Mobile Android Apps: Pen-Test, Malware Tri Wanda Septian COMNETS Research Group. Fasilkom UNSRI
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mobile Android Apps: Pen-Test, MalwareTri Wanda Septian
COMNETS Research Group. Fasilkom UNSRI
Siapa saya ?
Silahkan "googling" !
Android Mobile Phones
sumber gambar : https://9to5google.files.wordpress.com/2015/10/android-versions.jpg?quality=82&strip=all&w=1024
sumber gambar : hhttps://www.android.com/static/2016/img/devices/phones/nexus-6p/transparent/nexus-6p-02_1x.pnghttps://www.android.com/static/2016/img/devices/phones/moto-x/transparent/moto-x-03_1x.png
sumber gambar : http://www.aboveandroid.com/wp-content/uploads/2015/06/Android-smart-homes-2015.jpghttp://androidboxoffice.com/media/wysiwyg/25isvhw.jpg
Smart Device
sumber : http://thenextweb.com/google/2017/01/18/google-reveals-how-it-flagged-25000-android-apps-for-malware/
sumber : https://www.cnet.com/news/russian-android-malware-tracked-ukrainian-military-report/
sumber : https://cdn.arstechnica.net/wp-content/uploads/2016/07/hummingbad-by-country-640x424.png
10 million Android phones infected by all-powerful auto-rooting apps
sumber : https://cse.google.com/cse?q=android+malware&cx=partner-pub-7983783048239650%3A3179771210#gsc.tab=0&gsc.q=android%20malware&gsc.page=1
sumber : https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html
Android CVE (Common Vulnerabilities and Exposures)
sumber : mr.robot s2 eps 8
Mobile Pen-Test
Mobile Pen-Test
sumber : https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10
Mobile Pen-Test
Pen-tester analysis :
static analysis : recompile, reversing, decrypt
dynamic : apps behavior, logs, db, updates, system
Mobile Pen-Test
Mobile Pen-Test
Mobile Pen-Test
Mobile Malware(with MSF)
Mobile Malware (with MSF)• create Metasploit APK
• decompile metasploit APK, apktool
• decompile original apk,apktool
• copy smali directory from metasploit to smali folder in orgina apps
• inject and invokde Metasploit project
• recompile
• sign & verify
Mobile Malware (with MSF)
Mobile Malware (with MSF)
Mobile Malware (with MSF)
Mobile Malware (with MSF)
Mobile Malware (with MSF)
• Remote Client
• DDoS Attack
• Zombie Client
• Steal data user
Terima Kasih
Related Documents
