Android安全技術周報 08.18 - 08.25
Systtem Internals
1. Android 8.0 正式版在安全性方面的主要變化:
https://developer.android.com/about/versions/o/android-8.0-changes.html#security-all
2.Android 8.0 版本的內核在哪些方面做了安全加固:
https://source.android.com/devices/architecture/kernel/hardening
3.Android 系統的啟動過程:
https://thecyberfibre.com/android-boot-process/
Malware
1.Igexin advertising network put user privacy at risk
https://blog.lookout.com/igexin-malicious-sdk
Tech
1.AndroidManifest.xml文件安全探索
http://mp.weixin.qq.com/s/C1serFo7aQ2peSLorAS-HQ
2.走到哪黑到哪——Android滲透測試三板斧
http://bobao.360.cn/learning/detail/4254.html
3.如何利用Frida實現原生Android函數的插樁
http://bobao.360.cn/learning/detail/4275.html
4. ARM TrustZone 虛擬化,在虛擬化的環境中為每個 Guest 機提供一個虛擬化的 TrustZone
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-hua.pdf
5.An overview of GnuTLS 3.6.0
http://nmav.gnutls.org/2017/08/gnutls-3-6-0.html?m=1
6.以DVRF(路由器漏洞靶機)為例解讀JEB固件漏洞利用
https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-1/
https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-2/
7.逆向Humble Bundle應用程序以獲得API訪問
https://www.schiff.io/blog/2017/07/21/reverse-engineering-humble-bundle-api
8.GCC low-level IR and basic code generation
http://kristerw.blogspot.com/2017/08/gcc-low-level-ir-and-basic-code.html
9.360加固保關鍵技術淺析:
http://www.freebuf.com/articles/terminal/145102.html
Tool
1.Oppo/Oneplus 手機的固件解密工具:
https://github.com/bkerler/oppo_decrypt
2.Bytecode Viewer - Java 8 Jar Android APK逆向工程工具,包含反編譯器、編輯器、調試器:
http://www.kitploit.com/2017/08/bytecode-viewer-java-8-jar-android-apk.html?m=1
https://github.com/Konloch/bytecode-viewer/
3.SamPWND - 三星 Galaxy S8/S8+ Snapdragon 美版旗艦機 Root 工具
https://www.xda-developers.com/sampwnd-root-galaxy-s8-snapdragon/
Attack
1.Shattered Trust: When Replacement Smartphone Components Attack
https://www.usenix.org/system/files/conference/woot17/woot17-paper-shwartz.pdf
2.Bypass 一加手機的 App Locker 應用保護特性:
https://www.xda-developers.com/oneplus-app-locker-bypass/
Conf
1.USENIX 2017 學術安全會議 議題資料:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions
推薦閱讀:
※幾維安全介紹iOS應用加密常用演算法和代碼實踐
※【APP安全】廣東上半年5270個問題APP下架 60多名黑客被抓
※從Google Play中刪除了36個虛假的移動安全應用
※移動應用安全威脅如影隨形,APP安全加固迫在眉睫
※應用加固,給應用添加層層安全防護功能
TAG:移動安全 |