Scripting Android Applications for Social Botnet Creation - Network Exploitation Techniques

Explore the world of Android application scripting and social botnet creation in this 42-minute conference talk by Daniel Peck, Principal Research Scientist at Barracuda Networks. Dive into the process of disassembling, understanding, modifying, and rebuilding APKs. Learn techniques for scripting portions of applications in JRuby sessions, including key recovery and bypassing custom cryptographic routines. Discover how to leverage these skills to create and control thousands of realistic social media accounts using data from sources like the US census. Gain insights into tools for APK manipulation, dynamic code exploration, and the creation of believable bot interactions within social networks. Understand the implications of looser restrictions on mobile applications and how they can be exploited for various purposes.

Intro
About me
Creating fake accounts
Assumptions
Android
Burp Proxy
Intercepted Traffic
OAuth
APK Tools
Dalvik
Smalley
Highlevel overview
Lowlevel overview
Code Guard
Reverse Engineering
Comparing the two
Stack Overflow
Custom crypto code
Font size
Base64
JVM languages
Jruby
Jruby Client Library
Graphing
Social bots
Fake social accounts
Public profile images
Spam
Monetization