Module 1

Topics: DAC, MAC, UID, GID, AID, Application Sandbox

SLIDES

Topics: Architecture, Type Enforcement, Modes, Rules, Security labels

SLIDES

Topics: Signing Goals and Objectives, Google Play signing, Signature Schemes

SLIDES

Topics: Protected APIs, Permission Assignment and Categories, Fingerprint, GateKeeper, Keystore, Encryption, Verified boot

SLIDES (external)

Module 2

The main motivation behind this article was a recent (9/2021) twitter post from @elhackernet about SARA aka a Simple Android Ransomware Attack software. As I am kinda obsessed with malware applications, I downloaded the sample and started digging around.

Here is what I found…

Once upon a time in AndroidLand

There was a time when life…

Many people who are starting to work with the Android OS are having difficulties to understand the application sandbox concept. This usually leads to misconceptions in respect to data and resource sharing between the apps which by its turn leads to unsubstantial findings and false security alarms.

The main objective…

Don’t get me wrong but I couldn’t find more appropriate title in order to describe the specific vulnerability.

I don’t know what happens when it comes to your sexual life, but I can assure you that in software development even the smallest neglect matters. …

PART 1

Introduction

Overlays are not something new in IT Security. Actually, the “Cloak & Dagger” which is based on these techniques is still considered as one of the most popular attacks that affected the Android Operating System [1]. But this is just the tip of the iceberg, since overlays are used by…

+Ch0pin

Security Researcher, former Camel Rider, developer of https://github.com/Ch0pin/medusa

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store