cyber uc meeting 51
play

Cyber@UC Meeting 51 Reverse Engineering: Android apps and more If - PowerPoint PPT Presentation

Apr 16, 2023 •28 likes •278 views

Cyber@UC Meeting 51 Reverse Engineering: Android apps and more If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content

  1. Cyber@UC Meeting 51 Reverse Engineering: Android apps and more

  2. If You’re New! ● Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) ● Feel free to get involved with one of our committees: ● Content Finance Public Affairs Outreach Recruitment ● Ongoing Projects: Malware Sandboxing Lab ○ ○ Cyber Range RAPIDS Cyber Op Center ○

  3. Announcements ● Welcome back! BSides Cincy THIS SATURDAY bsidescincy.org ● We got access to ERC 516! ● ○ ...but the server racks are the wrong size >.< Also waiting on switches, tables, desktop PCs, etc ○ ● ThinkCyber Fellowship July 13–16 think-cyber.com ● Partnership with Galois in the works

  4. New website ● Soft launched! cyberatuc.org Archive of old meetings now up ● Everyone can contribute: ● github.com/UCyber/cyberatuc.org ● Feedback and contributions welcomed! (pleeeease)

  5. Public Affairs Useful videos and weekly livestreams on YouTube : youtube.com/channel/UCWcJuk7A_1nDj4m-cHWvIFw Follow us for club updates and cybersecurity news: Twitter: @CyberAtUC ● Facebook: @CyberAtUC ● ● Instagram: @CyberAtUC For more info: ucyber.github.io or cyberatuc.org

  6. Weekly Content

  7. NSA exabyte data center ● "Intelligence Community Comprehensive National Cybersecurity Initiative Data Center" 100,000 sq. ft. of data center space in Utah ● Capacity: 3–12 exabytes ● ○ Probably just 3 EB 3 EB ≈ 949 billion copies of Aqua's "Barbie Girl" ● ○ 5 EB ≈ all words ever spoken by human beings ● Cost: ~$1.5 billion Why Utah? ● ○ Room to expand ○ Low utility rates ○ Low potential for natural disasters ○ Easy access to water for cooling

  8. Sources for NSA data center https://en.wikipedia.org/wiki/Utah_Data_Center https://www.zmescience.com/science/how-big-data-can-get/ https://www.theblaze.com/news/2013/07/01/seven-stats-to-know-about-nsas-ut ah-data-center-as-it-nears-completion https://techcrunch.com/2013/07/24/the-nsas-massive-utah-data-center-wont-sto re-anything-close-to-yottabytes-of-data/

  9. NSA phone record surveillance ● NSA collected 534 million call records last year Triple what it collected in 2016 ○ ● Not expected to be indicative of a trend, but a number that fluctuates ● 129,080 individuals subjected to warrantless spying, 20% increase 45% in the last five years ○ https://www.reuters.com/article/us-usa-cyber-surveillance/spy-agency-nsa-triples -collection-of-u-s-phone-records-official-report-idUSKBN1I52FR https://www.cnn.com/2013/06/05/politics/nsa-verizon-records/

  10. Twitter end-to-end encrypted messaging ● Currently in small-scale testing Following example of WhatsApp, iMessage, Facebook Messenger, etc ● Not enabled by default ● ○ Facebook Messenger encryption works this way too No infrastructure for secure storage of keys ● https://thehackernews.com/2018/05/encrypted-twitter-direct-messages.html

  11. gnireenignE esreveR (get it? get it?)

  12. What is gnireenignE esreveR? It’s Reverse Engineering spelled in reverse (Chris thinks he's really funny for adding this slide)

  13. What is Reverse Engineering? Generally: Applying the scientific model to a man-made object rather than a natural ● phenomenon In Cyber: ● Analyzing systems to figure out their insides without always knowing their exact contents (black box)

  14. Reverse Engineering in the News ● Malware Analysis Remote Server Exploitation ● ○ APIs of all sorts ○ Games Protocol Spoofing ● ○ Iran–U.S. RQ-170 incident (Used GPS/GNSS Spoofing)

  15. Common RE Tools - Disassemblers - IDA - OllyDbg - Packet/traffic inspection tools - Wireshark - mitmproxy, Fiddler, Charles - Memory inspectors / editors - Cheat Engine - Process monitors

  16. Our target: Humble Bundle ● I want to automate downloading my vidya games No API... scrape the website? ● ○ But scraping suuuucks Oh, they have an Android app! ●

  17. Decompiling the app ● APK download: humblebundle.com/app (for Play Store apps, use this to get an APK: apps.evozi.com/apk-downloader) ○ ● How can we open it? ● Apktool!

  18. Apktool ● Installation Kali/Ubuntu/Debian: sudo apt-get install apktool ○ macOS: brew install apktool ○ Everyone else: ibotpeaches.github.io/Apktool/install/ ○ ● Basic usage Decompile an app: apktool d MyApp.apk ○ ○ ...that's it!

  19. <demo>

  20. What is Smali? ● Low-level, esque language Basically a text version of Java bytecode ● It's awful, but we don't have to master it ● ○ Just need to be able to sorta-kinda read it

  21. Java vs. Smali public class HelloWorld { . class public LHelloWorld ; public static void main (String[] args) { System.out.println("Hello World!"); . super L java/lang/ Object ; } } . method public static main ([ L java/lang/ String ;) V . registers 2 sget-object v0, L java/lang/ System ;->out:Ljava/io/ PrintStream ; const-string v1, "Hello World!" invoke-virtual {v0, v1}, L java/io/ PrintStream ;-> println ( L java/lang/ String ;) V return-void . end method

  22. <demo>

  23. Postman ● GUI tool for testing APIs and making HTTP requests Much easier than memorizing curl flags ● Download: getpostman.com ●

  24. <demo>

  25. Other approaches/tools ● Intercepting HTTP traffic Web debugging proxies: mitmproxy (universal), Fiddler (Windows), Charles (macOS) ○ ○ Mini demo: Wepa Print App For web apps: your browser's developer tools ● ○ Mini demo: USL players

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent &amp; Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Python Introduction Principles of Programming Languages Colorado School of Mines

Python Introduction Principles of Programming Languages Colorado School of Mines

Python Introduction Principles of Programming Languages Colorado School of Mines https://lambda.mines.edu CSCI-400 Readability focused education, simulations, web scraping... Multi-paradigm Object-oriented Functional Procedural

538 views • 22 slides
Harvesting Image Databases from the Web Dongliang Xu 15th.2.2008 Overview of Text-Vision

Harvesting Image Databases from the Web Dongliang Xu 15th.2.2008 Overview of Text-Vision

Harvesting Image Databases from the Web Dongliang Xu 15th.2.2008 Overview of Text-Vision Image Harvesting Algorithm Rank Image Re-rank Train Filter 'Noise' by by Crawl Data Visual Classifier Text Info Text + Vision Flowchart of

1.39k views • 38 slides
Ioannis Caragiannis University of Patras Joint work with George Krimpas and Alexandros Voudouris

Ioannis Caragiannis University of Patras Joint work with George Krimpas and Alexandros Voudouris

Ioannis Caragiannis University of Patras Joint work with George Krimpas and Alexandros Voudouris massive : available to a large number of people (16-18 million students) online : through the internet/web open : no cost for the

390 views • 26 slides
Exploratory Case Study Research on Web Accessibility Marie-Luise Leitner, Christine Strauss

Exploratory Case Study Research on Web Accessibility Marie-Luise Leitner, Christine Strauss

Exploratory Case Study Research on Web Accessibility Marie-Luise Leitner, Christine Strauss Department of Electronic Business University of Vienna, Austria Funded by the Austrian National Bank, Jubilumsfonds 12461 Overview 1. Asset Web

456 views • 24 slides
Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December

Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December

Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December 2017 OSINT OSINT Google Search VAT numbers OSINT Payments by Ministry of Interior due to transparency law n33/2013 OSINT Google

399 views • 36 slides
Algorithms for Web Indexing and Searching Gerth Stlting Brodal and Rolf Fagerberg Fall 2002 1

Algorithms for Web Indexing and Searching Gerth Stlting Brodal and Rolf Fagerberg Fall 2002 1

Algorithms for Web Indexing and Searching Gerth Stlting Brodal and Rolf Fagerberg Fall 2002 1 Course Motivation How does Google work? 2 Course Motivation How does Google work? How do search engines work? 2 Course Motivation How

364 views • 10 slides
Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Machine Learning and Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine learning, we need data. What if the data contains sensitive information? medical data, web search query data, salary data,

725 views • 15 slides
Amherst College Virtual Lecture Series Global Healthcare for All You CAN Make a Difference Jon

Amherst College Virtual Lecture Series Global Healthcare for All You CAN Make a Difference Jon

Amherst College Virtual Lecture Series Global Healthcare for All You CAN Make a Difference Jon Rohde, M.D. 63 Life Expectancy at birth USA, India, Bangladesh Child Mortality 0-5 years USA, India, Bangladesh Total Fertility Rate (number

221 views • 5 slides

More recommend