Android & Elastic Beats
- Feb 26, 2021...more
- Nov 19, 2020...more
Personal devices are ubiquitous. We carry them around everywhere we go and give them unprecedented access to our private/sensitive information. Where we work, live & sleep, etc. Tech giants like Google and Facebook have found ways to aggregate this information and sell it to different companies in search of potential customers. Data collection is a big part of this process. Google with its Android ecosystem is in a unique position to control this flow of data between our devices and its servers. Apple in its part controls the same with its iOS platform. On top of these platforms, third-party developers publish different apps that collect their copy of our private information and accumulate it on their own servers (E.g. Facebook) or send it to Advertising companies. To make matters worse, data broker companies aggregate data from various sources and sell back “enhanced” data to customers looking to advertise their products.
- Aug 18, 2020...more
Almost all mobile apps are designed to run natively on our mobile phones without the need to add any virtualization software. The underlining OS handles resources and the necessary infrastructure to run apps securely. In Android, every app is assigned a unique UID upon process initialization providing it an isolated view of the system and protection not to interfere with other apps and data.
- Jul 4, 2019...more
Two weeks ago I had a hunch that some Malwares were being distributed through phishing URLs/links. The process involves analyzing phishing feeds from known sources (openphish/phishtank) and loading them up on headless chrome to see if I can find APK/IPA link or official store links that might be affiliated to the attackers.
- Jun 1, 2018...more
Malware analysis has always been a game of who knows what. A typical vendor will analyze a given sample and try to predict whether its harmful or not. Vendors will try to accumulate threat data from various sources to strength their ability to make high accurate predictions. These include, collecting malware samples, deploying honeypot to lure attackers in, etc. This will help them build the following
- Signature/hash database - Collection of known samples. Some companies go even further by using tools like ssdeep (https://ssdeep-project.github.io/ssdeep/index.html). This will help detect malware derivatives of known samples.
- Machine learning models - sophisticated models to predict an unknown sample.
- May 14, 2018...more
Drop in your mobile app for static analysis. We will perform automated analysis to extract detailed information. App Signer information, permission usage, method calls, third party libraries and others.
Create your own yara rules to see if an app binary matches your defined patterns. Or select other rules prepared by hackers, penentration testers and security specialists.
Hundreds of yara rules to catch
- Fake apps
- & APT sources