framework
play

Framework Blackhat USA 2014 Arsenal Jake Valletta August 07, 2014 - PowerPoint PPT Presentation

Dec 04, 2022 •324 likes •483 views

Android Device Testing Framework Blackhat USA 2014 Arsenal Jake Valletta August 07, 2014 https://github.com/jakev/dtf Who Am I Consultant at Mandiant/FireEye Mobile security research and tool development

  1. Android Device Testing Framework Blackhat USA 2014 Arsenal Jake Valletta August 07, 2014 https://github.com/jakev/dtf

  2. Who Am I • Consultant at Mandiant/FireEye • Mobile security research and tool development – www.thecobraden.com/projects/ – www.github.com/jakev/ • @jake_valletta Blackhat USA 2014 https://github.com/jakev/dtf 2

  3. What is dtf? • “Android Device Testing Framework” – Modular and extendable • Written in Python and Bash • Not a vulnerability scanner • Think of it as “lead generation” • Someone hands you a phone – Where are the vulnerabilities? Blackhat USA 2014 https://github.com/jakev/dtf 3

  4. Example Vulnerabilities • Information disclosure – Can a malicious application or user “pillage” system or personal data? • Privilege escalation – Can a malicious application or user escalate their privileges on the device? • Denial of service – Can a malicious application cause denial of service like conditions to a device? Blackhat USA 2014 https://github.com/jakev/dtf 4

  5. What it does Out of the Box • Not much. • Provides project management • Package installer and module support – Modules perform all the exciting functionality! – dtf <module_name> Blackhat USA 2014 https://github.com/jakev/dtf 5

  6. Modules? • Python or Bash scripts • I’ll be releasing my collection of modules for testing • Can also write your own  Blackhat USA 2014 https://github.com/jakev/dtf 6

  7. My Modules… • Collect information from device • Unpack data and process into databases • Provide APIs and modules to interact with the data • sysapps.db • frameworks.db • dev.db • services.db • appdexdbs/*.db • frameworkdexdbs/*.db • APK Files • Framework files • Disassemble DEX • Binaries • Decode manifests • System Libraries • Unpack resources Blackhat USA 2014 https://github.com/jakev/dtf 7

  8. What’s the Goal? • Rapidly answer the questions: – What changed in Android Open-Source Project (AOSP) applications? – What is exposed in new OEM/carrier applications? Blackhat USA 2014 https://github.com/jakev/dtf 8

  9. Blackhat Setup • Two test devices – ZTE Open C with ZTE Kit Kat 4.4.2 – Amazon Kindle HD with “ FireOS 3.0” • Physical access • USB Debugging enabled • No root access Blackhat USA 2014 https://github.com/jakev/dtf 9

  10. Demos! Blackhat USA 2014 https://github.com/jakev/dtf 10

  11. Closing Thoughts • Device OEMs and carriers have a lot to learn – 1999 style issues • Issues are extremely apparent, given the correct tools • Be careful how much trust you put in your device! Blackhat USA 2014 https://github.com/jakev/dtf 11

  12. Future Plans • Remove Bash dependency • Cross-platform support • Continue to release modules and expand functionality – More automation? – GUI? Blackhat USA 2014 https://github.com/jakev/dtf 12

  13. Questions? https://github.com/jakev/dtf

  14. Contact • Twitter: @jake_valletta • Email: javallet@gmail.com • Site: www.thecobraden.com • Blog: blog.thecobraden.com • GitHub: www.github.com/jakev/dtf Blackhat USA 2014 https://github.com/jakev/dtf 14

  15. Thanks! https://github.com/jakev/dtf

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Play Framework One Web Framework to rule them all Felix Mller Agenda Yet another web

Play Framework One Web Framework to rule them all Felix Mller Agenda Yet another web

Play Framework One Web Framework to rule them all Felix Mller Agenda Yet another web framework? Introduction for Java devs Demo Summary Yet another web framework? Yet another web framework? Why do we need another web framework?

656 views • 31 slides
GCC VAT Framework 6 member state, GCC Framework expected to be released shortly Minimum turnover

GCC VAT Framework 6 member state, GCC Framework expected to be released shortly Minimum turnover

Are you VAT ready ! VAT Readiness Presentation 17 April 2017 This presentation is intended for MCA Clients only, consent should be obtained from MCA prior to further circulation and distribution. GCC VAT Framework 6 member state, GCC Framework

803 views • 24 slides
A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b.

A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b.

A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b. Vulnerability Analysis c. Exploitation 2. Life Hack 3. A word to the wise history | grep -v infosec history | grep -v infosec How did I recareer into

697 views • 21 slides
April 2009 Wes J. Lloyd 1 Framework Invasiveness Coupling between application code and

April 2009 Wes J. Lloyd 1 Framework Invasiveness Coupling between application code and

April 2009 Wes J. Lloyd 1 Framework Invasiveness Coupling between application code and framework code Use of framework functions/methods Use of framework specific data types Implementation of framework interfaces Extension of

605 views • 39 slides
Northeast Conservation h Framework Framework What is it and why do we need it? National LCC

Northeast Conservation h Framework Framework What is it and why do we need it? National LCC

Northeast Conservation h Framework Framework What is it and why do we need it? National LCC Workshop Denver CO Denver CO March 2012 Northeast Conservation Framework Framework History Context Future Future NA Landscape

635 views • 38 slides
A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano

A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano

A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano Cervesato - Frank Pfenning Department of Computer Science Carnegie Mellon University 11 th IEEE Symposium on Logic in Computer Science New

587 views • 30 slides
DPS framework DNSSEC Policy and Practice Statement framework

DPS framework DNSSEC Policy and Practice Statement framework

DPS framework DNSSEC Policy and Practice Statement framework draft-ietf-dnsop-dnssec-dps-framework-01 !&quot;#$&quot; Authors Fredrik Ljunggren, Kirei AB Anne-Marie Eklund Lwinder, .SE Tomofumi Okubo, VeriSign !&quot;#$&quot; Kirei AB 10

236 views • 10 slides
What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

Correspondence on The Logical Framework Approach Developed for SNV PARTNERS 14-18 July 2008 Supported by SNV Zimbabwe Compiled by: What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

653 views • 34 slides
What is the THRIVE Framework for system change? The THRIVE Framework for system change (Wolpert et

What is the THRIVE Framework for system change? The THRIVE Framework for system change (Wolpert et

What is the THRIVE Framework for system change? The THRIVE Framework for system change (Wolpert et al., 2019) is a conceptual framework for children and young peoples mental health and wellbeing developed by a collaboration of authors from the

633 views • 4 slides
the EU framework programme for research and innovation The Multiannual Financial Framework

the EU framework programme for research and innovation The Multiannual Financial Framework

the EU framework programme for research and innovation The Multiannual Financial Framework 2014-2020: Commissions proposals of 29 June 2011 1. Smart &amp; inclusive growth (491bn) Horizon Education, Competitive Connecting Cohesion

639 views • 19 slides
National Civil Engineering &amp; Infrastructure Framework Roger Steeper Framework Manager

National Civil Engineering &amp; Infrastructure Framework Roger Steeper Framework Manager

National Civil Engineering &amp; Infrastructure Framework Roger Steeper Framework Manager Agenda Scape Group Scape Procure Regional Focus Civils Framework Supply Chain &amp; SME Engagement Re-procurement Q&amp;A

492 views • 22 slides
A Framework for Grow th in Turbulent Times Based on the Profit from the Core growth framework

A Framework for Grow th in Turbulent Times Based on the Profit from the Core growth framework

A Framework for Grow th in Turbulent Times Based on the Profit from the Core growth framework by Bain &amp; Company Presented by Kevin Johnson, CEO of Agenda Who is Warehouse Direct? Adjacency Growth Framework: What? &amp; Why?

759 views • 21 slides
University of Richmond Career Framework Agenda Project Status What is a Career Framework?

University of Richmond Career Framework Agenda Project Status What is a Career Framework?

University of Richmond Career Framework Agenda Project Status What is a Career Framework? Elements of the Framework The role of Position Descriptions Overview of market pricing and pay grades Next Steps Project

463 views • 22 slides
From Recovery Strategy to Recovery Framework Session Outline Why a Recovery Framework 1 2 What

From Recovery Strategy to Recovery Framework Session Outline Why a Recovery Framework 1 2 What

From Recovery Strategy to Recovery Framework Session Outline Why a Recovery Framework 1 2 What is Recovery Framework 3 Link and utilization of the PDNA for a RF How is RF put together: four modules 4 What: (policy / vision) Who:

406 views • 15 slides
A Framework for Testing for A Framework for Testing for Repeatable Success

A Framework for Testing for A Framework for Testing for Repeatable Success

T6 Concurrent Session Thursday 10/25/2007 11:15 AM JUMP TO: Biographical Information The Presentation Related Paper A Framework for Testing for A Framework for Testing for Repeatable Success Repeatable Success Presented by:

543 views • 35 slides
EIM Tariff Framework EIM Tariff Framework Stakeholder Meeting: Folsom Stakeholder Meeting:

EIM Tariff Framework EIM Tariff Framework Stakeholder Meeting: Folsom Stakeholder Meeting:

EIM Tariff Framework EIM Tariff Framework Stakeholder Meeting: Folsom Stakeholder Meeting: Folsom October 1, 2013 John Anders and Beth Ann Burns The tariff framework is designed to fulfill this Implementation Agreement principle

419 views • 7 slides
Limited Discrepancy Beam Search Paper by: David Furcy &amp; Sven Koenig Presentation by: Michael

Limited Discrepancy Beam Search Paper by: David Furcy &amp; Sven Koenig Presentation by: Michael

Limited Discrepancy Beam Search Paper by: David Furcy &amp; Sven Koenig Presentation by: Michael Niggli November 1, 2012 Presention made as part of the proceedings of the 2012 fall semesters Search and Optimization seminar at the University

925 views • 26 slides
Particle Identification Algorithms for the Medium Energy ( 1.5-8 GeV) MINERA Test

Particle Identification Algorithms for the Medium Energy ( 1.5-8 GeV) MINERA Test

Particle Identification Algorithms for the Medium Energy ( 1.5-8 GeV) MINERA Test Beam Experiment Tesista: Antonio Federico Zegarra Borrero Asesor: Dr. Carlos Javier Solano Salinas UNI, March 04, 2016 1 Contents (1)The

784 views • 66 slides
Lucia Bortko, DESY on behalf of the FCAL collaboration LCWS14 | Vinca Institute, Belgrad | 9

Lucia Bortko, DESY on behalf of the FCAL collaboration LCWS14 | Vinca Institute, Belgrad | 9

Optimization of the BeamCal Design (simulation studies) Lucia Bortko, DESY on behalf of the FCAL collaboration LCWS14 | Vinca Institute, Belgrad | 9 October 2014 The Aim and Content The Aim: compare performance of BeamCal for 2

663 views • 28 slides
Nexmark A unified benchmarking suite for data-intensive systems with Apache Beam Ismal Meja

Nexmark A unified benchmarking suite for data-intensive systems with Apache Beam Ismal Meja

Nexmark A unified benchmarking suite for data-intensive systems with Apache Beam Ismal Meja @iemejia 1 Who are we? Integration Software Big Data / Real-Time Open Source Enterprise 2 New products We are hiring ! 3 Agenda 1. Big

886 views • 49 slides
Advanced Tool Writing for Character TDs Judd Simantov 1 Table of Contents: Tool

Advanced Tool Writing for Character TDs Judd Simantov 1 Table of Contents: Tool

Advanced Tool Writing for Character TDs Judd Simantov 1 Table of Contents: Tool Writing Fundamentals. Maya specific development: o MEL .vs API MEL: o Custom Viewport Pop-ups. o OptionVar . o Recursive Functions . o Custom

834 views • 57 slides
Waterfall to Agile: Flipping the Switch Bhushan Gupta Nike Inc . October 9, 2012 Disclaimer

Waterfall to Agile: Flipping the Switch Bhushan Gupta Nike Inc . October 9, 2012 Disclaimer

Waterfall to Agile: Flipping the Switch Bhushan Gupta Nike Inc . October 9, 2012 Disclaimer This presentation is NOT NOT a This presentation is a recommendation recommendation to switch from to switch from Waterfall to Agile. It is an

540 views • 21 slides
Developing Custom Views Plugins: Falling back in love with Views BADCAMP 2020 Jim Vomero

Developing Custom Views Plugins: Falling back in love with Views BADCAMP 2020 Jim Vomero

Developing Custom Views Plugins: Falling back in love with Views BADCAMP 2020 Jim Vomero Jim.Vomero@FourKitchens.com @nJim 90s Movies Demo Site Three content types: Movie Cast Person Insert Image Two vocabularies: Genre

876 views • 13 slides
SlideSet #7: Web Site Design Your Comments from Reading 1 Principles: Web sites should be How

SlideSet #7: Web Site Design Your Comments from Reading 1 Principles: Web sites should be How

IT350 Web and Internet Programming SlideSet #7: Web Site Design Your Comments from Reading 1 Principles: Web sites should be How do you know if your site is good? User Testing and Evaluation A huge part of the HCI field.

437 views • 12 slides

More recommend