Telegram Phishing Campaign Analysis
- Nov 24, 2023...more
Pushing Boundaries - Evaluating device integrity inside the browser [Part 1]
Jun 7, 2023...moreThis is a two part series. Stay tuned for Part 2.
Over the years, I have been involved in developing agent applications for iOS & Android that run on the user’s device to do many things. From mobile device managment to threat defense agent apps. These applications are complicated. They are resource intensive, hard to maintain & harder to distribute. Some enterprise customers are willing to look past these “inconveniences” as endpoint security is vital for their day-to-day operations. Consumers on the other hand have different sets of expectations. Primarily, ease of use & privacy. Most tech-savvy (normies included;)) individuals don’t like to install an app that “Scans” their device. Trust is expensive and I have paid the price in many ways trying to explain away the problem and trying to convince users of the benefit. It doesn’t always work.
Is detecting mobile compromise a losing game?
Aug 17, 2022...moreDetecting mobile compromise is not easy. Mobile OSs put heavy restrictions on what can be done by an app or analysis tool. Even though the intention is good, it limits the available options for blue team engineers to evaluate and protect the device. Over the years sophisticated tools like MagikHide, LibertyOS, HideJB, etc have found ways of masking root & jailbreak making detection even harder.
Introducing Pwned Report
May 30, 2022...moreIn this post, I will give introduction to Pwned Report. A side project I have been working on that scans your device for vulnerability or suspected compromise. More than ever, people are aware attackers can take over their devices using sophisticated methods. But, it’s mere suspicion for most. Phrases like my phone going haywire, some app is eating my data, my battery is not lasting long, etc are potential signs of compromise either by malware or an unauthorized party.
The curious case of banking trojans
Jul 10, 2021...moreBanking trojans are a class of trojans that target financial apps to steal user’s credentials to commit some kind of banking fraud. Different trojans employ different kinds of techniques to trick users into providing their credentials.
Decentralized threat hunting with Polyswarm
Apr 25, 2021...moreHunting malware has largely been about a specific vendor. Symantec, Lookout and the likes develop different engines capable of detecting malware samples. They do this either by looking up the hash of the file on their database or detonating it in a secure VM and observing the results.