To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

APKinspector : the alpha release of project 6.

The GUI tool for static analysis of Android malware is ready for an alpha release. For more details regarding this project, check here.

In the alpha release, the following features have been finished.

(1) Show the CFG (control flow graph) for a given method

(2) Show the smali codes for a given method.

(3) Show the Java codes for a given java file.

(4) Show the betecodes for a given method.

(5) Show all strings, methods and classes.

(6) Show the APK's related information.

(7) Drag and zoom in/out the CFG.

DroidBox: alpha release

The Android application sandbox is now ready for an alpha release. Details on how to get DroidBox running are available at the project webpage.

At the moment, the following actions are logged during runtime:

  • File read and write operations
  • Cryptography API activity
  • Opened network connections
  • Outgoing network traffic
  • Information leaks through the following sinks: network, file, sms
  • Attempts to send SMS
  • Phone calls that have been made

Midterm Report: The sniffer and emulator for COM components

By now, what I have done for Capture-HPC is:

Midterm Report: Project.6 Static Analysis of Android Malware

For the forthcoming midterm evaluation of Gsoc2011, I made a lot of progress with the code and now I’m about to publish the alpha release. Before the alpha release is released, I have decided to post a blog to inform everyone about the progress of project 6 (Static Analysis of Android Malware).

Our tool is written by PyQt, which is a great interface to Qt for Python. It is very easy to design the UI by Qt Designer. Qt contains lots of libraries to support pretty UI framework. What’s more, Qt supports cross platform applications.

Figure 1: The main Android Static Analysis UI window

Summary on Webviz Project

The review period is coming and i decided to write an entry to inform about the Webviz project. Till now the first output of the project is a proof of concept work[1] (requires WebGL supported browser, tested on Firefox 5 and Firefox 4, on other browsers i don't guarantee it works fine).

WebGl Globe Visualization for the hpfeeds data

The figure displays the visualized data. The elevations corresponds to the geograpical malware numbers. The more malware detected the higher peeks are represented with changing color.

Forensic Challenge 8 - "Malware Reverse Engineering" - Deadline Extended Again

We are realizing that the Forensic Challenge 8 - "Malware Reverse Engineering" - is really difficult to solve because right now we received just 5 submissions. For this reason we decided to extend the submission deadline again to July 31th.

Those who already submitted a solution before June 30th are granted the possibility to submit again thus taking advantage of this one-month extra time. Moreover a few extra bonus points will be assigned to them.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Forensic Challenge 8 "Malware Reverse Engineering" - 4 days left!

Folks,
Forensic Challenge 8 "Malware Reverse Engineering" put up by Guido Landi and Angelo Dell'Aera from the Sysenter Chapter is in full swing. Submissions are due by June 30th, so if you want to participate, you have 4 days left. We award little prizes for the top three submissions! Hope to see your submission.

Angelo Dell'Aera
The Honeynet Project

DroidBox: testing with Geinimi sample

One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it's possible to uncrypt statically the content, see picture below.

Forensic Challenge 8 - "Malware Reverse Engineering" - Deadline Extended

Taking a look at the first submissions it seems like the Forensic Challenge 8 - "Malware Reverse Engineering" - is quite difficult to solve. For this reason we decided to extend the submission deadline to June 30th.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Lion and iOS 5

Today Apple unveiled the next generation of OS X, Lion and new iOS 5. Among the features, I'm concerned about two features: AriDrop and iCloud.

Syndicate content