SlideShare une entreprise Scribd logo

Forensics WS Consolidated

Télécharger en tant que PPTX, PDF
K
Karter Rohrer
1  sur  57
Digital Forensics Workshop #1
Announcements • Twitter: cppfast • Instagram: calpolyfast • Slack: cppfast or calpolyfast • Website: cppfast.org Spread the word!
Announcements • October 25th Cyber Fair (10 am -3 pm) • FAST has 3 booths (Android Forensics, Iphone Forensics, and Hacking) • Need volunteers • No FAST meeting that week • Amazon Director of HR and Cyber next week! • Octber 21st 4:30-8 GoKart && food club social • $10 for GoKart or $15 for GoKart and Food
Digital Forensics on Cellular Devices • What is captured? • EVERYTHING…text messages, calls, calendar events, app data (including passwords), pictures (even if you delete them), and much more. • Where is data stored? • Internal Memory • External Memory (SD Card)
Digital Forensics on Iphones •Manual Acquisition • Search the user interface for data. This method is time consuming and is only available to a single user. • Physical Acquisition • Bit-by-bit copy of the file system (including deleted data and unallocated space). • Logical Acquisition • Using the phone provider’s software to extract information
How To Protect Yourself • Selling your phone? • NEVER sell a phone without successfully wiping everything. • As you will see in this demonstration, we can recover virtually any piece of information. • Steps to take before selling a phone: • Format Internal and External Memory • Format Micro SD Card
Wiping Iphone vs. Android Iphone • Settings > General > Reset > Erase all Content and Settings. • Apple uses hardware encryption - Data is encrypted and the password is not stored on the device Android Vary from manufacturer. Android • Be warned, some manufacturers don’t follow proper data-wiping practices and leave behind trace files. I suggest seeking a third party application. • Encrypt your phone • Settings > General > Backup & Reset > Factory Data Reset http://lifehacker.com/5808280/what-should-i-do-with-my-phone-before-i-sell-it
Forensics On IOS • Step 1: Create or locate a full backup for the device with Itunes. Even for forensics on a current device, we need the backup file. Itunes does a wonderful job in backing up EVERYTHING. • Step 2: Download the sourceforge iphone analyzer tool. This is available for windows, mac and linux. http://sourceforge.net/projects/iphoneanalyzer/ Note: This is an executable Jar file. DO NOT extract it. If your computer doesn’t have a program to execute this, download a version from cnet. http://download.cnet.com/Java-Launcher/3000-2213_4-10332879.html • Step 3: Select your backup • Step 4: Import the backup • Step 5: Begin the investigation
Step 1: Google “iphone analyzer” - The 1st link should be for ‘sourceforge’ - Click ‘download’ • This will give you a .jar file • (if you do not have ‘java launcher’ (windows) you will be tempted to open it as a compressed file)
If you do not have ‘java launcher’ to run .jar files in java - Google “java launcher” - The 3rd link should be for ‘CNET’ - Click on the “Direct Download Link” - DO NOT CLICK ON THE ‘DOWNLOAD NOW’ link, you WILL get malware! (my power icon was removed and so was access to turn the power icon back on)
even though iphone analyzer runs with java (x64) (assuming you’re running Windows 10) Java Launcher requires java (x86) • - Google “download java jdk” • - The 1st link should be for ‘oracle’ • - Click on JDK download
Download all 4 executables - Java launcher: jdk-8u65-windows-i586.exe && jdk-8u65-windows-i586.exe - To open .jar files: jdk-8u65-windows-x64.exe && jdk-8u66-windows- x64.exe Error message if you don’t download BOTH java (x86) files
When you open the java folder in both ‘Program Files (x86)’ & ‘Program Files’ they should both have 4 folders named: jdk1.8.0_65, jdk1.8.0_66, jre1.8.0_65, jre1.8.0_66 • YOU NEED ALL FOUR and the ‘Program Files (x86)’ java folders contain different files from the java folders in ‘Program Files’.
• With that said, I did come across an instance when I opened the java folder and it did NOT have all 4 folders after downloading. To troubleshoot, FROM WITHIN THE SAME FOLDER copy the folder type of the version you are missing and rename the copy of the folder to the type you are missing • (for example if you are missing “jre1.8.0_66” copy “jre1.8.0_65” and rename the copy to “jre1.8.0_66”).
Troubleshooting • With that said, I did come across an instance when I opened the java folder and it did NOT have all 4 folders after downloading. To troubleshoot, FROM WITHIN THE SAME FOLDER copy the folder type of the version you are missing and rename the copy of the folder to the type you are missing • (for example if you are missing “jre1.8.0_66” copy “jre1.8.0_65” and rename the copy to “jre1.8.0_66”).
NOW YOU SHOULD BE ABLE TO OPEN iphoneanalyzer.jar !!! • (with the default program “Java(TM) Platform SE binary”)
What your Screen should Look like
Click the backup and Analyze
Android Forensics
Digital Forensics on Androids •Manual Acquisition • Search the user interface for data. This method is time consuming and is only available to a single user. • Physical Acquisition • Bit-by-bit copy of the file system (including deleted data and unallocated space). • Logical Acquisition • Using the phone provider’s software to extract information
Step 1: Download Santoku Linux
Step 2: Set up Santoku in a VM
What it should look like
AF-Logical Forensics
Command Promt Interface •Plug in your device •Enable “USB Debugging” •For most phones – go to about phone and tap “Build Number” 7 times to enable developer options to enable debugging •Pass the USB connection to Linux
Commands •In the command promt AF-Logical – •Type: adb devices (this will confirm your device is connected) •Type: aflogical-ose (press confirm on your phone) •Select the data to be on the image
Pass the USB connection to Linux
My screen (test)
adb devices should return
aflogical-ose should return
The Data – Home folder>AFLogical
Everything is at your fingertips
Troubleshooting •Make sure you set up Santoku Linux correctly •When the terminal window asks for a password, it doesn’t appear on the screen for security reasons. Just enter your password you registered with. •Feel free to contact me with questions. •kkrohrer@cpp.edu or (661) 972-2686
Protecting Yourself On Campus
Personal Security
Incognito / private browsing •Doesn’t save history, downloads, cookies, passwords, etc. •ALL internet activity still VERY visible
VPN chrome extension • Great for quick protection (hides IP and encrypts internet activity) • Recommend CyberGhost (free, unlimited VPN) • Still saves history, cookies, etc. on local machine
Tor Network • Routes through multiple IP’s that constantly change • Like an advanced VPN with amnesia •Can still be tracked when entering and exiting Tor
CyberGhost Desktop App • Connect to VPN before Tor to mask entrance • CyberGhost assigns random username • Couldn’t find free VPN that protect against exit nodes • If you purchase VPN, use BitCoins or DarkCoins
CyberGhost Desktop with firefox
Tails (Anonymous OS) •Deletes EVERYTHING •Load from USB not VM •Profoundly safe •But SLOW and inconvenient • Set up admin every startup • Prove not a bot constantly
Whonix • Anonymous OS, Two VMs working in tangent • Isn't amnesiac • Nicer interface, but still a VM which has weaknesses that can be exploited • Recommend using with VPN desktop app
Proxy Servers •InCloak.com •Circumvent school restrictions •Socks 5, faster than 1000 ms for a proxy that always connects
Gaming •Connect to PS4 remote play with PS Vita
Torrent (before proxy)
Screen Locks •-Pin Passcode •-Password •-Pattern •-Facial Recognition •-Fingerprint scanner •Apps to make your screen locks more Complex. Ex. 6x6 pattern screen lock.
Making sure data is backed up • Can prevent loss of: • Personal Information • Music • Photos • Wi-Fi passwords • Apps • Can back up to multiple places • Titanium Backup
Encrypting your device • Pros: Keeps data safe if you lose it by making the data unreadable • Cons: Slower performance, no going back without factory resetting • Lollipop (Android 5.0)- You get your phone encrypted by default when you get it. • Marshmallow (Android 6.0)- Makes full disk encryption mandatory.
Malicious apps •Malicious adware disguises itself as popular apps via repackaging
Useful Links •https://santoku-linux.com/howto/mobile- forensics/howto-forensically-examine-android- aflogical-santoku/ •https://santoku-linux.com/howto/mobile- forensics/howto-use-iphone-backup-analyzer-on- santoku-linux/ •https://www.wireshark.org/ •http://www.rafayhackingarticles.net/2012/10/hack- facebook-account-with-arp-poisoning.html
Forensics WS Consolidated

Recommandé

iOS 6 Exploitation: 280 days later
iOS 6 Exploitation: 280 days lateriOS 6 Exploitation: 280 days later
iOS 6 Exploitation: 280 days laterSeguridad Apple
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
 
CanSecWest 2013 - iOS 6 Exploitation 280 Days Later
CanSecWest 2013 - iOS 6 Exploitation 280 Days LaterCanSecWest 2013 - iOS 6 Exploitation 280 Days Later
CanSecWest 2013 - iOS 6 Exploitation 280 Days LaterStefan Esser
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 

Recommandé

iOS 6 Exploitation: 280 days later
iOS 6 Exploitation: 280 days lateriOS 6 Exploitation: 280 days later
iOS 6 Exploitation: 280 days laterSeguridad Apple
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
 
CanSecWest 2013 - iOS 6 Exploitation 280 Days Later
CanSecWest 2013 - iOS 6 Exploitation 280 Days LaterCanSecWest 2013 - iOS 6 Exploitation 280 Days Later
CanSecWest 2013 - iOS 6 Exploitation 280 Days LaterStefan Esser
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationBlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationStefan Esser
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetPriyanka Aash
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopDefcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopPriyanka Aash
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNorth Texas Chapter of the ISSA
 
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelSyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelStefan Esser
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsStefan Esser
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecPacSecJP
 
Beyond the 'cript practical i os reverse engineering lascon
Beyond the 'cript practical i os reverse engineering lasconBeyond the 'cript practical i os reverse engineering lascon
Beyond the 'cript practical i os reverse engineering lasconNino Ho
 
Targeting the iOS kernel
Targeting the iOS kernelTargeting the iOS kernel
Targeting the iOS kernelSeguridad Apple
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
CNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular networkCNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular networkSam Bowne
 
CNIT 127 Ch 4: Introduction to format string bugs
CNIT 127 Ch 4: Introduction to format string bugsCNIT 127 Ch 4: Introduction to format string bugs
CNIT 127 Ch 4: Introduction to format string bugsSam Bowne
 

Contenu connexe

Tendances

BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationBlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationStefan Esser
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetPriyanka Aash
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopDefcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopPriyanka Aash
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelSyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelStefan Esser
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsStefan Esser
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecPacSecJP
 
Beyond the 'cript practical i os reverse engineering lascon
Beyond the 'cript practical i os reverse engineering lasconBeyond the 'cript practical i os reverse engineering lascon
Beyond the 'cript practical i os reverse engineering lasconNino Ho
 
Targeting the iOS kernel
Targeting the iOS kernelTargeting the iOS kernel
Targeting the iOS kernelSeguridad Apple
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 

Tendances (20)

BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationBlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internet
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopDefcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelSyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsec
 
Beyond the 'cript practical i os reverse engineering lascon
Beyond the 'cript practical i os reverse engineering lasconBeyond the 'cript practical i os reverse engineering lascon
Beyond the 'cript practical i os reverse engineering lascon
 
Targeting the iOS kernel
Targeting the iOS kernelTargeting the iOS kernel
Targeting the iOS kernel
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 

En vedette

CNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular networkCNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular networkSam Bowne
 
CNIT 127 Ch 4: Introduction to format string bugs
CNIT 127 Ch 4: Introduction to format string bugsCNIT 127 Ch 4: Introduction to format string bugs
CNIT 127 Ch 4: Introduction to format string bugsSam Bowne
 
CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro Sam Bowne
 
CNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 DisassemblyCNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 DisassemblySam Bowne
 
CNIT 127 Ch 2: Stack overflows on Linux
CNIT 127 Ch 2: Stack overflows on LinuxCNIT 127 Ch 2: Stack overflows on Linux
CNIT 127 Ch 2: Stack overflows on LinuxSam Bowne
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesSam Bowne
 
CNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginCNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginSam Bowne
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsSam Bowne
 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeSam Bowne
 
CNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOSCNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOSSam Bowne
 
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)Sam Bowne
 
CNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsCNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsSam Bowne
 

En vedette (13)

CNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular networkCNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular network
 
CNIT 127 Ch 4: Introduction to format string bugs
CNIT 127 Ch 4: Introduction to format string bugsCNIT 127 Ch 4: Introduction to format string bugs
CNIT 127 Ch 4: Introduction to format string bugs
 
CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro
 
CNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 DisassemblyCNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 Disassembly
 
CNIT 127 Ch 2: Stack overflows on Linux
CNIT 127 Ch 2: Stack overflows on LinuxCNIT 127 Ch 2: Stack overflows on Linux
CNIT 127 Ch 2: Stack overflows on Linux
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
 
CNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginCNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you Begin
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating Applications
 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: Shellcode
 
CNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOSCNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOS
 
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
 
CNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsCNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflows
 

Similaire à Forensics WS Consolidated

Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhonessaurabhharit
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andAlisa Esage Шевченко
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxbriancrawford30935
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensionsZoltan Balazs
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 
Toorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for ThatToorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for ThatEric Monti
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles
 
Esage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interactionEsage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interactionDefconRussia
 
Continuous integration by Rémy Virin
Continuous integration by Rémy VirinContinuous integration by Rémy Virin
Continuous integration by Rémy VirinCocoaHeads France
 
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Veduruparthy Bharat
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
 

Similaire à Forensics WS Consolidated (20)

Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
Android rooting
Android rooting Android rooting
Android rooting
 
Android overview
Android overviewAndroid overview
Android overview
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits and
 
128-ch3.pptx
128-ch3.pptx128-ch3.pptx
128-ch3.pptx
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docx
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
Toorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for ThatToorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for That
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
 
Esage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interactionEsage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interaction
 
Continuous integration by Rémy Virin
Continuous integration by Rémy VirinContinuous integration by Rémy Virin
Continuous integration by Rémy Virin
 
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
 
Internet security
Internet securityInternet security
Internet security
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 

Forensics WS Consolidated

  • 2. Announcements • Twitter: cppfast • Instagram: calpolyfast • Slack: cppfast or calpolyfast • Website: cppfast.org Spread the word!
  • 3. Announcements • October 25th Cyber Fair (10 am -3 pm) • FAST has 3 booths (Android Forensics, Iphone Forensics, and Hacking) • Need volunteers • No FAST meeting that week • Amazon Director of HR and Cyber next week! • Octber 21st 4:30-8 GoKart && food club social • $10 for GoKart or $15 for GoKart and Food
  • 4.
  • 5. Digital Forensics on Cellular Devices • What is captured? • EVERYTHING…text messages, calls, calendar events, app data (including passwords), pictures (even if you delete them), and much more. • Where is data stored? • Internal Memory • External Memory (SD Card)
  • 6. Digital Forensics on Iphones •Manual Acquisition • Search the user interface for data. This method is time consuming and is only available to a single user. • Physical Acquisition • Bit-by-bit copy of the file system (including deleted data and unallocated space). • Logical Acquisition • Using the phone provider’s software to extract information
  • 7. How To Protect Yourself • Selling your phone? • NEVER sell a phone without successfully wiping everything. • As you will see in this demonstration, we can recover virtually any piece of information. • Steps to take before selling a phone: • Format Internal and External Memory • Format Micro SD Card
  • 8. Wiping Iphone vs. Android Iphone • Settings > General > Reset > Erase all Content and Settings. • Apple uses hardware encryption - Data is encrypted and the password is not stored on the device Android Vary from manufacturer. Android • Be warned, some manufacturers don’t follow proper data-wiping practices and leave behind trace files. I suggest seeking a third party application. • Encrypt your phone • Settings > General > Backup & Reset > Factory Data Reset http://lifehacker.com/5808280/what-should-i-do-with-my-phone-before-i-sell-it
  • 9. Forensics On IOS • Step 1: Create or locate a full backup for the device with Itunes. Even for forensics on a current device, we need the backup file. Itunes does a wonderful job in backing up EVERYTHING. • Step 2: Download the sourceforge iphone analyzer tool. This is available for windows, mac and linux. http://sourceforge.net/projects/iphoneanalyzer/ Note: This is an executable Jar file. DO NOT extract it. If your computer doesn’t have a program to execute this, download a version from cnet. http://download.cnet.com/Java-Launcher/3000-2213_4-10332879.html • Step 3: Select your backup • Step 4: Import the backup • Step 5: Begin the investigation
  • 10. Step 1: Google “iphone analyzer” - The 1st link should be for ‘sourceforge’ - Click ‘download’ • This will give you a .jar file • (if you do not have ‘java launcher’ (windows) you will be tempted to open it as a compressed file)
  • 11. If you do not have ‘java launcher’ to run .jar files in java - Google “java launcher” - The 3rd link should be for ‘CNET’ - Click on the “Direct Download Link” - DO NOT CLICK ON THE ‘DOWNLOAD NOW’ link, you WILL get malware! (my power icon was removed and so was access to turn the power icon back on)
  • 12. even though iphone analyzer runs with java (x64) (assuming you’re running Windows 10) Java Launcher requires java (x86) • - Google “download java jdk” • - The 1st link should be for ‘oracle’ • - Click on JDK download
  • 13. Download all 4 executables - Java launcher: jdk-8u65-windows-i586.exe && jdk-8u65-windows-i586.exe - To open .jar files: jdk-8u65-windows-x64.exe && jdk-8u66-windows- x64.exe Error message if you don’t download BOTH java (x86) files
  • 14. When you open the java folder in both ‘Program Files (x86)’ & ‘Program Files’ they should both have 4 folders named: jdk1.8.0_65, jdk1.8.0_66, jre1.8.0_65, jre1.8.0_66 • YOU NEED ALL FOUR and the ‘Program Files (x86)’ java folders contain different files from the java folders in ‘Program Files’.
  • 15. • With that said, I did come across an instance when I opened the java folder and it did NOT have all 4 folders after downloading. To troubleshoot, FROM WITHIN THE SAME FOLDER copy the folder type of the version you are missing and rename the copy of the folder to the type you are missing • (for example if you are missing “jre1.8.0_66” copy “jre1.8.0_65” and rename the copy to “jre1.8.0_66”).
  • 16. Troubleshooting • With that said, I did come across an instance when I opened the java folder and it did NOT have all 4 folders after downloading. To troubleshoot, FROM WITHIN THE SAME FOLDER copy the folder type of the version you are missing and rename the copy of the folder to the type you are missing • (for example if you are missing “jre1.8.0_66” copy “jre1.8.0_65” and rename the copy to “jre1.8.0_66”).
  • 17. NOW YOU SHOULD BE ABLE TO OPEN iphoneanalyzer.jar !!! • (with the default program “Java(TM) Platform SE binary”)
  • 18. What your Screen should Look like
  • 19. Click the backup and Analyze
  • 21. Digital Forensics on Androids •Manual Acquisition • Search the user interface for data. This method is time consuming and is only available to a single user. • Physical Acquisition • Bit-by-bit copy of the file system (including deleted data and unallocated space). • Logical Acquisition • Using the phone provider’s software to extract information
  • 22. Step 1: Download Santoku Linux
  • 23. Step 2: Set up Santoku in a VM
  • 24. What it should look like
  • 26. Command Promt Interface •Plug in your device •Enable “USB Debugging” •For most phones – go to about phone and tap “Build Number” 7 times to enable developer options to enable debugging •Pass the USB connection to Linux
  • 27. Commands •In the command promt AF-Logical – •Type: adb devices (this will confirm your device is connected) •Type: aflogical-ose (press confirm on your phone) •Select the data to be on the image
  • 28. Pass the USB connection to Linux
  • 32.
  • 33. The Data – Home folder>AFLogical
  • 34. Everything is at your fingertips
  • 35. Troubleshooting •Make sure you set up Santoku Linux correctly •When the terminal window asks for a password, it doesn’t appear on the screen for security reasons. Just enter your password you registered with. •Feel free to contact me with questions. •kkrohrer@cpp.edu or (661) 972-2686
  • 38. Incognito / private browsing •Doesn’t save history, downloads, cookies, passwords, etc. •ALL internet activity still VERY visible
  • 39.
  • 40. VPN chrome extension • Great for quick protection (hides IP and encrypts internet activity) • Recommend CyberGhost (free, unlimited VPN) • Still saves history, cookies, etc. on local machine
  • 41.
  • 42. Tor Network • Routes through multiple IP’s that constantly change • Like an advanced VPN with amnesia •Can still be tracked when entering and exiting Tor
  • 43. CyberGhost Desktop App • Connect to VPN before Tor to mask entrance • CyberGhost assigns random username • Couldn’t find free VPN that protect against exit nodes • If you purchase VPN, use BitCoins or DarkCoins
  • 45. Tails (Anonymous OS) •Deletes EVERYTHING •Load from USB not VM •Profoundly safe •But SLOW and inconvenient • Set up admin every startup • Prove not a bot constantly
  • 46. Whonix • Anonymous OS, Two VMs working in tangent • Isn't amnesiac • Nicer interface, but still a VM which has weaknesses that can be exploited • Recommend using with VPN desktop app
  • 47.
  • 48. Proxy Servers •InCloak.com •Circumvent school restrictions •Socks 5, faster than 1000 ms for a proxy that always connects
  • 49. Gaming •Connect to PS4 remote play with PS Vita
  • 51.
  • 52. Screen Locks •-Pin Passcode •-Password •-Pattern •-Facial Recognition •-Fingerprint scanner •Apps to make your screen locks more Complex. Ex. 6x6 pattern screen lock.
  • 53. Making sure data is backed up • Can prevent loss of: • Personal Information • Music • Photos • Wi-Fi passwords • Apps • Can back up to multiple places • Titanium Backup
  • 54. Encrypting your device • Pros: Keeps data safe if you lose it by making the data unreadable • Cons: Slower performance, no going back without factory resetting • Lollipop (Android 5.0)- You get your phone encrypted by default when you get it. • Marshmallow (Android 6.0)- Makes full disk encryption mandatory.
  • 55. Malicious apps •Malicious adware disguises itself as popular apps via repackaging

Notes de l'éditeur

  1. Introduce yourself
  2. Introduce yourself
  3. Introduce yourself
  4. Introduce yourself