SlideShare a Scribd company logo

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

viaForensics
viaForensics

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

Education
1 of 36
Download to read offline
SESSION ID: Mobile Analysis Kung Fu, Santoku Style ANF-W03 Andrew Hoog CEO/Co-founder viaForensics @ahoog42 Sebastián Guerrero Mobile Security Analyst viaForensics @0xroot
#RSAC Agenda  Santoku Intro  Mobile Forensics Kung Fu  Mobile Security Kung Fu  Mobile Malware Analysis Kung Fu 2
Santoku Intro
#RSAC Santoku – Why? 0 200 400 600 800 1000 1200 1400 1600 2012 2017 (Projected) Desktop PC Portable PC Tablet Smartphone 4
#RSAC https://santoku-linux.com/ - It’s Free! 5
#RSAC Santoku – What? 6
#RSAC Santoku – How?  Install Lubuntu 12.04 (precise) x86_64  Santoku-ize it 7
#RSAC You should get (after reboot) 8
Mobile Forensics Kung Fu
#RSAC Forensic Acquisition Types 10
#RSAC iOS Logical  Connect device (Enter PIN if needed)  Ideviceback2 backup <backup dir>  Ideviceback2 unback <backup dir>  View backup|unpacked backup 11
#RSAC iOS Logical 12
#RSAC iPhone Backup Analyzer 13
#RSAC Android Logical  AFLogical OSE (https://github.com/viaforensics/android-forensics)  Reads Content-Providers  Push to phone, run, store on SD-Card  Pull CSVs to Santoku for review 14
#RSAC AFLogical OSE 15
#RSAC Install, run, extract 16
#RSAC viaExtract 17
Mobile Security Kung Fu
#RSAC App Selection  Apps were selected based on popularity, number of downloads, or potential sensitivity of data  Approximately 80 apps have been reviewed and organized into categories 20
#RSAC 2013 App testing result  81 tested apps, 32 iOS, 49 Android 21 0% 20% 40% 60% 80% Failed MiTM or SSL Stored Password (Plaintext or hashed) Stored sensitive app data on memory At least one 'High risk' rating iOS Android
#RSAC 22
#RSAC Any.Do  Business and personal task management app iOS and Android  Millions of users  Many vulnerabilities, no response from company  https://viaforensics.com/mobile-security/security-vulnerabilities- anydo-android.html 23
#RSAC Any.Do Analysis - Forensics  Locat Any.DO app directory  Adb pull /data/data/com.anydo  Examine database/binary files  Capture network traffic 24
#RSAC Any.Do Analysis - Forensics 25
Mobile Malware Analysis Kung Fu
#RSAC NQ Mobile 27
#RSAC Bad News  Android Malware, masquerades as an innocent advertising network  Packaged in many legitimate apps, usually targeting Russian market  Has ability to download additional apps, and propmts the user to install them, posing as “Critical Updates”. Uses this mechanism to spread known malware, typically Premium Rate SMS fraud.  For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/ 28
#RSAC apktool  Tool for reverse engineering Android apk  Dissasembles code to smali files, also decodes resources contained into the apk.  It can also repackage the applications after you have modified them  We can run it on Badnews Badnews Sample 29
#RSAC From apktool to smali  We can grep for known sensible method calls and strings 30
#RSAC From apktool to smali  We can manually analyze the disassembled smali coded provided by apktool  For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application 31
#RSAC Badnews sample – Dex2Jar - JDGui 32
#RSAC Korean Banking Malware 33
#RSAC Korean Banking Malware (Analysis) 34
#RSAC A little help fu, please  HOWTOs  New/existing tool development  .deb package maintenance  Forums, spreading the word 35
#RSAC Q&A | Contact | Feedback  Thanks for listening… @0xroot / @ahoog42 github/0xroot / github/viaforensics sguerrero@viaforensics.com / ahoog@viaforensics.com 36

Recommended

Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 

Recommended

Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...CODE BLUE
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safePrayukth K V
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015Clare Nelson, CISSP, CIPP-E
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Minseok(Jacky) Cha
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsAlison Gianotto
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beingszekivazquez
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profitNipun Jaswal
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 

More Related Content

What's hot

It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...CODE BLUE
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safePrayukth K V
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Minseok(Jacky) Cha
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsAlison Gianotto
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beingszekivazquez
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profitNipun Jaswal
 

What's hot (20)

It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beings
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
 

Viewers also liked

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in imagesAnge Albertini
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...viaForensics
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOpenDNS
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationOpenDNS
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search EngineInMobi Technology
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testingSanthosh Kumar
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpointguested929b
 

Viewers also liked (19)

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
sebis research profile
sebis research profilesebis research profile
sebis research profile
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
Social Media at NASA, 2012 Edition
Social Media at NASA, 2012 EditionSocial Media at NASA, 2012 Edition
Social Media at NASA, 2012 Edition
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpoint
 

Similar to Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile securityJudy Ngure
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsPriyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014viaForensics
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Hey android, Where is my car?
Hey android, Where is my car?Hey android, Where is my car?
Hey android, Where is my car?Priyanka Aash
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesPriyanka Aash
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
How to Analyze an Android Bot
How to Analyze an Android BotHow to Analyze an Android Bot
How to Analyze an Android BotPriyanka Aash
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphonesSensePost
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek
 
Combating Software Piracy Using Code Encryption Technique
Combating Software Piracy Using Code Encryption TechniqueCombating Software Piracy Using Code Encryption Technique
Combating Software Piracy Using Code Encryption Techniquetheijes
 

Similar to Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014 (20)

The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android Apps
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
Hey android, Where is my car?
Hey android, Where is my car?Hey android, Where is my car?
Hey android, Where is my car?
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Stop Passing the Bug: IoT Supply Chain Security
Stop Passing the Bug: IoT Supply Chain SecurityStop Passing the Bug: IoT Supply Chain Security
Stop Passing the Bug: IoT Supply Chain Security
 
How to Analyze an Android Bot
How to Analyze an Android BotHow to Analyze an Android Bot
How to Analyze an Android Bot
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Mobile security
Mobile securityMobile security
Mobile security
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
Combating Software Piracy Using Code Encryption Technique
Combating Software Piracy Using Code Encryption TechniqueCombating Software Piracy Using Code Encryption Technique
Combating Software Piracy Using Code Encryption Technique
 

Recently uploaded

THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxJanEmmanBrigoli
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsRommel Regala
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 

Recently uploaded (20)

THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World Politics
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014

  • 1. SESSION ID: Mobile Analysis Kung Fu, Santoku Style ANF-W03 Andrew Hoog CEO/Co-founder viaForensics @ahoog42 Sebastián Guerrero Mobile Security Analyst viaForensics @0xroot
  • 2. #RSAC Agenda  Santoku Intro  Mobile Forensics Kung Fu  Mobile Security Kung Fu  Mobile Malware Analysis Kung Fu 2
  • 4. #RSAC Santoku – Why? 0 200 400 600 800 1000 1200 1400 1600 2012 2017 (Projected) Desktop PC Portable PC Tablet Smartphone 4
  • 7. #RSAC Santoku – How?  Install Lubuntu 12.04 (precise) x86_64  Santoku-ize it 7
  • 8. #RSAC You should get (after reboot) 8
  • 11. #RSAC iOS Logical  Connect device (Enter PIN if needed)  Ideviceback2 backup <backup dir>  Ideviceback2 unback <backup dir>  View backup|unpacked backup 11
  • 13. #RSAC iPhone Backup Analyzer 13
  • 14. #RSAC Android Logical  AFLogical OSE (https://github.com/viaforensics/android-forensics)  Reads Content-Providers  Push to phone, run, store on SD-Card  Pull CSVs to Santoku for review 14
  • 16. #RSAC Install, run, extract 16
  • 19.
  • 20. #RSAC App Selection  Apps were selected based on popularity, number of downloads, or potential sensitivity of data  Approximately 80 apps have been reviewed and organized into categories 20
  • 21. #RSAC 2013 App testing result  81 tested apps, 32 iOS, 49 Android 21 0% 20% 40% 60% 80% Failed MiTM or SSL Stored Password (Plaintext or hashed) Stored sensitive app data on memory At least one 'High risk' rating iOS Android
  • 23. #RSAC Any.Do  Business and personal task management app iOS and Android  Millions of users  Many vulnerabilities, no response from company  https://viaforensics.com/mobile-security/security-vulnerabilities- anydo-android.html 23
  • 24. #RSAC Any.Do Analysis - Forensics  Locat Any.DO app directory  Adb pull /data/data/com.anydo  Examine database/binary files  Capture network traffic 24
  • 25. #RSAC Any.Do Analysis - Forensics 25
  • 28. #RSAC Bad News  Android Malware, masquerades as an innocent advertising network  Packaged in many legitimate apps, usually targeting Russian market  Has ability to download additional apps, and propmts the user to install them, posing as “Critical Updates”. Uses this mechanism to spread known malware, typically Premium Rate SMS fraud.  For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/ 28
  • 29. #RSAC apktool  Tool for reverse engineering Android apk  Dissasembles code to smali files, also decodes resources contained into the apk.  It can also repackage the applications after you have modified them  We can run it on Badnews Badnews Sample 29
  • 30. #RSAC From apktool to smali  We can grep for known sensible method calls and strings 30
  • 31. #RSAC From apktool to smali  We can manually analyze the disassembled smali coded provided by apktool  For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application 31
  • 32. #RSAC Badnews sample – Dex2Jar - JDGui 32
  • 33. #RSAC Korean Banking Malware 33
  • 34. #RSAC Korean Banking Malware (Analysis) 34
  • 35. #RSAC A little help fu, please  HOWTOs  New/existing tool development  .deb package maintenance  Forums, spreading the word 35
  • 36. #RSAC Q&A | Contact | Feedback  Thanks for listening… @0xroot / @ahoog42 github/0xroot / github/viaforensics sguerrero@viaforensics.com / ahoog@viaforensics.com 36