Hook as you want it
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Show slide in full page or toggle automatic source change | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
You can right click on slides to open the menu
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video stream
Subscribe to notifications
When subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
40 views
In the context of my work, it is often required to audit the solution as an entire entity. Today, the main gateway used to connect a device to a web server, for example, is our dear smartphone. It has become an important vector of attack, for our phones themselves as well as for the devices with which it will interconnect.
Several open source projects exist, each with their own particularities, but today, I haven't found any tool that fully suits me. So I started to develop ASThook (https://madsquirrels.gitlab.io/mobile/asthook/index.html), a tool for static and dynamic analysis of Android application designed to link static analysis to dynamic analysis.
Its second goal is the possibility for the community to add features without requiring high programming skills or a deep understanding of the tool.
For instance, the community will be able to add plugins using the automatic APK generation features for POC, tree traversal or Frida hook addition directly in the application without risking to slow down the analysis.
As my job is mainly focused on auditing physical equipment, I sometimes meet more and more regularly embedded systems running on Android. I have therefore implemented the possibility to adapt the tool to run the analysis on more exotic platforms such as car headunits or microsystems.
Several open source projects exist, each with their own particularities, but today, I haven't found any tool that fully suits me. So I started to develop ASThook (https://madsquirrels.gitlab.io/mobile/asthook/index.html), a tool for static and dynamic analysis of Android application designed to link static analysis to dynamic analysis.
Its second goal is the possibility for the community to add features without requiring high programming skills or a deep understanding of the tool.
For instance, the community will be able to add plugins using the automatic APK generation features for POC, tree traversal or Frida hook addition directly in the application without risking to slow down the analysis.
As my job is mainly focused on auditing physical equipment, I sometimes meet more and more regularly embedded systems running on Android. I have therefore implemented the possibility to adapt the tool to run the analysis on more exotic platforms such as car headunits or microsystems.
Passionate about how systems work since my childhood and with an initial education in computer science, I gradually moved to the security of these systems and the electronic part of these equipments.Today, I work as a Cybersecurity Engineer in software and hardware reverse engineering at Digital Sécurity, where my daily work consists in disassembling equipments sent by our clients, then inspecting all their attack surfaces (hardware, radio, software, cloud). Then, we help our clients to find the best way to protect their systems and their equipments.
In this work, the part that seems to me the most interesting is the automation/instrumentation/hijacking part. It is fascinating to see how much it is possible to hijack a piece of equipment from its original purpose. This is even more impressive when we talk about physical equipment which has an impact on its environment.
Creation date:
July 5, 2021
Speakers:
Benoit Forgette
License:
CC BY-SA v4
Links:
Other media in the channel "2021"
47 views, 1 this yearMeet Piotr, a firmware emulation tool for trainers and researchersJuly 7th, 2021
25 viewsORAMFS: Achieving Storage-Agnostic PrivacyJuly 7th, 2021
11 viewsIn Search of Lost Time: A Review of JavaScript Timers in BrowsersJuly 7th, 2021
42 viewsRevisiting the Art of Encoder-Fu for novel shellcode obfuscation techniquesJuly 7th, 2021
17 views, 2 this yearATT&CKing Kubernetes: A technical deep dive into the new ATT&CK for ContainersJuly 7th, 2021
26 views, 1 this yearSecurity alerting made easy using PythonJuly 7th, 2021