This is good. Enjoy!..
https://viaforensics.com/files/viaforensics-42-best-practices-secure-dev.pdf

ORGANIZATION

Active members: - Sébastien Tricaud - Guillaume Arcas - Anthony Desnos - Franck Guénichot - François-René Hamelin - Christophe Grenier

DEPLOYMENTS We have following technologies deployed:

- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data. - HoneyProxy on honeycloud. - Honeeebox

RESEARCH AND DEVELOPMENT

* New tools => HoneyProxy as part of GSoC 2012. => FAUP (formerly furl) => OpenNormalizer => PhotoRec/TestDisk => A.R.E. / AndroGuard

The updated version of APKInspector is a powerful static analysis tool for Android Malicious applications. It provide convenient and various features for smartphone security engineers. With the sensitive permission analysis, static instrumentation and easy-to-use graph-code interaction .etc, they can get a thorough and deep understanding of the malicious applications on Android. The improvement mainly focus on two categories: User Interface and Security Analysis. The goal is to build an easy-to-use tool with strong security analysis features. For the UI part, we made the following progress: 1) Automatically installation In last version, user need to install many packages APKInspector depended on in order to run this tool which might be an obstacle for the widely distribution of APKInspector. With the updated version, user only have to run a script to install the tool. 2）Fine-grained Graph View to Source View The new version of APKInspector have fine-grained graph-code interaction. In the past, we only provide the interaction at the block level, now we can identify each phase of the code. It supports instruction level interaction between graph view and code view now.

AREsoft-updater is a simple updater script for Android Reverse Engineering Software belongs to Android Reverse Engineering (A.R.E.) Virtual Machine from the Honeynet Project

AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E

AREsoft-updater also support the latest (recently released) DroidBox for Android 2.3 and APIMonitor

I’m announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor.

DroidBox for Android 2.3

Based on TaintDroid 2.3, I’ve ported DroidBox to support Android 2.3 and fixed some bugs.

• Download bata version: http://droidbox.googlecode.com/files/DroidBox23.tar.gz
• Source code repository: https://github.com/kelwin

Usage is same with the previous version. You can check the project page.

The Honeynet Project is happy to announce the release of the Android Reverse Engineering (A.R.E.) Virtual Machine.

Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.

Tools currently found on A.R.E. are:

As the deadline of GSOC has passed, I would like to announce the APKinspector Beta1.0. APKinspector is a tool to help Android application analysts and reverse engineers to analyze the compiled Android packages and their corresponding codes. You can review the Alpha version report and the page of this project to know more about it.

Click the picture below to watch a full demonstration video of APKInspector:

Chinese viewers may view the demo at: http://v.youku.com/v_show/id_XMjk3ODAwMzU2.html

The GUI tool for static analysis of Android malware is ready for an alpha release. For more details regarding this project, check here.

In the alpha release, the following features have been finished.

(1) Show the CFG (control flow graph) for a given method
(2) Show the smali codes for a given method.
(3) Show the Java codes for a given java file.
(4) Show the betecodes for a given method.
(5) Show all strings, methods and classes.
(6) Show the APK’s related information.
(7) Drag and zoom in/out the CFG.
(8) Modify the content of nodes in the CFG.

For the forthcoming midterm evaluation of Gsoc2011, I made a lot of progress with the code and now I’m about to publish the alpha release. Before the alpha release is released, I have decided to post a blog to inform everyone about the progress of project 6 (Static Analysis of Android Malware).

Our tool is written by PyQt, which is a great interface to Qt for Python. It is very easy to design the UI by Qt Designer. Qt contains lots of libraries to support pretty UI framework. What’s more, Qt supports cross platform applications.

One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it’s possible to uncrypt statically the content, see picture below.

But it’s very easy to do that because the key is not well hidden, so an approach by using dynamic analysis will be more interesting with complex samples. This first real-world sample analysis was carried out to specifically test the crypto API logging.