SlideShare a Scribd company logo

Analysis of android apk using adhrit by Abhishek J.M

Download as PPTX, PDF
C
Cysinfo Cyber Security Community

Analysis of android apk using adhrit by Abhishek J.M

Software
1 of 18
Team bi0s Amrita Center for Cybersecurity, Amritapuri Analysis of Android APK using Adhrit Abhishek J M bi0s | Cysinfo
Team bi0s Amrita Center for Cybersecurity, Amritapuri self.me /> → Android security aficionado → Member @ Team bi0s | Cysinfo → CTF enthusiast → Open source love! → Workshops - CTFs - Meetups - Sleep → From Amrita Vishwa Vidyapeetham and India’s #1 CTF team.
Team bi0s Amrita Center for Cybersecurity, Amritapuri Really? Android Security? But, Why?
Team bi0s Amrita Center for Cybersecurity, Amritapuri Source: businesstoday.in Source: zdnet.com
Team bi0s Amrita Center for Cybersecurity, Amritapuri
Team bi0s Amrita Center for Cybersecurity, Amritapuri Issues? → High obfuscation == Bouncer escape → Third-party sources with malwares → Benign vs masked-benign → Write it in C++, and leave them miles behind from analysis → Just applications? How about 3xpl0its?
Team bi0s Amrita Center for Cybersecurity, Amritapuri What Next?
Team bi0s Amrita Center for Cybersecurity, Amritapuri Motivation → Make a thorough analysis process → Automate redundant tasks → Have the freedom to render intermediate results manually → Extract only as much as needed → Easy tailoring
Team bi0s Amrita Center for Cybersecurity, Amritapuri Adhrit CTFs | Analysis
Team bi0s Amrita Center for Cybersecurity, Amritapuri The APK Lifecycle
Team bi0s Amrita Center for Cybersecurity, Amritapuri Reminder! .java R.java res/* Manifest javac .jar classes.dex dx Manifest bin aapt
Team bi0s Amrita Center for Cybersecurity, Amritapuri What Is This? → Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike → An effort to simplify the reversing and analysis process → Long-term and subject to continual updation → Built with many little wonderful open source libraries and tools <3 → Isolated tools from Android SDK → Open source and licensed under GPLv3 →
Team bi0s Amrita Center for Cybersecurity, Amritapuri What Can It Do? → Extract source in both Java and smali → Extract manifest details → Check for malware footprints → Check for native libraries → Dump the disassembly of the shared objects/libraries → Check for simple bytecode injections → Extract certificate details
Team bi0s Amrita Center for Cybersecurity, Amritapuri Demo
Team bi0s Amrita Center for Cybersecurity, Amritapuri Where Can I Use It? (examples) → Certificate unipinning → Simple edits in the APK. (Bytecode injections) → A quick overview of the APK → Check if it’s already on malware databases → Reusage of the isolated tools (saves a lot of time!)
Team bi0s Amrita Center for Cybersecurity, Amritapuri Precisely For? → APK reversing beginners → Reversing enthusiasts with minimal requirements → Intermediate results → CTFs → Malware analysis
Team bi0s Amrita Center for Cybersecurity, Amritapuri Season 2 → Dynamic analysis → More specific pattern searches (URL, API keys etc.) → SSL pinning identification → Log dive → MonkeyRunner to simulate clicks → Network connection dump → Suggestions always welcome :)
Team bi0s Amrita Center for Cybersecurity, Amritapuri References → github.com/abhi-r3v0/Adhrit → blog | bi0s → Dissecting Google Bouncer → Smali Code Injection

Recommended

Cryptographic misuse in android applications
Cryptographic misuse in android applicationsCryptographic misuse in android applications
Cryptographic misuse in android applicationsAashish R
 
Cryptographic misuse
Cryptographic misuseCryptographic misuse
Cryptographic misuseAashish R
 
Ncc hackers session 4
Ncc hackers session 4Ncc hackers session 4
Ncc hackers session 4Jemma Davis
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDario Incalza
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00srini0x00
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 

Recommended

Cryptographic misuse in android applications
Cryptographic misuse in android applicationsCryptographic misuse in android applications
Cryptographic misuse in android applicationsAashish R
 
Cryptographic misuse
Cryptographic misuseCryptographic misuse
Cryptographic misuseAashish R
 
Ncc hackers session 4
Ncc hackers session 4Ncc hackers session 4
Ncc hackers session 4Jemma Davis
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDario Incalza
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00srini0x00
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shapidays
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionDatabricks
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)Riddhi Shree
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defenseDATA SECURITY SOLUTIONS
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hackingAbhinav Mishra
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)OWASP Delhi
 
Super1
Super1Super1
Super1neelakanteswarreddy
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...DevClub_lv
 
Elastic user group London nov 2019
Elastic user group London nov 2019Elastic user group London nov 2019
Elastic user group London nov 2019Andrey Bezverkhiy
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUTNahidul Kibria
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 
Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K ACysinfo Cyber Security Community
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviCysinfo Cyber Security Community
 

More Related Content

Similar to Analysis of android apk using adhrit by Abhishek J.M

Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shapidays
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionDatabricks
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)Riddhi Shree
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hackingAbhinav Mishra
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)OWASP Delhi
 
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...DevClub_lv
 
Elastic user group London nov 2019
Elastic user group London nov 2019Elastic user group London nov 2019
Elastic user group London nov 2019Andrey Bezverkhiy
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 

Similar to Analysis of android apk using adhrit by Abhishek J.M (20)

Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat Detection
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hacking
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)
 
Super1
Super1Super1
Super1
 
Bsides
BsidesBsides
Bsides
 
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...
 
Elastic user group London nov 2019
Elastic user group London nov 2019Elastic user group London nov 2019
Elastic user group London nov 2019
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
 

More from Cysinfo Cyber Security Community

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K ACysinfo Cyber Security Community
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviCysinfo Cyber Security Community
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKCysinfo Cyber Security Community
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiCysinfo Cyber Security Community
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaCysinfo Cyber Security Community
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aCysinfo Cyber Security Community
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoCysinfo Cyber Security Community
 

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack XXE - XML External Entity Attack
XXE - XML External Entity Attack
 

Recently uploaded

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 

Recently uploaded (20)

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 

Analysis of android apk using adhrit by Abhishek J.M

  • 1. Team bi0s Amrita Center for Cybersecurity, Amritapuri Analysis of Android APK using Adhrit Abhishek J M bi0s | Cysinfo
  • 2. Team bi0s Amrita Center for Cybersecurity, Amritapuri self.me /> → Android security aficionado → Member @ Team bi0s | Cysinfo → CTF enthusiast → Open source love! → Workshops - CTFs - Meetups - Sleep → From Amrita Vishwa Vidyapeetham and India’s #1 CTF team.
  • 3. Team bi0s Amrita Center for Cybersecurity, Amritapuri Really? Android Security? But, Why?
  • 4. Team bi0s Amrita Center for Cybersecurity, Amritapuri Source: businesstoday.in Source: zdnet.com
  • 5. Team bi0s Amrita Center for Cybersecurity, Amritapuri
  • 6. Team bi0s Amrita Center for Cybersecurity, Amritapuri Issues? → High obfuscation == Bouncer escape → Third-party sources with malwares → Benign vs masked-benign → Write it in C++, and leave them miles behind from analysis → Just applications? How about 3xpl0its?
  • 7. Team bi0s Amrita Center for Cybersecurity, Amritapuri What Next?
  • 8. Team bi0s Amrita Center for Cybersecurity, Amritapuri Motivation → Make a thorough analysis process → Automate redundant tasks → Have the freedom to render intermediate results manually → Extract only as much as needed → Easy tailoring
  • 9. Team bi0s Amrita Center for Cybersecurity, Amritapuri Adhrit CTFs | Analysis
  • 10. Team bi0s Amrita Center for Cybersecurity, Amritapuri The APK Lifecycle
  • 11. Team bi0s Amrita Center for Cybersecurity, Amritapuri Reminder! .java R.java res/* Manifest javac .jar classes.dex dx Manifest bin aapt
  • 12. Team bi0s Amrita Center for Cybersecurity, Amritapuri What Is This? → Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike → An effort to simplify the reversing and analysis process → Long-term and subject to continual updation → Built with many little wonderful open source libraries and tools <3 → Isolated tools from Android SDK → Open source and licensed under GPLv3 →
  • 13. Team bi0s Amrita Center for Cybersecurity, Amritapuri What Can It Do? → Extract source in both Java and smali → Extract manifest details → Check for malware footprints → Check for native libraries → Dump the disassembly of the shared objects/libraries → Check for simple bytecode injections → Extract certificate details
  • 14. Team bi0s Amrita Center for Cybersecurity, Amritapuri Demo
  • 15. Team bi0s Amrita Center for Cybersecurity, Amritapuri Where Can I Use It? (examples) → Certificate unipinning → Simple edits in the APK. (Bytecode injections) → A quick overview of the APK → Check if it’s already on malware databases → Reusage of the isolated tools (saves a lot of time!)
  • 16. Team bi0s Amrita Center for Cybersecurity, Amritapuri Precisely For? → APK reversing beginners → Reversing enthusiasts with minimal requirements → Intermediate results → CTFs → Malware analysis
  • 17. Team bi0s Amrita Center for Cybersecurity, Amritapuri Season 2 → Dynamic analysis → More specific pattern searches (URL, API keys etc.) → SSL pinning identification → Log dive → MonkeyRunner to simulate clicks → Network connection dump → Suggestions always welcome :)
  • 18. Team bi0s Amrita Center for Cybersecurity, Amritapuri References → github.com/abhi-r3v0/Adhrit → blog | bi0s → Dissecting Google Bouncer → Smali Code Injection