modified them  We can run it on Badnews Badnews Sample 29
  • 30. #RSAC From apktool to smali  We can grep for known sensible method calls and strings 30
  • 31. #RSAC From apktool to smali  We can manually analyze the disassembled smali coded provided by apktool  For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application 31
  • 32. #RSAC Badnews sample – Dex2Jar - JDGui 32
  • 33. #RSAC Korean Banking Malware 33
  • 34. #RSAC Korean Banking Malware (Analysis) 34
  • 35. #RSAC A little help fu, please  HOWTOs  New/existing tool development  .deb package maintenance  Forums, spreading the word 35
  • 36. #RSAC Q&A | Contact | Feedback  Thanks for listening… @0xroot / @ahoog42 github/0xroot / github/viaforensics sguerrero@viaforensics.com / ahoog@viaforensics.com 36