H@kin9 & vulnerability assessment in android By, J@$h. 13501A1908
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
H@kin9 & vulnerability assessment in android
By,J@$h.
13501A1908
contents
What is hacking Who are hackers Hacker types Practical attacks Phishing attacks Dos attacks Clickjacking attacks Mobile hacking
What is computer hacking &
who are hackers Computer hacking Hacking is simply gaining unauthorized access to data in a system or computer Hacker The person who hacks Cracker System intruder/destroyer
Who are hackers
Someone who bypasses the system’s access controls by taking advantage of security weaknesses left in the system by developers
Hacker means cracker nowadays
Hacker types
White hat hackers Black hat hackers Grey hat hackers
Phishing attacks
Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Types Deceptive malware
Clickjacking attacks
It is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on web pages
Exploit process
A Simple example
The simple example source code
Advanced clickjacking techniques
Exploit process for Facebook
Likejacking on the wild
Mobile hacking
Bypassing android lockscreen
Modifying apk data WhatsApp hacking Modifying apks
Bypassing android lockscreen
Modifying apk data
Modifying apk data
WhatsApp cracking
Modifying apks
Making of the apk
Modifying apks
Reversing the apk
Getting our hands dirty
Its Demo time !!!
Android malwares
Memories of the past
Some famous android malwares …
Trojan-SMS .Fakeplayer.a Geinimi Snake DreamDroid GGtracker
Trojan-SMS .Fakeplayer.a
simplest malware till date
Sends SMS to premium members
Mainly distrubuted through porn/media apps
Stop watching porn? :0
Geinimi
most sophisticated malware till date
Botnet like capabilities Mainly distrubuted through
porn/media apps Suggests infected legimate apps
Geinimi(continued)
Botnet command capabilities… Call-call a number Email-send an email Sms record-sends all the sms’ses to
the server Install-install an app Shell-get a shell Suggests infected legimate apps
Creating our own android malware
Expected time < 5 min
Exploit process
The game is over :’(
The game is over :’(
The game isn't over :)
Can create malwares not detected by the antivirus
Disable the antivirusUse ur own black hat creativity
Stored passwords
Browser passwords stored in database called webview.db
Got r00t ?
Insecure data storage
Related Documents
