All the network is a stage, and the APKs merely players: Scripting Android Applications
Wednesday, November 20 • 12:00 pm - 12:50 pm
The existance of open well defined APIs for many popular websites has been a boon to spammers, but as they have grown in popularity the operators have begun to care more about the integrity of the network. 3rd party access to these APIs is becoming increasingly restricted, while at the same time desires for a frictionless mobile experience have led to much looser restriction in their own applications.
We'll leverage this, along with the ability to load and execute Android APKs within JRuby sessions to create and control a social botnet.
Beginning with a brief overview of tools for disassembling, understanding, modifying, and rebuilding APKs. We will then move onto scripting portions of the application in a JRuby session, along the way covering key recovery, bypassing custom cryptographic routines, and general exploration of the code in a dynamic environment.
We'll conclude with leveraging what we've discovered to create and control thousands of accounts. Building on available information sources, such as the US census, and streams provided by the targetted network itself these accounts will have realistic characteristics and interact with the network in believable ways.
Speaker:
Daniel Peck
Baythreat 2012 - Dynamic Analysis and Exploration of Android Apps
BSides Atlanta 2012 - Dynamic Analysis and Exploration of Android Apps
Infosecurity Belgium 2012 - Friend of Foe, who wants to be your friend on Facebook and Twitter
Source Boston 2012 - Fakebook: Attackers' use of Fake Profiles and Apps
Baythreat 2011 - Analyzing Social Networks for Security Data - A Brief Overview of My Findings and Thoughts on Building Your Own Toolkit
GOVCERT.NL Symposium 2011 - Collecting Eyeballs: Measuring and Analyzing Malicious On Twitter and Facebook
BSides Atlanta 2011 - Security Consequences, Thinning the Herd
Hacker Halted 2011 - Collecting Eyeballs : Measuring And Analyzing Malicious Activity On Twitter And Facebook
NinjaCon 11 - The Dark Side of Social Media: Measuring & Malicious Activity On Twitter and Facebook
Appsec Europe 2011 - Measuring and Analyzing Malicious Activity On Twitter
RSA USA 2011 - The Dark Side of Twitter
BSides San Francisco 2011 - Lessons Learned From Running a Bug Bounty Program
Baythreat 2010 - Future Proofing The Botnet
BSides Atlanta 2010 - Demystifying Web Malware
SCADA Security Scientitfic Symposium (S4) 2010 - Comparative Anaylsis of Embedded Operating Systems in Control System Devices
SCADA Security Scientitfic Symposium (S4) 2009 - Leveraging Ethernet Card Vulnerabilities in Field Devices
Defcon 14 - Caffeine Monkey. Automated Collection, Detection and Analysis of Malicious JavaScript
Blackhat USA 2007 - Caffeine Monkey. Automated Collection, Detection and Analysis of Malicious JavaScript
Daniel Peck serves as Principal Research Scientist at Barracuda Labs, the research and threat analysis division of Barracuda Networks. In this role, he studies the security implications of and malicious messaging various mediums including social networks. Peck has a Bachelor’s of Science in Computer Science from the Georgia Institute of Technology.