Overview
Explore cutting-edge mobile malware techniques and defense strategies in this 42-minute AppSecUSA 2016 conference talk. Delve into sophisticated attack methods used by hackers to bypass mobile security measures like app-sandboxing and containers. Analyze current malware identification techniques, including signatures, static analysis, and dynamic analysis, while understanding their strengths and weaknesses. Witness a live demonstration of mobile malware creation designed to evade detection by static and runtime analysis technologies. Learn from Yair Amit, CTO and Founder of Skycure, as he shares insights on regaining control and countering next-generation mobile threats. Gain valuable knowledge on topics such as Ping Pong Virus, Stuxnet, Pegasus, Xcode Ghost, accessibility API exploitation, and various analysis techniques to enhance your mobile security expertise.
Syllabus
Introduction
Agenda
Ping Pong Virus
Stuxnet
Pegasus
Xcode Ghost
Inspector
Google Play
Skype
Apps
Accessibility API
Accessibility Checking
Draw of Your Apps
Demo
Android
Droid 505
Dynamic Analysis
Bypassing Analysis
Static Analysis
Advantages of Static Analysis
Paint Analysis
Model Analysis
Model Analysis Problematic
Dynamic Code
Summary
Live Example
Limitations
Solutions
Recommendation
Taught by
OWASP Foundation