Loading…

The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Wednesday, January 31 • 10:30am - 11:20am
Pack your Android: Everything you need to know about Android Boxing

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Abstract
Android malware authors may enforce one or a combination of protection techniques like obfuscators, packers and protectors. This additional step just before publishing the app adds complexity for Android Bouncers and various static, and dynamic code analysis tools. Along with these protection techniques a combination of features such as emulation detection, anti debugging, root detection, tampering detection, anti runtime injection enables malicious application practically makes malicious app go undetected. As a result we have seen a steady increase in the malicious apps published in various Android app stores. ZDNet reported around 1000 spyware mobile apps are published in the official Google Play Store this year alone. These apps may have the capability to monitor almost every action on an infected device. Actions such as taking photos, recording calls, monitoring information about Wi-Fi access point and inspecting user’s web traffic. 
We will focus on all three commonly used Apk protection techniques and how they operate under the hood. For obfuscation, we will demo a tool designed to remove switch case injection, dead code injection, and string encryption and get a readable code. In case of packer talk will showcase avenues to unpack the packer by first finding the algorithm, hooking into libc before packer opens DEX file, dumping DEX from memory. Protectors such as DexProtector mangles code by modifying entry point to loader stub and perform anti-emulation, anti-debug and anti-tampering checks. Protector are easy to patch, one can by attaching cloned process or dump odex and get readable code. By adding these techniques an ethical hacker or Android bouncer can identify many a malicious application published in app store.

Speakers
avatar for Swapnil Deshmukh

Swapnil Deshmukh

Swapnil Deshmukh has over a decade of information technology and information security experience, including technical expertise, leadership, strategy, operational and risk management. Charged with incubating and evangelizing security-driven, context-driven risk management strategies... Read More →



Wednesday January 31, 2018 10:30am - 11:20am
Club Room