SlideShare a Scribd company logo

Via forensics thotcon-2013-mobile-security-with-santoku-linux

viaForensics
viaForensics
Technology
1 of 42
Download to read offline
* © Copyright 2013 viaForensics, LLC. Proprietary Information. Mobile security, forensics & malware analysis with Santoku Linux
*© Copyright 2013 viaForensics, LLC. Proprietary Information. IN MEMORY OF Alois Charles Hoog, Sr. (1920 - 2013) Husband Father of 5 Grandfather of 12 Great Grandfather of 9 United States Army Air Corps (Retired) And a true Master Craftsman that any Geek would be proud to call Grandpa We will miss you dearly.
*© Copyright 2013 viaForensics, LLC. Proprietary Information. PRESENTER Andrew Hoog (CEO/Co-Founder) Andrew is a published author, computer scientist, and mobile forensic/security researcher. He has several patents pending and does frequent presentations/briefings. Additionally He participated in many hack(y sack) circles in college instead of classes
*© Copyright 2013 viaForensics, LLC. Proprietary Information. VIAFORENSICS OVERVIEW viaForensics is a mobile security company founded in 2009. Bootstrapped with ~40 employees and a 10 person dedicated mobile security R&D team Some of our f/oss: YAFFS2 in TSK AFLogical OSE Santoku Linux ...
*© Copyright 2013 viaForensics, LLC. Proprietary Information. RECENT CONFERENCES
*© Copyright 2013 viaForensics, LLC. Proprietary Information. SANTOKU - WHY? Desktop PC Portable PC Tablet Smartphone # Units Shipped (millions) 2012 Total: 1,201.1 2017 (Projected) Total: 2,250.3 1600 1200 700 200
*© Copyright 2013 viaForensics, LLC. Proprietary Information. SANTOKU - WHAT?
*© Copyright 2013 viaForensics, LLC. Proprietary Information. SANTOKU - HOW? — Install Lubuntu 12.04 (precise) x86_64 — Santoku-ize it
*© Copyright 2013 viaForensics, LLC. Proprietary Information. You should get (after reboot)
*© Copyright 2013 viaForensics, LLC. Proprietary Information. A Different Kind of Hacking
*© Copyright 2013 viaForensics, LLC. Proprietary Information. The History of Footbag The concept behind footbag – intercepting an object in flight and keeping it airborne by using all parts of the body except the hands and arms is not a new idea. Rather, as surprising as it may seem, the roots of our modern-day kicking game are to be found in ancient Eastern cultures. Shown here are people playing Sepak Takraw in the streets of Malaysia.
* © Copyright 2013 viaForensics, LLC. Proprietary Information. MOBILE FORENSICS
*© Copyright 2013 viaForensics, LLC. Proprietary Information. FORENSIC ACQUISITION TYPES Logical File system Physical Description Read device data via backup, API or other controlled access to data Use cases Fast Data generally well structured Challenges Often very limited access to data Usually requires unlocked passcode Description Copy of files of file system Use cases More data than logical Re-creating encrypted file system Challenges Requires additional access to device Many file system files not responsive on cases Description Bit-by-bit copy of physical drive Use cases Most forensically sound technique Increases chance of deleted data recovery Challenges Cannot pull hard drive on mobile devices FTL may not provide bad blocks
*© Copyright 2013 viaForensics, LLC. Proprietary Information. iOS Logical — Connect device (enter PIN if needed) — ideviceback2 backup <backup dir> — ideviceback2 unback <backup dir> — View backup|unpacked backup
*© Copyright 2013 viaForensics, LLC. Proprietary Information. iOS Logical
*© Copyright 2013 viaForensics, LLC. Proprietary Information. iPhone Backup Analyzer
*© Copyright 2013 viaForensics, LLC. Proprietary Information. The History of Footbag While the co-operative kicking sport has ancient origins from China, Thailand, Native America and nearly every country. Hacky Sack or Footbag, as we know it today, is a modern American sport invented in 1972, by John Stalberger and Mike Marshall of Oregon City, Oregon. Marshall had created a hand-made bean bag, that he was kicking around. Stalberger was recovering from knee surgery and was looking for a fun way to exercise his knees. Together, they called the new game "Hackin' the Sack." The two decided to collaborate and market their new game under the trademark of "Hacky Sack®". Mike Marshall died of a heart attack in 1975, at the age of twenty-eight. John Stalberger continued with the "Hacky Sack" cause and formed the National Hacky Sack Association. He later sold the rights for the Hacky Sack® Footbag to Kransco (operating under the Wham-O label), which also manufactured the Frisbee flying disc.
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Android Logical — AFLogical OSE https://github.com/viaforensics/android-forensics — Reads Content Providers — Push to phone, run, store on SD Card — Pull CSVs to Santoku for review
*© Copyright 2013 viaForensics, LLC. Proprietary Information. AFLogical OSE
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Install, run, extract
*© Copyright 2013 viaForensics, LLC. Proprietary Information. The Benefits of Hacking to Hackers What do most hackers do while they're hacking? They sit! You don't need a Ph.D in physiology or biomechanics to know that spending 8-16 hours in a chair is bad for you.
*© Copyright 2013 viaForensics, LLC. Proprietary Information. The Benefits of Hacking to Hackers Hacky Sack: Is Cooperative {much more fun in groups} Is Legit Exercise {it will get your blood flowing} Improves overall coordination Can be played almost anywhere Requires virtually no equipment other than sack
* © Copyright 2013 viaForensics, LLC. Proprietary Information. MOBILE SECURITY
*© Copyright 2013 viaForensics, LLC. Proprietary Information.
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Category # apps reviewed Finance 10 Lifestyle 11 Productivity 6 Travel 5 Social Networking 6 Security 6 Other 6 APP SELECTION Apps were selected based on popularity, number of downloads, or potential sensitivity of data Approximately 50 apps have been reviewed and organized into categories
*© Copyright 2013 viaForensics, LLC. Proprietary Information. APP TESTING RESULTS % With Issues 100% ~80% ~30% ~50% ~15% Stored Username Stored Password Medium or High Risk Failed MITM Stored Username Stored Password Other Risks Failed MiTM
*© Copyright 2013 viaForensics, LLC. Proprietary Information.
*© Copyright 2013 viaForensics, LLC. Proprietary Information. The "Rules" of Hacking 1. Cannot serve to self 2. Cannot say, "Sorry" 3. Cannot use hands A Hack is one complete time around circle
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO — Business and personal task management app iOS and Android — Millions of users — Many vulnerabilities, no response from company — https://viaforensics.com/mobile-security/security-vulnerabilities-anydo-android.html
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Forensics — Locate Any.DO app directory <path-to-backup>/var/mobile/Applications/com.anydo.AnyDO — Examine binary plist file (Library/Preferences) file com.anydo.AnyDO.plist -> Apple binary property list — Convert binary plist plutil -i com.anydo.AnyDO.plist -o com.anydo.AnyDO.plist.xml — vi com.anydo.AnyDO.plist.xml
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Forensics
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Memory — SSH into iPhone iproxy ; ssh — Find app PID ps -ef | grep <app-name> — Dump RAM using gdb Script to extract RAM — Extract and analyze scp ; grep
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Memory
*© Copyright 2013 viaForensics, LLC. Proprietary Information. The Kicks and Tricks
* © Copyright 2013 viaForensics, LLC. Proprietary Information. MOBILE MALWARE ANALYSIS
*© Copyright 2013 viaForensics, LLC. Proprietary Information. Bad News — Android Malware, masquerades as an innocent advertising network — Packaged in many legitimate apps, usually targeting the Russian market — Has ability to download additional apps, and prompts the user to install them, posing as "Critical Updates". Uses this mechanism to spread known malware, typically Premium Rate SMS fraud. — For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/the- bearer-of-badnews-malware-google-play/
*© Copyright 2013 viaForensics, LLC. Proprietary Information. apktool — apktool is a tool for reverse engineering Android apk, it disassembles the code to .smali files, decoding also the resources contained into the apk. — It can also repackage the applications after you have modified them. — We can run it on a Badnews sample: — $ apktool d ru.blogspot.playsib.savageknife.apk savage_knife_apktool/ I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /home/santoku/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values */* XMLs... I: Done. I: Copying assets and libs… Source: https://code.google.com/p/android-apktool/
* © Copyright 2013 viaForensics, LLC. Proprietary Information. apktool -> smali — We can grep for known sensible method calls and strings — $ grep -R getDeviceId . ./smali/com/mobidisplay/advertsv1/AdvService.smali: invoke-virtual {v1}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String; — $ grep -R BOOT_COMPLETED . ./AndroidManifest.xml: <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> ./AndroidManifest.xml: <action android:name="android.intent.action.BOOT_COMPLETED" /> ./smali/com/mobidisplay/advertsv1/BootReceiver.smali: const-string v2, "android.intent.action.BOOT_COMPLETED"
* © Copyright 2013 viaForensics, LLC. Proprietary Information. apktool -> smali — We can manually analyze the disassembled smali code provided by apktool. — For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application.
*© Copyright 2013 viaForensics, LLC. Proprietary Information. BadNews Malware Sample -> Dex2Jar -> JD-GUI Contagio MiniDump Malware Repository contagiominidump.blogspot.com
*© Copyright 2013 viaForensics, LLC. Proprietary Information. A LITTLE HELP, PLEASE. — HOWTOs — New/existing tool development — .deb package maintenance — Forums, spreading the word
*© Copyright 2013 viaForensics, LLC. Proprietary Information. https://santoku-linux.com @SantokuLinux @viaForensics DON'T PANIC

Recommended

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 

Recommended

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...CODE BLUE
 
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판Minseok(Jacky) Cha
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015Clare Nelson, CISSP, CIPP-E
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Minseok(Jacky) Cha
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsAlison Gianotto
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safePrayukth K V
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beingszekivazquez
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
LonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteLonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteAlison Gianotto
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 

More Related Content

What's hot

[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...CODE BLUE
 
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판Minseok(Jacky) Cha
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Minseok(Jacky) Cha
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsAlison Gianotto
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safePrayukth K V
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beingszekivazquez
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
LonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteLonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteAlison Gianotto
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 

What's hot (20)

[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
 
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beings
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
LonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteLonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security Keynote
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 

Viewers also liked

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...viaForensics
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in imagesAnge Albertini
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOpenDNS
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationOpenDNS
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search EngineInMobi Technology
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testingSanthosh Kumar
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpointguested929b
 

Viewers also liked (20)

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
sebis research profile
sebis research profilesebis research profile
sebis research profile
 
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile Applications
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
Social Media at NASA, 2012 Edition
Social Media at NASA, 2012 EditionSocial Media at NASA, 2012 Edition
Social Media at NASA, 2012 Edition
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpoint
 

Similar to Via forensics thotcon-2013-mobile-security-with-santoku-linux

Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecNowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTechWell
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataEntefy
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...Webrazzi
 
iPhone Apple iOS backdoors attack-points surveillance mechanisms
iPhone Apple iOS backdoors attack-points surveillance mechanismsiPhone Apple iOS backdoors attack-points surveillance mechanisms
iPhone Apple iOS backdoors attack-points surveillance mechanismsMariano Amartino
 
iOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsiOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsDario Caliendo
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Targeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted AttacksTargeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted AttacksImperva
 

Similar to Via forensics thotcon-2013-mobile-security-with-santoku-linux (20)

Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private data
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Dev...
 
iPhone Apple iOS backdoors attack-points surveillance mechanisms
iPhone Apple iOS backdoors attack-points surveillance mechanismsiPhone Apple iOS backdoors attack-points surveillance mechanisms
iPhone Apple iOS backdoors attack-points surveillance mechanisms
 
iOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsiOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanisms
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Targeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted AttacksTargeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted Attacks
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Via forensics thotcon-2013-mobile-security-with-santoku-linux

  • 1. * © Copyright 2013 viaForensics, LLC. Proprietary Information. Mobile security, forensics & malware analysis with Santoku Linux
  • 2. *© Copyright 2013 viaForensics, LLC. Proprietary Information. IN MEMORY OF Alois Charles Hoog, Sr. (1920 - 2013) Husband Father of 5 Grandfather of 12 Great Grandfather of 9 United States Army Air Corps (Retired) And a true Master Craftsman that any Geek would be proud to call Grandpa We will miss you dearly.
  • 3. *© Copyright 2013 viaForensics, LLC. Proprietary Information. PRESENTER Andrew Hoog (CEO/Co-Founder) Andrew is a published author, computer scientist, and mobile forensic/security researcher. He has several patents pending and does frequent presentations/briefings. Additionally He participated in many hack(y sack) circles in college instead of classes
  • 4. *© Copyright 2013 viaForensics, LLC. Proprietary Information. VIAFORENSICS OVERVIEW viaForensics is a mobile security company founded in 2009. Bootstrapped with ~40 employees and a 10 person dedicated mobile security R&D team Some of our f/oss: YAFFS2 in TSK AFLogical OSE Santoku Linux ...
  • 5. *© Copyright 2013 viaForensics, LLC. Proprietary Information. RECENT CONFERENCES
  • 6. *© Copyright 2013 viaForensics, LLC. Proprietary Information. SANTOKU - WHY? Desktop PC Portable PC Tablet Smartphone # Units Shipped (millions) 2012 Total: 1,201.1 2017 (Projected) Total: 2,250.3 1600 1200 700 200
  • 7. *© Copyright 2013 viaForensics, LLC. Proprietary Information. SANTOKU - WHAT?
  • 8. *© Copyright 2013 viaForensics, LLC. Proprietary Information. SANTOKU - HOW? — Install Lubuntu 12.04 (precise) x86_64 — Santoku-ize it
  • 9. *© Copyright 2013 viaForensics, LLC. Proprietary Information. You should get (after reboot)
  • 10. *© Copyright 2013 viaForensics, LLC. Proprietary Information. A Different Kind of Hacking
  • 11. *© Copyright 2013 viaForensics, LLC. Proprietary Information. The History of Footbag The concept behind footbag – intercepting an object in flight and keeping it airborne by using all parts of the body except the hands and arms is not a new idea. Rather, as surprising as it may seem, the roots of our modern-day kicking game are to be found in ancient Eastern cultures. Shown here are people playing Sepak Takraw in the streets of Malaysia.
  • 12. * © Copyright 2013 viaForensics, LLC. Proprietary Information. MOBILE FORENSICS
  • 13. *© Copyright 2013 viaForensics, LLC. Proprietary Information. FORENSIC ACQUISITION TYPES Logical File system Physical Description Read device data via backup, API or other controlled access to data Use cases Fast Data generally well structured Challenges Often very limited access to data Usually requires unlocked passcode Description Copy of files of file system Use cases More data than logical Re-creating encrypted file system Challenges Requires additional access to device Many file system files not responsive on cases Description Bit-by-bit copy of physical drive Use cases Most forensically sound technique Increases chance of deleted data recovery Challenges Cannot pull hard drive on mobile devices FTL may not provide bad blocks
  • 14. *© Copyright 2013 viaForensics, LLC. Proprietary Information. iOS Logical — Connect device (enter PIN if needed) — ideviceback2 backup <backup dir> — ideviceback2 unback <backup dir> — View backup|unpacked backup
  • 15. *© Copyright 2013 viaForensics, LLC. Proprietary Information. iOS Logical
  • 16. *© Copyright 2013 viaForensics, LLC. Proprietary Information. iPhone Backup Analyzer
  • 17. *© Copyright 2013 viaForensics, LLC. Proprietary Information. The History of Footbag While the co-operative kicking sport has ancient origins from China, Thailand, Native America and nearly every country. Hacky Sack or Footbag, as we know it today, is a modern American sport invented in 1972, by John Stalberger and Mike Marshall of Oregon City, Oregon. Marshall had created a hand-made bean bag, that he was kicking around. Stalberger was recovering from knee surgery and was looking for a fun way to exercise his knees. Together, they called the new game "Hackin' the Sack." The two decided to collaborate and market their new game under the trademark of "Hacky Sack®". Mike Marshall died of a heart attack in 1975, at the age of twenty-eight. John Stalberger continued with the "Hacky Sack" cause and formed the National Hacky Sack Association. He later sold the rights for the Hacky Sack® Footbag to Kransco (operating under the Wham-O label), which also manufactured the Frisbee flying disc.
  • 18. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Android Logical — AFLogical OSE https://github.com/viaforensics/android-forensics — Reads Content Providers — Push to phone, run, store on SD Card — Pull CSVs to Santoku for review
  • 19. *© Copyright 2013 viaForensics, LLC. Proprietary Information. AFLogical OSE
  • 20. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Install, run, extract
  • 21. *© Copyright 2013 viaForensics, LLC. Proprietary Information. The Benefits of Hacking to Hackers What do most hackers do while they're hacking? They sit! You don't need a Ph.D in physiology or biomechanics to know that spending 8-16 hours in a chair is bad for you.
  • 22. *© Copyright 2013 viaForensics, LLC. Proprietary Information. The Benefits of Hacking to Hackers Hacky Sack: Is Cooperative {much more fun in groups} Is Legit Exercise {it will get your blood flowing} Improves overall coordination Can be played almost anywhere Requires virtually no equipment other than sack
  • 23. * © Copyright 2013 viaForensics, LLC. Proprietary Information. MOBILE SECURITY
  • 24. *© Copyright 2013 viaForensics, LLC. Proprietary Information.
  • 25. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Category # apps reviewed Finance 10 Lifestyle 11 Productivity 6 Travel 5 Social Networking 6 Security 6 Other 6 APP SELECTION Apps were selected based on popularity, number of downloads, or potential sensitivity of data Approximately 50 apps have been reviewed and organized into categories
  • 26. *© Copyright 2013 viaForensics, LLC. Proprietary Information. APP TESTING RESULTS % With Issues 100% ~80% ~30% ~50% ~15% Stored Username Stored Password Medium or High Risk Failed MITM Stored Username Stored Password Other Risks Failed MiTM
  • 27. *© Copyright 2013 viaForensics, LLC. Proprietary Information.
  • 28. *© Copyright 2013 viaForensics, LLC. Proprietary Information. The "Rules" of Hacking 1. Cannot serve to self 2. Cannot say, "Sorry" 3. Cannot use hands A Hack is one complete time around circle
  • 29. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO — Business and personal task management app iOS and Android — Millions of users — Many vulnerabilities, no response from company — https://viaforensics.com/mobile-security/security-vulnerabilities-anydo-android.html
  • 30. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Forensics — Locate Any.DO app directory <path-to-backup>/var/mobile/Applications/com.anydo.AnyDO — Examine binary plist file (Library/Preferences) file com.anydo.AnyDO.plist -> Apple binary property list — Convert binary plist plutil -i com.anydo.AnyDO.plist -o com.anydo.AnyDO.plist.xml — vi com.anydo.AnyDO.plist.xml
  • 31. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Forensics
  • 32. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Memory — SSH into iPhone iproxy ; ssh — Find app PID ps -ef | grep <app-name> — Dump RAM using gdb Script to extract RAM — Extract and analyze scp ; grep
  • 33. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Any.DO Analysis - Memory
  • 34. *© Copyright 2013 viaForensics, LLC. Proprietary Information. The Kicks and Tricks
  • 35. * © Copyright 2013 viaForensics, LLC. Proprietary Information. MOBILE MALWARE ANALYSIS
  • 36. *© Copyright 2013 viaForensics, LLC. Proprietary Information. Bad News — Android Malware, masquerades as an innocent advertising network — Packaged in many legitimate apps, usually targeting the Russian market — Has ability to download additional apps, and prompts the user to install them, posing as "Critical Updates". Uses this mechanism to spread known malware, typically Premium Rate SMS fraud. — For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/the- bearer-of-badnews-malware-google-play/
  • 37. *© Copyright 2013 viaForensics, LLC. Proprietary Information. apktool — apktool is a tool for reverse engineering Android apk, it disassembles the code to .smali files, decoding also the resources contained into the apk. — It can also repackage the applications after you have modified them. — We can run it on a Badnews sample: — $ apktool d ru.blogspot.playsib.savageknife.apk savage_knife_apktool/ I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /home/santoku/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values */* XMLs... I: Done. I: Copying assets and libs… Source: https://code.google.com/p/android-apktool/
  • 38. * © Copyright 2013 viaForensics, LLC. Proprietary Information. apktool -> smali — We can grep for known sensible method calls and strings — $ grep -R getDeviceId . ./smali/com/mobidisplay/advertsv1/AdvService.smali: invoke-virtual {v1}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String; — $ grep -R BOOT_COMPLETED . ./AndroidManifest.xml: <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> ./AndroidManifest.xml: <action android:name="android.intent.action.BOOT_COMPLETED" /> ./smali/com/mobidisplay/advertsv1/BootReceiver.smali: const-string v2, "android.intent.action.BOOT_COMPLETED"
  • 39. * © Copyright 2013 viaForensics, LLC. Proprietary Information. apktool -> smali — We can manually analyze the disassembled smali code provided by apktool. — For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application.
  • 40. *© Copyright 2013 viaForensics, LLC. Proprietary Information. BadNews Malware Sample -> Dex2Jar -> JD-GUI Contagio MiniDump Malware Repository contagiominidump.blogspot.com
  • 41. *© Copyright 2013 viaForensics, LLC. Proprietary Information. A LITTLE HELP, PLEASE. — HOWTOs — New/existing tool development — .deb package maintenance — Forums, spreading the word
  • 42. *© Copyright 2013 viaForensics, LLC. Proprietary Information. https://santoku-linux.com @SantokuLinux @viaForensics DON'T PANIC