Dex Education: Practicing safe Dex

Channel:
United States All Hacking Cons
Subscribers:
6,410
Published on ● Video Link: https://www.youtube.com/watch?v=yS6JHD06BbY


Duration: 43:54
7 views
0

In an ecosystem full of potentially malicious apps, you need to be careful about the tools you use to analyze them. Without a full understanding of how the Android Dalvik VM or dex file interpreters actually work, it's easy for things to slip through the cracks. Based on learnings from the evolution of PC-based malware, it's clear that someone, somewhere will someday attempt to break the most commonly used tools for static and dynamic analysis of mobile malware. So we set out to see who was already breaking them and how, then, how we could break them more.

We've taken a deep dive into Android's dex file format that has yielded interesting results related to detection of post-compilation file modification. After deconstructing some of the intricacies of the dex file format, we turned our attention to dex file analysis tools themselves, analyzing how they parse and manage the dex format. Along the way we observed a number of easily exploitable functionality, documenting specifically why they fail and how to fix them. From this output we've developed a proof of concept tool - APKfuscator - that shows how to exploit these flaws. It's our hope that it can be a tool that helps everyone practice safe dex.
Presented By:
Timothy Strazzere
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-30There's a party at ring0 Tavis Ormandy, Julien Tinnes
2021-12-30Ushering in the post GRC world applied threat modeling Alex Hutton, Allison Miller
2021-12-30USB Paul carugati
2021-12-30The future of DNS Security Panel
2021-12-30CuteCats exe and the Arab Spring
2021-12-30Hacking the Corporare Mind: using social engineering tactics to improve organizational security
2021-12-30Legal Aspects of Cyberspace Operations
2021-12-30Meeting Yaniv Karta
2021-12-30A stitch in time saves nine: A Case of Multiple Operation System Vurnarability
2021-12-30Hacking with WebSockets
2021-12-30Dex Education: Practicing safe Dex
2021-12-30Dont stand so close to me: an analysis of the NFC attack surface
2021-12-30Looking into the Eye of the Meter
2021-12-30Errata Hits Puberty: 13 years of chagrin
2021-12-30Hardware Backdooring is practical
2021-12-30Package Clone Detection
2021-12-30Evasion of Webapplication
2021-12-30MAC EFI Rootkits
2021-12-30Passive Bluetooth Monitoring
2021-12-30HTML5 Threats
2021-12-30Exchanging Demands


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
concept
protection
network
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Timothy Strazzere
Dex