Intrusion Hunting for the Masses - A Practical Guide

DerbyCon V - Unity

Presented by: David Sharpe
Date: Sunday September 27, 2015
Time: 13:30 - 14:20
Location: Track 2
Track: Fix Me

So, mature CIRTs are supposed to have people hunting for APT, right? Don’t have a hunt team yet? Don’t know what to hunt for, or how or where to hunt? You are not alone. This talk will cover a range of effective and practical techniques that have worked over the years for finding targeted intrusions. This talk will stay focused on ideas that you can take back to your own organization and put in place right away. We will stay away from the more mathy and hypothetical hunting approaches, in favor of simpler yet effective methods that have worked in real world practice. The Problems with JNI Obfuscation in the Android Operating System - Rick Ramgattie Code obfuscation is a technique used hide the inner workings of an application. Effective code obfuscation tools hinder reverse engineering efforts. In this talk, I present the problem brought on by the Java Native Interface (JNI) in the process of obfuscating Android applications. I then illustrate how this security leak provides a great way to start reverse engineering. I then end with a few strategies on how to obfuscate Java native functions with the goal of suppressing attempts at reverse engineering the application, and a discussion of the design aspects of JNI that hinder automatic robust obfuscation.

David Sharpe


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats