Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive analysis of Intent Message vulnerabilities in Android applications in this 17-minute Black Hat conference talk. Delve into the identification of common programming malpractices that introduce security flaws, and learn about the development of an effective static analyzer for automatic vulnerability detection. Discover how the research team demonstrates the real-world exploitability of these vulnerabilities through automatic payload generation. Gain insights into the formal approach used to reproduce dangerous behaviors in vulnerable apps, and understand the implications of insufficient sanity checks when receiving messages from unknown sources. Cover topics including Android components, attack models, UI targets, databases, remote target attacks, formal analysis, static analysis, and validation results.
Syllabus
Introduction
Outline
Android Components
Previous Research
Analysis
Services
Intent Message
Attack Model
UI Target
Databases
Remote Target Attacks
Formal Analysis
Static Analysis
Validation
Results
Application Analysis
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube