Overview
Explore a powerful new method for tracking and analyzing evasive Android malware behaviors without modifying the operating system. Learn techniques to overcome challenges in fast code analysis, environment detection, obfuscation, dynamic code loading, and anti-analysis measures. Discover how to monitor user-defined classes/methods, third-party libraries, Java/Android APIs, and native-level functions including JNI, libc, and Binder on unmodified devices. Gain insights into analyzing complex and advanced Android malware through demonstrations and practical examples.
Syllabus
What I will talk about..
Obfuscation
Fast code analysis: example
Dynamic code loading
Monitoring extension
Mixed-environment code with JNI
Tracking Native Behavior:JNI
Tracking Native Behavior: LIBC
Tracking Native Behavior:BINDER
Taught by
Black Hat