I am here in beautiful, sunny Malaga as I gave a talk (I know right!) regarding Android Security at the Symposium for Android Security. My talk was about a new tool McAfee just came out with to help people learning to pen test Android Apps. Hacme Android is an app you install on an emulated device which is inherently flawed so you can do some testing on it (via proxy or decompiling) to see just how broken you can get it. And (even better) there is a How-To guide in case you get flustered/lost so you can eventually get to the intended result. I think it went OK... I didnt trip on my way up the stage so I am already winning. I want to become better at public speaking and I figure the best way is to get up there and chat!
I learned a good deal about Android while writing up my presentation, but not as much as I learned at the conference. The other talks there were awesome, with some pretty amazing and innovative ideas coming out. Some people presented on obfuscation of malware on Android devices, some talked about how to determine if you are running in an emulator or on a real phone (think Blue Pill for Android), and others talked about memory analysis for Android (Iz does not have the slides up yet, but keep checking as he will probably have them up soon!). Did you know you HAVE to be root to obtain full memory dumps from android? Did you know the only way to do that is to exploit the phone? (Is that the same for iPhones?) Imagine trying to explain that in court to a judge and jury.... oh dear! You can view all the presentation topics here, and I think the slides from ALL the presenters will be on the first link (Symposium) soon.
If anything, this conference reminded me that there is no shortage of new things to learn in the computer security field. Be it forensics, pen testing, reverse engineering. It seems like a never ending list in fact, which is both comforting and daunting :) Maybe I will post a blog about my learnings too!
I should mention the link to the Hacme Android Application is now live and operational. If you have any interest in pentesting Android Apps (or potentially seeing how flawed they can be), I recommend taking a look. Whats the harm--- its free!
Some other interesting tools now on my Check-These-Out-List:
I leave you all with a couple of pictures from Malaga, I highly recommend it here. Lovely weather, walkable city, very close to the mountains or beach, and (of course) amazing food and wine :)
A bit of playa y montaña. This was taken from the Malagueta beach. The port (puerto) is very close by, which has some amazing restaurants and good views of all the yachts in the harbour. PROTIP: Go the the Cerveceria La Surena at the port and get a bucket of beer (5) for 3 euros. Que ganga!!
View from the the top of the hill near the Alcazaba. The yellow building is the Ayuntamiento de Málaga.
I learned a good deal about Android while writing up my presentation, but not as much as I learned at the conference. The other talks there were awesome, with some pretty amazing and innovative ideas coming out. Some people presented on obfuscation of malware on Android devices, some talked about how to determine if you are running in an emulator or on a real phone (think Blue Pill for Android), and others talked about memory analysis for Android (Iz does not have the slides up yet, but keep checking as he will probably have them up soon!). Did you know you HAVE to be root to obtain full memory dumps from android? Did you know the only way to do that is to exploit the phone? (Is that the same for iPhones?) Imagine trying to explain that in court to a judge and jury.... oh dear! You can view all the presentation topics here, and I think the slides from ALL the presenters will be on the first link (Symposium) soon.
If anything, this conference reminded me that there is no shortage of new things to learn in the computer security field. Be it forensics, pen testing, reverse engineering. It seems like a never ending list in fact, which is both comforting and daunting :) Maybe I will post a blog about my learnings too!
I should mention the link to the Hacme Android Application is now live and operational. If you have any interest in pentesting Android Apps (or potentially seeing how flawed they can be), I recommend taking a look. Whats the harm--- its free!
Some other interesting tools now on my Check-These-Out-List:
- Android Reverse Engineering (ARE): VM for Android Reverse Engineering
- LiME: Linux Memory Extractor
- DroidBox: Program which analyzes Adroid Applications
I leave you all with a couple of pictures from Malaga, I highly recommend it here. Lovely weather, walkable city, very close to the mountains or beach, and (of course) amazing food and wine :)
A bit of playa y montaña. This was taken from the Malagueta beach. The port (puerto) is very close by, which has some amazing restaurants and good views of all the yachts in the harbour. PROTIP: Go the the Cerveceria La Surena at the port and get a bucket of beer (5) for 3 euros. Que ganga!!
View from the the top of the hill near the Alcazaba. The yellow building is the Ayuntamiento de Málaga.
No comments:
Post a Comment