Wednesday, November 20 • 12:00pm - 12:50pm
All the network is a stage, and the APKs merely players: Scripting Android Applications

Sign up or log in to save this to your schedule and see who's attending!

Video of session:

The existance of open well defined APIs for many popular websites has been a boon to spammers, but as they have grown in popularity the operators have begun to care more about the integrity of the network. 3rd party access to these APIs is becoming increasingly restricted, while at the same time desires for a frictionless mobile experience have led to much looser restriction in their own applications.
We'll leverage this, along with the ability to load and execute Android APKs within JRuby sessions to create and control a social botnet.
Beginning with a brief overview of tools for disassembling, understanding, modifying, and rebuilding APKs. We will then move onto scripting portions of the application in a JRuby session, along the way covering key recovery, bypassing custom cryptographic routines, and general exploration of the code in a dynamic environment.
We'll conclude with leveraging what we've discovered to create and control thousands of accounts. Building on available information sources, such as the US census, and streams provided by the targetted network itself these accounts will have realistic characteristics and interact with the network in believable ways.

avatar for Daniel Peck

Daniel Peck

Principle Research Scientist, Barracuda Networks
Peck is principle research scientist at Barracuda Networks, he is currently focused on studying uses of social networks as a medium for attacks. Previous research includes comparing content and non content based systems to identify malicious accounts on Twitter/Facebook, exploiting... Read More →

Wednesday November 20, 2013 12:00pm - 12:50pm
Salon 3 (5th Floor Ballroom) NY Marriott Marquis

Attendees (0)