Enjoy!
Research & Papers & Presentations
- MANIFEST FILES CLASSIFICATION OF ANDROID MALWARE - http://icmr.crru.ac.th/Journal/Journal%204/9%20Manifest%20Files%20Classification%20of%20Android%20Malware.pdf
- DroidNative: Semantic-Based Detection of Android Native Code Malware - http://arxiv.org/pdf/1602.04693.pdf
- Metaphor - Exploitation of CVE-2015-3864 and ASLR bypass. Exploit
- Android CVE-2015-1805 - Local elevation of privilege vulnerability in Android kernel (versions 3.4, 3.10 and 3.14)
- Pwn a Nexus device with a single vulnerability
- An Android Malware Detection Method Based on Feature Code - http://www.atlantis-press.com/php/paper-details.php?from=session+results&id=25845065&querystr=id%3D661
- Technical Report: DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android - http://www.icri-sc.org/publications/einzelansicht/?tx_bibtex_pi1%5Bpub_id%5D=TUD-CS-2016-0025&no_cache=1
- Evaluation of Android Malware Detection Based on System Calls - http://soarlab.org/2016/01/iwspa2016-daur/
- strace - to trace system calls related to the operating system process of the application
- https://github.com/soarlab/maline
- AspectDroid: Android App Analysis System - https://dl.acm.org/citation.cfm?id=2857739
- SEMANTICS-AWARE ANDROID MALWARE CLASSIFICATION
- ANDROID MALWARE CLASSIFICATION USING PARALLELIZED MACHINE LEARNING METHODS
- Static Analysis of Android Apps: A Systematic Literature Review
- R-Droid: Leveraging Android App Analysis with Static Slice Optimization
- BinderCracker: Assessing the Robustness of Android System Services
- A study on obfuscation techniques on Android malware - http://midlab.diag.uniroma1.it/articoli/matteo_pomilia_master_thesis.pdf
- MITRE Android Security Analysis Final Report
- Ransomware Steals your phone. Formal methods to rescue it.
- Download Malware? No,thanks. How Formal Methods can Block Update Attacks
- Following Devil’s Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS
- Attacks and Defence on Android Free Floating Windows
- Mystique: Evolving Android Malware for Auditing Anti-Malware Tools
- StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware
- Evading Android Runtime Analysis Through Detecting Programmed Interactions
- Secure Containers in Android: the Samsung KNOX Case Study
- Detecting Android malware campaigns via application similarity analysis
- AndroZoo: Collecting Millions of Android Apps for the Research Community
- AndroZoo - https://androzoo.uni.lu
- Andro-profiler: Detecting and Classifying Android Malware based on Behavioral Profiles
- Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
- https://www.youtube.com/watch?v=spxm-eZIpKQ
- http://www.slideshare.net/EndgameInc/hardwareassisted-rootkits-instrumentation
- The Analysis and Classification of Android Malware
- Includes Binder examples
- Understanding Application Behaviours for Android Security: A Systematic Characterization
- Analyzing security flaws of wireless routers and enhancing security violation of remote code execution on android devices
- On the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android Malware
- Finding Bugs in Android Application using Genetic Algorithm and Apriori Algorithm
- CREDROID: Android malware detection by network traffic analysis
- Fruit vs Zombies: Defeat Non-jailbroken iOS Malware. ShakaCon, Honolulu, Jul 2016
- Android IPC firewall - Research into developing a linux kernel firewall for android via binder - https://github.com/dxwu/AndroidBinder
- MCE^3 - Scott Alexander-Bown - Android App Security on a Budget
- MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention
- Android Compiler Fingerprinting
- TrafficAV: An Effective and Explainable Detection of Mobile Malware Behavior Using Network Traffic
- Identifying unsoundness of call graphs in android static analysis tools
- Fingerprinting Android packaging: Generating DNAs for malware detection (http://www.sciencedirect.com/science/article/pii/S1742287616300469)
- A Peek Under the Hood of iOS Malware
- Paper: https://webdiis.unizar.es/~ricardo/files/papers/GR-WMA-16.pdf
- Samples: https://webdiis.unizar.es/~ricardo/software-tools/supplementary-research-material/ios-malware-samples/
- Linux Security Summit Videos (https://www.linux.com/news/linux-security-summit-videos)
- File-Based Encryption in Android 7 (https://source.android.com/security/encryption/file-based.html)
- How My Rogue Android App Could Monitor & Brute-force Your App’s Sensitive Metadata (https://www.arneswinnen.net/2016/09/how-my-rogue-android-app-could-monitor-brute-force-your-apps-sensitive-metadata/)
- Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB (https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/)
- XDroid: An Android Permission Control Using Hidden Markov Chain and Online Learning (http://www.people.vcu.edu/~rashidib/Pub_files/CNS16/CNS16.pdf)
- Analyzing Android Repackaged Malware by Decoupling Their Event Behaviors (https://link.springer.com/chapter/10.1007/978-3-319-44524-3_1)
- Comparative Evaluation of Machine Learning-based Malwar eD etection on Android (https://pdfs.semanticscholar.org/e45f/e32cfffd3a6200081fc6df8c837ee846f2ac.pdf)
- DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware (http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0162627)
- Android full-disk encryption: a security assessment (https://www.royalholloway.ac.uk/isg/documents/pdf/technicalreports/2016/rhul-isg-2016-8-oliver-kunz.pdf)
- KNOXout (CVE-2016-6584) - Bypassing Samsung KNOX - http://www.vsecgroup.com/single-post/2016/09/16/KNOXout---Bypassing-Samsung-KNOX
- Samsung Pay NFC flaw - https://salmg.net/2016/10/11/samsung-pay-nfc-flaw
- A Framework for Third Party Android Marketplaces to Identify Repackaged Apps - http://ieeexplore.ieee.org/abstract/document/7588889/
- Characterization of Android Malware Families by a Reduced Set of Static Features - https://link.springer.com/chapter/10.1007/978-3-319-47364-2_59
- Using Rowhammer bitflips to root Android phones is now a thing
- https://www.vusec.net/projects/drammer/
- https://vvdveen.com/publications/drammer.pdf
- Based on this paper from 2014
- Repeatedly accessing data stored in memory chips could flip certain bits
- http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/
- https://github.com/vusec/drammer
- https://www.youtube.com/watch?v=x6hL-obNhAw
- An Android Application Protection Scheme against Dynamic Reverse Engineering Attacks - http://isyou.info/jowua/papers/jowua-v7n3-3.pdf
- Evaluation of Resource-based App Repackaging Detection in Android - https://github.com/zyrikby/FSquaDRA2
- On App-based Matrix Code Authentication in Online Banking
- New Reliable Android Kernel Root Exploitation Techniques - http://powerofcommunity.net/poc2016/x82.pdf
- DE-GUARD - http://apk-deguard.com - http://www.srl.inf.ethz.ch/papers/deguard.pdf
- Patent: Detecting malware on mobile devices based on mobile behavior analysis - https://www.google.com/patents/US9479357
- Automatically Learning Android Malware Signatures from Few Samples - http://apps.cs.utexas.edu/tech_reports/reports/tr/TR-2237.pdf
- AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph - https://link.springer.com/chapter/10.1007/978-3-319-49145-5_9
- Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016 - https://github.com/secmob/BadKernel
- BitUnmap: Attacking Android Ashmem - https://googleprojectzero.blogspot.cz/2016/12/bitunmap-attacking-android-ashmem.html
- ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy - https://www.youtube.com/watch?v=9KsnFWejpQg
- New Flavor of Dirty COW Attack Discovered, Patched - http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/
- Toward dynamic analysis of obfuscated android malware - http://www.slideshare.net/ZongShenShen/toward-dynamic-analysis-of-obfuscated-android-malware
- *droid: Assessment and Evaluation of Android Application Analysis Tools http://www.cise.ufl.edu/~traynor/papers/reaves-csur2016.pdf
- ICCDetector: ICC-Based malware detection on Android - http://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=4298&context=sis_research
- Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions - https://arxiv.org/pdf/1611.10231.pdf
Machine Learning
- A static Android malware Detection based on actual used permissions combination and API calls - http://www.waset.org/publications/10005499
- Android Malware Classification by Applying Online Machine Learning - https://link.springer.com/chapter/10.1007/978-3-319-47217-1_8/fulltext.html
- An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features - https://link.springer.com/article/10.1007/s00521-016-2708-7
- MamaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models - https://arxiv.org/pdf/1612.04433.pdf
Articles
- Autopwn every Android < 4.2 device on your network using BetterCap and the "addJavascriptInterface" vulnerability.
- Android Deobfuscation Tools and Techniques
- Dalvik Virtual Execution with SmaliVM
- Android Anti-Hooking Techniques in Java
- Android internals
- Introduction to Fridump
- Hardening the media stack by Google
- What's new in Android security (M and N Version) - Google I/O 2016 - https://www.youtube.com/watch?v=XZzLjllizYs
- Mobile Security News Update July 2016
- Android WebView exploit vulnerabilities, limitations and End
- Strictly Enforced Verified Boot with Error Correction (new in Android N) - http://android-developers.blogspot.cz/2016/07/strictly-enforced-verified-boot-with.html
- How to View TLS Traffic in Android’s Logs (https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-logs-6a42ca7a6e55#.6c6ayv5r4)
- Mobile Threat Catalogue - https://pages.nist.gov/mobile-threat-catalogue/
- CVE-2016-3918: E-mail Information Disclosure Vulnerability Analysis - http://blogs.360.cn/360mobile/2016/10/14/cve_2016_3918/ (Chinese)
Tools & Frameworks & Source Code
- Androl4b - AndroL4b is an android security virtual machine based on ubuntu-Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis.
- SmaliEx Deoptimize odex from oat.
- Android Crackmes - https://play.google.com/store/apps/developer?id=DEFENDIO
- SSLUnpinning_Xposed Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).
- AppMon - http://dpnishant.github.io/appmon/ * AppMon is an automated framework for monitoring and tampering system API calls of native iOS and Android apps (upcoming)
- fsmon - FileSystem Monitor utility that runs on Linux, Android, iOS an d OSX - https://github.com/nowsecure/fsmon
- Android Tamer Version 4
- Droid-ff: Android Fuzzing Framework
- jniostorlab - JNI method enumeration in ELF files
- DexExtractor - Android dex file extractor, anti-bangbang (Bangcle)
- Android CVE-2015-1805 PoCs [1] [2]
- selfmodify - https://github.com/leonnewton/selfmodify
- AppTroy - An Online Analysis System for Packed Android Malware https://github.com/CvvT/AppTroy
- Java Deobfuscator (https://javadeobfuscator.com)
- APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - https://github.com/rednaga/APKiD
- Droid-Hunter - Android Application Vulnerability Analysis And Android Pentest Tool (http://www.kitploit.com/2016/09/droid-hunter-android-application.html
- Stagefright Metasploit Module (https://github.com/rapid7/metasploit-framework/pull/7357)
- Native binary for testing Android phones for the Rowhammer bug - https://github.com/vusec/drammer
- avmdbg - a lightweight debugger for android virtual machine - https://github.com/cheetahsec/avmdbg
- Evaluation of Resource-based App Repackaging Detection in Android - https://github.com/zyrikby/FSquaDRA2
- Dirty COW vulnerability test added to the VTS App - https://github.com/AndroidVTS/android-vts/pull/139#issuecomment-264213745
- XposedGadget - https://github.com/ZSShen/XposedGadget
No comments:
Post a Comment