I stated in a previous post that I had one of my CFP (Call for Papers)
proposals accepted. The following is the accepted proposal:
Getting Started with Android Malware Analysis {#gettingstartedwithandroidmalwareanalysis}
---------------------------------------------
> The Android operating system has been around since 2008 and has also
> been open source from the beginning.\
> Leaving things open source allows for a lot of apps to slide thru the
> cracks when it comes to security.\
> At one point a flashlight app made the news for stealing user
> information when all it was\
> suppose to do is turn on the camera light. This small incident has
> sparked tools that allow one\
> to get into android malware analysis.\
> To my knowledge there is not a set tool that developers can use to
> make sure that their\
> application can't be exploited. I spent years studying and building
> malware and now would like\
> to help others to get into the malware analysis side in hopes that a
> general tool can be made\
> for check applications before being published for consumer use. I'll
> take you thru setting up\
> your environment and analyzing a controlled application apk. At the
> end of the talk you should\
> leave excited to look more into Android malware analysis and the
> Android system as a whole.
TLDR: I'm talking about looking for security holes in Android apps
Getting accepted for this was like a dream come true. I started my
security interest in Nashville, I'm from Nashville, and this is a baby
step into security as a career happening in Nashville. After getting
over all of that I of course made social media post because that's what
people my age do.
### How am I preparing for the talk? {#howamipreparingforthetalk}
Well after freaking out a little I made a plan. I read a lot of security
stuff because I'm a grad student BUT I wanted to narrow down what I read
to focus on malware analysis. I also thought about how I want to
structure my slides. When I wrote my proposal I figured I'd structure my
presentation as the following
- Who I am: My intro
- Android background: How I got into this stuff
- Intro demo malware app: demo of an app running in a sandboxed
environment
- Demo of how to analyze app: Things to look for on analysis
- How to present learnings: How to present your findings
- Questions
As of writing this I\'m think of the following structure:
- Who I am
- Android Brackground
- Tools used for analysis
- Demo of malicious app
- Demo using tools
- How to present learnings
- Tools for the developers
- Resources
### Where am I on this? {#whereamionthis}
As of reading this I have an intro, I reached out to my ugrad professor
and got papers for reference for what I use to do, and I found a way to
present findings. There are a lot of places you can go to find demo apps
so I've also been looking for other papers on how to get started and I'm
going to be replicating them for proof of concept.\
When it comes to presenting findings, I really want to push the
perspective of being a student and doing bug bounties. I'm a student so
that perspective is easy for me to talk about but I'm also dipping my
toes into this in the real world with bug bounties. The unique part of
this that I want to emphasize is that I'm a mobile developer so I know
what it's like to unknowingly leak info.
### What is my end goal? {#whatismyendgoal}
I really want get people talking about a way for the blue team security
and devs to come together for the creation of a tool for checking code
before publishing to the playstore. The use cases are endless for a tool
like this. It would be helpful for new Android devs and for people that
pay for a 3rd party to create their applications. I think I have a cool
position to help since I\'m a developer and also into the security side
of things.
My end goal for this 30min talk is for people to have an idea of the
tools needed to get started in Android Malware Analysis, and for people
to be generally more excited about the Android system. I know that last
point is kinda hard but Android being an Open Source Operating System
means not only can it be easier for people to slide in malicious code,
but could be a new exciting frontier for entry level app security
people.