-
Notifications
You must be signed in to change notification settings - Fork 80
Android Whitepapers
jacobsoo edited this page Dec 17, 2014
·
64 revisions
| Title | Notes | Release Date | Authors | Links |
|---|---|---|---|---|
| Pulling a John Connor: Defeating Android | ShmooCon 2009 | 06th-08th February 2009 | Charlie Miller | www.openrce.org/repositories/users/camill8/shmoocon09.ppt |
| A Look at a Modern Mobile Security Model: Google's Android | CanSecWest 2009 | 16th-20th March 2009 | Jon Oberheide | https://jon.oberheide.org/files/cansecwest09-android.pdf |
| Multiplatform Iphone/Android Shellcode, and other smart phone insecurities | CanSecWest 2009 | 16th-20th March 2009 | Alfredo Ortega & Nico Economou | https://cansecwest.com/csw09/csw09-ortega-economou.pdf |
| Android Forensics | Mobile Forensics World 2009 | 28th-29th May 2009 | Andrew Hoog | https://viaforensics.com/wpinstall/wp-content/uploads/2009/08/Android-Forensics-Andrew-Hoog-viaForensics.pdf |
| Reconstructing Dalvik Applications (Google Android) | SyScan 2009 | 02nd-03rd July 2009 | Marc Schonefeld | https://syscan.org/index.php/download/get/38d3739861e3e9ef8ee4d07d22c9a8be/SyScan09_Singapore_Slides.zip |
| Exploratory Android Surgery | Black Hat USA 2009 | 29th-30th July 2009 | Jesse Burns | http://www.blackhat.com/presentations/bh-usa-09/BURNS/BHUSA09-Burns-AndroidSurgery-PAPER.pdf http://www.blackhat.com/presentations/bh-usa-09/BURNS/BHUSA09-Burns-AndroidSurgery-SLIDES.pdf |
| Fuzzing the Phone in your Phone | Black Hat USA 2009 | 29th-30th July 2009 | Charlie Miller & Collin Mulliner | http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-SLIDES.pdf |
| Reconstructing Dalvik applications | HiTB Dubai 2010 | 19th-22nd April 2010 | Marc Schonefeld | http://conference.hitb.org/hitbsecconf2010dxb/materials/D2%20-%20Marc%20Schonefeld%20-%20undx2.pdf |
| Android Hax | SummerCon 2010 | 18th-20th June 2010 | Jon Oberheide | https://jon.oberheide.org/files/summercon10-androidhax-jonoberheide.pdf |
| More Bugs In More Places: Secure Development On Moble Platforms | Black Hat USA 2010 | 28th-29th July 2010 | David Kane-Parry | http://www.cio.wisc.edu/mbimp-deck.pdf |
| These Aren't the Permissions You're Looking For | Defcon 18 2010 | 30th July - 01st August 2010 | Anthony Lineberry, David Luke Richardson | |
| & Tim Wyatt | https://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf | |||
| Building Android Sandcastles in Android's Sandbox | Black Hat Abu Dhabi 2010 | 08th-11th November 2010 | Nils | http://media.blackhat.com/bh-ad-10/Nils/Black-Hat-AD-2010-android-sandcastle-slides.pdf https://media.blackhat.com/bh-ad-10/Nils/Black-Hat-AD-2010-android-sandcastle-wp.pdf |
| Taming Information-Stealing Smartphone Applications (on Android) | TRUST 2011 | Yajin Zhou, Xinwen Zhang, Xuxian Jiang & Vincent W. Freeh | http://www.cs.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf | |
| Don't Root Robots | BSides Detroit 2011 | Jon Oberheide & Zach Lanier | https://jon.oberheide.org/files/bsides11-dontrootrobots.pdf | |
| AndBug - A Scriptable Debugger for Android's Dalvik Virtual Machine | Recon 2011 | 08th-11th July 2011 | Scott Dunlop | https://github.com/swdunlop/AndBug/blob/master/info/AndBug-RECON-2011.pdf https://github.com/swdunlop/AndBug |
| Beating up on Android [Practical Android Attacks] | Infiltrate 2011 | Bas Alberts & Massimiliano Oldani | http://www.infiltratecon.net/infiltrate/archives/Android_Attacks.pdf | |
| This is REALLY not the Droid you’re looking for… | Defcon 2011 | Nicholas J. Percoco & Sean Schulte | https://www.defcon.org/images/defcon-19/dc-19-presentations/Percoco-Spiderlabs/DEFCON-19-Percoco-Spiderlabs-Droid.pdf https://media.defcon.org/DEF%20CON%2019/DEF%20CON%2019%20presentations/Percoco-Spiderlabs/Extras/DEFCON-19-Percoco-Droid-BanthaPudu-1.0.apk https://media.defcon.org/DEF%20CON%2019/DEF%20CON%2019%20slides/DEF%20CON%2019%20Hacking%20Conference%20Presentation%20By%20-%20Nicholas%20Percoco%20and%20Sean%20Schulte%20-%20This%20is%20REALLY%20not%20the%20droid%20youre%20looking%20for%20-%20Slides.m4v https://media.defcon.org/DEF%20CON%2019/DEF%20CON%2019%20video%20and%20slides/DEF%20CON%2019%20Hacking%20Conference%20Presentation%20By%20-%20Nicholas%20Percoco%20and%20Sean%20Schulte%20-%20This%20is%20REALLY%20not%20the%20droid%20youre%20looking%20for%20-%20Video%20and%20Slides.m4v | |
| Seven Ways to Hang Yourself with Google Android | Defcon 2011 | Yekaterina Tsipenyuk O'Neil & Erika Chin | https://www.defcon.org/images/defcon-19/dc-19-presentations/O'Neil-Chin/DEFCON-19-O'Neil-Chin-Google-Android.pdf https://media.defcon.org/DEF%20CON%2019/DEF%20CON%2019%20slides/DEF%20CON%2019%20Hacking%20Conference%20Presentation%20By%20-%20Yekaterina%20Tsipenyuk%20ONeil%20and%20Erika%20Chin%20-%20Seven%20Ways%20to%20Hang%20Yourself%20with%20Google%20Android%20-%20Slides.m4v https://media.defcon.org/DEF%20CON%2019/DEF%20CON%2019%20video%20and%20slides/DEF%20CON%2019%20Hacking%20Conference%20Presentation%20By%20-%20Yekaterina%20Tsipenyuk%20ONeil%20and%20Erika%20Chin%20-%20Seven%20Ways%20to%20Hang%20Yourself%20with%20Google%20Android%20-%20Video%20and%20Slides.m4v | |
| Security Issues in Android Custom Rom's | c0c0n 2011 | 17 Oct 2011 | Anant Shrivastava | http://anantshri.info/articles/android_cust_rom_security.html |
| A framework for on-device privilege escalation exploit execution on Android | IWSSI 2011 | Sebastian Höbarth & Rene Mayrhofer | http://www.mobilefactory.at/wordpress/wp-content/uploads/IWSSI2011-Android-Exploit-Framework-1.pdf https://www.mayrhofer.eu.org/downloads/presentations/2011-06-16_IWSSI_Android-Exploit-Framework.pdf | |
| Popping Shell on A(ndroid)RM Devices | BlackHat DC 2011 | ITZHAK AVRAHAM | https://media.blackhat.com/bh-dc-11/Avraham/BlackHat_DC_2011_Avraham_ARM%20Exploitation-wp.2.0.pdf https://media.blackhat.com/bh-dc-11/Avraham/BlackHat_DC_2011_Avraham-Popping_Android_Devices-Slides.pdf | |
| Yet Another Android Rootkit | Black Hat Abu Dhabi 2011 | Tsukasa Oi | https://media.blackhat.com/bh-ad-11/Oi/bh-ad-11-Oi-Android_Rootkit-WP.pdf https://media.blackhat.com/bh-ad-11/Oi/bh-ad-11-Oi-Android_Rootkit-Slides.pdf | |
| How Security is Broken? : Android Internals and Malware Infection Possibility | PacSec 2011 | Tsukasa Oi | http://pacsec.jp/psj11/PacSec2011_How-Security-is-Broken_en.pdf | |
| Android: From Reversing to Decompilation | Black Hat Abu Dhabi 2011 | Anthony Desnos & Georoy Gueguen | http://media.blackhat.com/bh-ad-11/Desnos/bh-ad-11-DesnosGueguen-Andriod-Reversing_to_Decompilation_WP.pdf https://media.blackhat.com/bh-ad-11/Desnos/bh-ad-11-DesnosGueguen-Andriod-Reversing_to_Decompilation_Slides.pdf | |
| Bypassing the Android Permission Model | Hack In Paris 2011 | Georgia Weidman | http://hackinparis.com/slides/hip2k12/Georgia-androidpermissions.pdf | |
| "I Know Kung-Fu!": Analyzing Mobile Malware | HiTB KUL 2011 | Alex Kirk | http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Alex%20Kirk%20-%20Mobile%20Malware%20Analysis.pdf | |
| Reversing Android Malware | HiTB KUL 2011 | Mahmud Ab Rahman | http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Mahmud%20Ab%20Rahman%20-%20Reverse%20Engineering%20Android%20Malware.pdf | |
| Exploiting Androids for Fun and Profit | HiTB KUL 2011 | Riley Hassell | http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Riley%20Hassell%20-%20Exploiting%20Androids%20for%20Fun%20and%20Profit.pdf | |
| Blackbox Android | HiTB KUL 2011 | Marc Blanchou & Mathew Solnik | http://conference.hitb.org/hitbsecconf2011kul/materials/D2T1%20-%20Marc%20Blanchou%20and%20Mathew%20Solnik%20-%20Blackbox%20Android.pdf | |
| Popping Shell on A(ndroid)RM Devices | HiTB AMS 2011 | Itzhak (Zuk) Avraham | http://conference.hitb.org/hitbsecconf2011ams/materials/D1T3%20-%20Itzhak%20Zuk%20Avraham%20-%20Popping%20Shell%20On%20Android%20Devices.pdf | |
| Android - Bytecode Obfuscation bringing x86 fuckups to dalvik | Patrick Schulz | http://www.sec.t-labs.tu-berlin.de/spring/content/spring7_14_slides_schulz.pdf | ||
| Android Application Reverse Engineering & Defenses | SOURCE Dublin 2013 | Patrick Schulz & Felix Matenaar | http://bluebox.com/wp-content/uploads/2013/05/AndroidREnDefenses201305.pdf | |
| Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces | CODASPY 2012 | Wu Zhou, Yajin Zhou, Xuxian Jiang & Peng Ning | http://www.csc.ncsu.edu/faculty/jiang/pubs/CODASPY12.pdf | |
| Dissecting Android Malware: Characterization and Evolution | Oakland 2012 | Yajin Zhou & Xuxian Jiang | http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf | |
| RiskRanker: Scalable and Accurate Zero-day Android Malware Detection | MOBISYS 2012 | Michael Grace, Yajin Zhou, Qiang Zhang, Shihong Zou & Xuxian Jiang | http://www.cs.ncsu.edu/faculty/jiang/pubs/MOBISYS12.pdf | |
| Sleeping Android : Exploit through Dormant Permission Requests | SPSM 2013 | 28th August 2012 | James Sellwood | http://www.escapades-in-security.com/files/sleeping_android_release.pdf |
| Mobile Exploit Intelligence Project | SOURCE Boston 2012 | 19th April 2012 | Dan Guido & Mike Arpaia | http://www.trailofbits.com/resources/mobile_eip-04-19-2012.pdf https://media.blackhat.com/bh-eu-12/Guido/bh-eu-12-GuidoArpaia-Mobile_Exploit_Intelligence_Project.mp4 |
| The Heavy Metal That Poisoned the Droid | Black Hat Europe 2012 | Tyrone Erasmus | https://media.blackhat.com/bh-eu-12/Erasmus/bh-eu-12-Erasmus-Heavy-Metal_Poisoned_Droid-WP.pdf https://media.blackhat.com/bh-eu-12/Erasmus/bh-eu-12-Erasmus-Heavy-Metal_Poisoned_Droid-Slides.pdf https://media.blackhat.com/bh-eu-12/Erasmus/bh-eu-12-Erasmus-Heavy_Metal_That_Posioned_Droid.mp4 | |
| Dex Education: Practicing Safe Dex | Black Hat USA 2012 | 26th July 2012 | Tim Strazzere | http://www.strazzere.com/papers/DexEducation-PracticingSafeDex.pdf |
| Cracking Open the Phone: An Android Malware Automated Analysis Primer | RSA Conference 2012 | Armando Orozco & Grayson Milbourne | http://www.rsaconference.com/writable/presentations/file_upload/ht2-303.pdf | |
| Deceiving Permissions - Rules for Android Malware Detection | RSA Conference 2012 | Vanja Svajcer | http://www.rsaconference.com/writable/presentations/file_upload/mbs-210_svajcer.pdf | |
| UI Redressing Attacks on Android Devices | Black Hat Abu Dhabi 2012 | Marcus Niemietz | https://media.blackhat.com/ad-12/Niemietz/bh-ad-12-androidmarcus_niemietz-slides.pdf https://media.blackhat.com/ad-12/Niemietz/bh-ad-12-androidmarcus_niemietz-WP.pdf | |
| Tackling the Android Challenge | RuxconBreakpoint 2012 | Joshua J. Drake | http://2012.ruxconbreakpoint.com/assets/Uploads/bpx/Tackling%20the%20Android%20Challenge.pptx | |
| Reducing the Window of Opportunity for Android Malware | EICAR Conference | May 2012 | Axelle Apvrille & Tim Strazzere | http://www.fortiguard.com/files/slidesdroid.pdf |
| Guns and Smoke to Defeat Mobile Malware | HashDays 2012 | November 2012 | Axelle Apvrille | http://www.fortiguard.com/files/hashdays.pdf |
| Mapping & Evolution of Android Permissions | CounterMeasure 2012 | Zach Lanier & Andrew Reiter | http://www.countermeasure2012.com/presentations/LANIER_REITER.pdf | |
| Into The Droid - Gaining Access to Android User Data | Defcon 2012 | Thomas Cannon | https://www.defcon.org/images/defcon-20/dc-20-presentations/Cannon/DEFCON-20-Cannon-Into-The-Droid.pdf | |
| Fast, Scalable Detection of “Piggybacked” Mobile Applications | CODASPY 2013 | Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang & Shihong Zou | http://www.csc.ncsu.edu/faculty/jiang/pubs/CODASPY13.pdf | |
| Playing Hide and Seek with Dalvik Executables | Hacktivity 2013 | Axelle Apvrille | https://www.fortiguard.com/uploads/general/Hidex_Paper.pdf | |
| Team JOCH vs Android: The Ultimate Showdown | ShmooCon 2011 | Jon Oberheide and Zach Lanier | https://jon.oberheide.org/files/shmoo11-teamjoch.pdf | |
| Dissecting the Android Bouncer | SummerCon 2012 | Jon Oberheide and Charlie Miller | https://jon.oberheide.org/files/summercon12-bouncer.pdf | |
| "I Know Kung-Fu!": Analyzing Mobile Malware | H2HC 2011 | Alex Kirk | http://www.h2hc.org.br/repositorio/2011/files/Alex.en.pdf | |
| PatchDroid: Scalable Third-Party Security Patches for Android Devices | Collin Mulliner, Jon Oberheide, William Robertson & Engin Kirda | http://www.mulliner.org/collin/academic/publications/patchdroid.pdf | ||
| Android OEM's applications (in)security and backdoors without permission | Andre Moulu | http://www.quarkslab.com/dl/Android-OEM-applications-insecurity-and-backdoors-without-permission.pdf | ||
| The Impact of Vendor Customizations on Android Security | Computer and Communications Security 2013 | Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu & Xuxian Jiang | http://www.cs.ncsu.edu/faculty/jiang/pubs/CCS13.pdf | |
| An Android Hacker's Journey: Challenges in Android Security Research | CanSecWest 2013 | Joshua J. Drake | https://cansecwest.com/slides/2013/An%20Android%20Hacker's%20Journey-%20Challenges%20in%20Android%20Security%20Research.pptx | |
| Nifty stuff that you can still do with Android | HES 2013 | 2nd May 2013 | Xavier 'xEU' Martin | http://2013.hackitoergosum.org/presentations/Day1-05.Nifty%20stuff%20that%20you%20can%20still%20do%20with%20Android%20by%20Xavier%20Martin.pdf |
| Android: From Rooting to Pwning | HackMiami 2013 | July 2013 | Acexor | http://hackmiami.org/wp-content/uploads/2013/07/AndroidSec.pdf |
| The Droid Exploitation SAGA | RSA Asia-Pacific Conference 2013 | ADITYA GUPTA & SUBHO HALDER | https://www.rsaconference.com/writable/presentations/file_upload/mbs-t01_final_v2.pdf | |
| How to Build a SpyPhone | BlackHat USA 2013 | Kevin McNamee | https://media.blackhat.com/us-13/US-13-McNamee-How-To-Build-a-SpyPhone-WP.pdf https://media.blackhat.com/us-13/US-13-McNamee-How-To-Build-a-SpyPhone-Slides.pdf | |
| Lets Play Applanting | BlackHat Europe 2013 | Ajit Hatti | https://media.blackhat.com/eu-13/briefings/Hatti/bh-eu-13-lets-play-hatti-wp.pdf https://media.blackhat.com/eu-13/briefings/Hatti/bh-eu-13-lets-play-hatti-slides.pdf | |
| Off Grid communications with Android | BlackHat Europe 2013 | Josh Thomas | https://media.blackhat.com/eu-13/briefings/Thomas/bh-eu-13-off-grid-communication-wp.pdf https://media.blackhat.com/eu-13/briefings/Thomas/bh-eu-13-off-grid-communication-slides.pdf | |
| ANDROID: ONE ROOT TO OWN THEM ALL | BlackHat USA 2013 | Jeff Forristal | https://media.blackhat.com/us-13/US-13-Forristal-Android-One-Root-to-Own-Them-All-Slides.pdf | |
| ABUSING WEB APIS THROUGH SCRIPTED ANDROID APPLICATIONS | BlackHat USA 2013 | Daniel Peck | https://media.blackhat.com/us-13/US-13-Peck-Abusing-Web-APIs-Through-Scripted-Android-Applications-WP.pdf https://media.blackhat.com/us-13/US-13-Peck-Abusing-Web-APIs-Through-Scripted-Android-Applications-Slides.pdf | |
| Reversing and Auditing Android’s Proprietary Bits | Recon 2013 | 23rd June 2013 | Joshua J. Drake | http://recon.cx/2013/slides/Recon2013-Joshua%20J.%20Drake-Reversing%20and%20Auditing%20Android's%20Proprietary%20Bits-public.pdf |
| Android games + free Wi-Fi = Privacy leak | PacSec 2013 | Takayuki Sugiura & Yosuke Hasegawa | http://pacsec.jp/psj13/psj2013-day1_Sugiura-Hasegawa_pacsec_EJ.pptx.pdf | |
| Defeating the protection mechanism on Android platform | PacSec 2013 | Tim Xia | http://pacsec.jp/psj13/psj2013-day2_Xia_Defeating_App%20protections_on_Android.pptx.pdf | |
| Defeating Security Enhancements (SE) for Android | Defcon 2013 | Pau Oliva Fora | https://www.defcon.org/images/defcon-21/dc-21-presentations/Fora/DEFCON-21-Fora-Defeating-SEAndroid.pdf | |
| Playing Hide and Seek with Dalvik Executables | Hack.Lu 2013 | October 2013 | Axelle Apvrille | https://www.fortiguard.com/uploads/general/Hidex_Slides.pdf |
| Abusing Dalvik Beyond Recognition | Hack.Lu 2013 | October 2013 | Jurriaan Bremer | http://archive.hack.lu/2013/AbusingDalvikBeyondRecognition.pdf |
| GTA Phishing with permission | Hack.Lu 2013 | October 2013 | Tom Leclerc and Joany Boutet | http://archive.hack.lu/2013/HackLu2k13_GTA_Phishing_with_permission.pdf |
| Android: Game of Obfuscation | H2HC 2013 | Jurriaan Bremer & Rodrigo Chiossi | http://androidxref.com/files/bremer_chiossi_h2hc2013.pdf | |
| Automated Analysis and Deobfuscation of Android Apps & Malware | AthCon 2013 | Jurriaan Bremer | http://jbremer.org/wp-posts/athcon.pdf | |
| Android DDI: Introduction to Dynamic Dalvik Instrumentation | HiTB KUL 2013 | October 2013 | Collin Mulliner | http://www.mulliner.org/android/feed/mulliner_dbi_hitb_kul2013.pdf |
| TraceDroid: A Fast and Complete Android Method Tracer | HiTB KUL 2013 | October 2013 | Victor van der Veen | http://conference.hitb.org/hitbsecconf2013kul/materials/D2T2%20-%20Victor%20van%20der%20Veen%20-%20A%20Fast%20and%20Complete%20Android%20Method%20Tracer.pdf |
| DEX EDUCATION 201 ANTI-EMULATION | HITCON 2013 | 19th July 2013 | Tim Strazzere | http://hitcon.org/2013/download/Tim%20Strazzere%20-%20DexEducation.pdf |
| Android Hooking Attack | HITCON 2013 | 19th July 2013 | Minpyo Hong & Dongcheol Hong | http://hitcon.org/2013/download/[I2]%20Secret%20-%20AndroidHooking.pdf |
| Review of Security Vulnerabilities on the Android Platform | HITCON 2013 | 19th July 2013 | Claud Xiao | http://hitcon.org/2013/download/[F1]%20Claud-HITCON2013-0709.pdf |
| Escaping Android Dynamic Analysis; Chinese New Year Train Ticket Ordering Day | HITCON 2013 | 19th July 2013 | 趙閩 & 倪超 | http://hitcon.org/2013/download/[G1]%20%E8%B6%99%E6%95%8F%E5%80%AA%E8%B6%85,%E9%80%83%E9%9B%A2%E5%AE%89%E5%8D%93%E6%B4%9E%E5%8B%95%E6%85%8B%E6%AA%A2%E6%B8%AC,%20%E8%A8%82%E7%A5%A8%E5%8A%A9%E6%89%8B%E4%B8%80%E6%97%A5%E8%AB%87.pdf |
| Droid Rage - Android exploitation on steroids | EkoParty 2013 | Pablo Sole & Agustin Gianni | http://ekoparty.org/archive/2013/charlas/Gianni_droid_rage.pdf | |
| TaintDroid - An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones | OSDI'10 | William Enck, et. al | http://appanalysis.org/tdroid10.pdf | |
| Woodpecker - Systematic Detection of Capability Leaks in Stock Android Smartphones | NDSS 2012 | Michael Grace, Yajin Zhou, Zhi Wang, Xuxian Jiang | http://www.csc.ncsu.edu/faculty/jiang/pubs/NDSS12_WOODPECKER.pdf | |
| Android Security Vulnerabilities and Exploits | XDA Devcon 2013 | Justin Case | http://forum.xda-developers.com/attachment.php?attachmentid=2182689&d=1376275794 http://www.youtube.com/watch?v=NUGwVUU61Vg | |
| Structural Detection of Android Malware using Embedded Call Graphs | AiSec 2013 | Hugo Gascon, Fabian Yamaguchi, Daniel Arp & Konrad Rieck | http://filepool.informatik.uni-goettingen.de/publication/sec//2013b-aisec.pdf | |
| Android Anti-forensics: Modifying CyanogenMod | HICSS 2014 | Jan 2014 | Karl-Johan Karlsson, William Bradley Glisson | http://www.computer.org/csdl/proceedings/hicss/2014/2504/00/2504e828.pdf http://www.computer.org/csdl/proceedings/hicss/2014/2504/00/2504e828.pdf |
| Mobile Analysis Kung Fu, Santoku Style | RSA Conference 2014 | 24th-28th February | Andrew Hoog & Sebastián Guerrero | http://www.rsaconference.com/writable/presentations/file_upload/anf-w03-mobile-analysis-kung-fu-santoku-style_v2.pdf |
| Beginners Guide to Reverse Engineering Android Apps | RSA Conference 2014 | 24th-28th February | Pau Oliva Fora | http://www.rsaconference.com/writable/presentations/file_upload/stu-w02b-beginners-guide-to-reverse-engineering-android-apps.pdf |
| Touchlogger on iOS and Android | RSA Conference 2014 | 24th-28th February | Neal Hindocha & Nathan McCauley | http://www.rsaconference.com/writable/presentations/file_upload/mbs-w01-touchlogger-on-ios-and-android-v2.pdf |
| Predatory Hacking of Mobile: Real Demos | RSA Conference 2014 | 24th-28th February | Jeff Forristal | http://www.rsaconference.com/writable/presentations/file_upload/mbs-w03-predatory-hacking-of-mobile-real-demos-v2.pdf |
| Reverse Engineering, Pentesting and Hardening of Android Apps | DroidCon 2014 | Marco Grassi | https://speakerd.s3.amazonaws.com/presentations/25bc54e0728001318b20063debaef239/DroidconIT2014.pdf | |
| DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket | NDSS 2014 | 23rd-26th Feb 2014 | Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon & Konrad Rieck | http://filepool.informatik.uni-goettingen.de/publication/sec//2014-ndss.pdf |
| Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications | NDSS 2014 | 23rd-26th Feb 2014 | Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna | https://anonymous-proxy-servers.net/paper/android-remote-code-execution.pdf |
| AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications | NDSS 2014 | 23rd-26th Feb 2014 | Mu Zhang, Heng Yin | http://sycurelab.ecs.syr.edu/~mu/AppSealer-ndss14.pdf |
| SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps | NDSS 2014 | 23rd-26th Feb 2014 | David Sounthiraraj, Justin Sahs, Zhiqiang Lin, Latifur Khan, Garrett Greenwood | https://www.utdallas.edu/~zxl111930/file/NDSS14b.pdf |
| AirBag: Boosting Smartphone Resistance to Malware Infection | NDSS 2014 | 23rd-26th Feb 2014 | Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, Xuxian Jiang | http://yajin.org/papers/ndss14_airbag.pdf |
| Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android | NDSS 2014 | 23rd-26th Feb 2014 | Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl Gunter | http://sharps.org/wp-content/uploads/NAVEED-NDSS.pdf |
| Screenmilker: How to Milk Your Android Screen for Secrets | NDSS 2014 | 23rd-26th Feb 2014 | Chia-Chi Lin, Hongyang Li, Xiaoyong Zhou, XiaoFeng Wang | http://www.ews.uiuc.edu/~hli52/paper/ndss2014-final49.pdf |
| PREC: Practical Root Exploit Containment for Android Devices | CODASPY 2014 | March 2014 | Tsung-Hsuan Ho, Daniel Dean, Xiaohui Gu, William Enck | http://dance.csc.ncsu.edu/papers/codespy14.pdf |
| Compac: Enforce Component Level Access Control in Android | CODASPY 2014 | March 2014 | Yifei Wang, Srinivas Hariharan, Chenxi Zhao, Jiaming Liu and Wenliang Du | http://www.cis.syr.edu/~wedu/Research/paper/compac_codaspy2014.pdf |
| DIVILAR: Diversifying Intermediate Language for Anti-Repackaging on Android Platform | CODASPY 2014 | March 2014 | Wu Zhou, Zhi Wang, Yajin Zhou and Xuxian Jiang | http://yajin.org/papers/codaspy14_divilar.pdf |
| Systematic Audit of Thirty-Party Android Phones | CODASPY 2014 | March 2014 | Michael Mitchell, Guanyu Tian and Zhi Wang | http://www.cs.fsu.edu/~zwang/files/codaspy14_1.pdf |
| DroidBarrier: Know What is Executing on Your Android | CODASPY 2014 | March 2014 | Hussain Almohri, Danfeng Yao and Dennis Kafura | http://people.cs.vt.edu/danfeng/papers/spy008-almohri.pdf |
| Pre-installed Android application poisoning | AppSecAsiaPac 2014 | 17th-20th March 2014 | Yoshitaka Kato | https://speakerdeck.com/owaspjapan/pre-installed-android-application-poisoning-number-appsecapac2014 https://speakerd.s3.amazonaws.com/presentations/3a8d5180921d01313ec11a12803d7217/OWASP_Appsec_2014_Preinstalled_Android_Application_Poisoning_Yoshitaka_Kato_20140320.pdf |
| Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware | EuroSec 2014 | 13th April 2014 | Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Sotiris Ioannidis, | |
| Michalis Polychronakis | http://www.syssec-project.eu/m/documents/eurosec14/RATVM.pdf http://users.ics.forth.gr/~elathan/papers/eurosec14.pdf | |||
| Pentesting Android Applications | Confraria Segurança PT 5/2014 | May 2014 | Cláudio André | http://www.slideshare.net/clviper/pentesting-android-applications |
| From Zygote to Morula: Fortifying Weakened ASLR on Android | Oakland 2014 | May 2014 | Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee | http://www.cc.gatech.edu/~blee303/paper/morula.pdf |
| Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating | Oakland 2014 | May 2014 | Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang | http://www.informatics.indiana.edu/xw7/papers/privilegescalationthroughandroidupdating.pdf |
| The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations | Oakland 2014 | May 2014 | Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, Xiaofeng Wang | http://www.cs.indiana.edu/~zhou/files/sp14_zhou.pdf |
| Tricks for image handling in Android | DroidCon Berlin 2014 | 08th-10th May 2014 | Tyrone Nicholas | http://www.slideshare.net/tyronenicholas/devoxx-images-android |
| Post-Mortem Memory Analysis of Cold-Booted Android Devices | IMF 2014 | 12th-14th May 2014 | Christian Hilgers, Holger Macht, Tilo Muller, Michael Spreitzenbarth | http://www.homac.de/publications/Post-Mortem-Memory-Analysis-of-Cold-Booted-Android-Devices.pdf http://www.homac.de/publications/Post-Mortem-Memory-Analysis-of-Cold-Booted-Android-Devices-slides.pdf |
| Execute this! Looking into code-loading techniques on Android | Honeynet Project Workshop 2014 | 12th-14th May 2014 | Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna | http://warsaw2014.honeynet.org/slides/honeynet2014-day1-Sebastian.pdf |
| Exploiting the Bells and Whistles: Uncovering OEM Vulnerabilities in Android | CarolinaCon 10 2014 | 16th-18th May 2014 | Jake Valletta | http://thecobraden.com/uploads/Valletta%20-%20CarolinaCon%20X%20-%20Exploiting%20the%20Bells%20and%20Whistles.pdf |
| Enter Sandbox: Android Sandbox Comparison | MOBILE SECURITY TECHNOLOGIES 2014 | 17th May 2014 | Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani and Edgar Weippl | http://mostconf.org/2014/papers/s3p1.pdf http://mostconf.org/2014/slides/s3p1-slides.pdf |
| An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities | MOBILE SECURITY TECHNOLOGIES 2014 | 17th May 2014 | Vasant Tendulkar and William Enck | http://mostconf.org/2014/papers/s2p1.pdf http://mostconf.org/2014/slides/s2p1-slides.pptx |
| Andlantis: Large-scale Android Dynamic Analysis | MOBILE SECURITY TECHNOLOGIES 2014 | 17th May 2014 | Michael Bierma, Eric Gustafson, Jeremy Erickson, David Fritz and Yung Ryn Choe | http://mostconf.org/2014/papers/s3p2.pdf http://mostconf.org/2014/slides/s3p2-slides.pdf |
| A Systematic Security Evaluation of Android's Multi-User Framework | MOBILE SECURITY TECHNOLOGIES 2014 | 17th May 2014 | Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang and Wenliang Du | http://mostconf.org/2014/papers/s3p3.pdf http://mostconf.org/2014/slides/s3p3-slides.pptx |
| Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture | MOBILE SECURITY TECHNOLOGIES 2014 | 17th May 2014 | Xinyang Ge, Hayawardh Vijayakumar and Trent Jaeger | http://mostconf.org/2014/papers/s2p3.pdf http://mostconf.org/2014/slides/s2p3-slides.pdf |
| State of the Art - Exploring the New Android KitKat Runtime | HiTB Amsterdam 2014 | 29th-30th May 2014 | Paul Sabanal | http://haxpo.nl/wp-content/uploads/2014/02/D1T2-State-of-the-Art-Exploring-the-New-Android-KitKat-Runtime.pdf |
| Evading Android Runtime Analysis via Sandbox Detection | AsiaCCS 2014 | 04th-06th June 2014 | Timothy Vidas, Nicolas Christin | https://www.andrew.cmu.edu/user/nicolasc/publications/VC-ASIACCS14.pdf |
| VirtualSwindle: An Automated Attack Against In-App Billing on Android | AsiaCCS 2014 | 04th-06th June 2014 | Collin Mulliner, William Robertson, Engin Kirda | http://seclab.ccs.neu.edu/static/publications/asiaccs14virtualswindle.pdf |
| DroidRay: A Security Evaluation System for Customized Android Firmwares | AsiaCCS 2014 | 04th-06th June 2014 | Min Zheng, Mingshen Sun, John C.S. Lui | http://www.cs.cuhk.hk/~cslui/PUBLICATION/ASIACCS2014DROIDRAY.pdf |
| APKLancet: Tumor Payload Diagnosis and Purification for Android Applications | AsiaCCS 2014 | 04th-06th June 2014 | Wenbo Yang, Juanru Li, Yuanyuan Zhang, Yong Li, Junliang Shu, Dawu Gu | http://loccs.sjtu.edu.cn/typecho/usr/uploads/2014/04/1396105336.pdf |
| BREAKING THROUGH THE BOTTLENECK: MOBILE MALWARE IS OUTBREAK SPREADING LIKE WILDFIRE | HackInParis 2014 | 23rd-27th June 2014 | Thomas Wang | http://sample.safe.baidu.com/exchange/tpl/thomas/hip2014/BreakBottleneck.7z (Password:HIP2014Thomas) |
| Android Packers:Separating from the pack | area41 Security Conference 2014 | June 2014 | Ruchna Nigam | http://www.fortiguard.com/uploads/general/Area41Public.pdf |
| Advanced Bootkit Techniques on Android | SyScan360 2014 | 16th-17th July 2014 | Chen Zhangqi & Shen Di | http://www.syscan360.org/slides/2014_EN_AdvancedBootkitTechniquesOnAndroid_ChenZhangqiShendi.pdf |
| Click and Dragger: Denial and Deception on Android mobile | SyScan360 2014 | 16th-17th July 2014 | thegrugq | http://www.syscan360.org/slides/2014_EN_ClickAndDaggerDenialandDeceptionOnAndroidSmartphones_TheGrugq.pdf |
| Android Hacker Protection Level 0 | Defcon 22 2014 | 07th-10th August 2014 | Tim Strazzere & Jon Sawyer | https://github.com/strazzere/android-unpacker/raw/master/AHPL0.pdf https://github.com/strazzere/android-unpacker |
| ASM: A Programmable Interface for Extending Android Security | 23rd USENIX Security Symposium | 20th-22th August 2014 | Stephan Heuser, Adwait Nadkarni, William Enck, Ahmad-Reza Sadeghi | https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-heuser.pdf |
| Peeking into Your App without Actually Seeing it: UI State Inference and Novel Android Attacks | 23rd USENIX Security Symposium | 20th-22th August 2014 | Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao | https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-chen.pdf |
| Insecure Internal Storage in Android | Hitcon 2014 | 19th-22th August 2014 | Claud Xiao | http://hitcon.org/2014/downloads/E1_04_ClaudXiao%20-%20Insecure%20Internal%20Storage%20in%20Android.pdf https://github.com/secmobi/BackupDroid |
| Guess Where I am-Android模拟器躲避的检测与应对 | Hitcon 2014 | 19th-22th August 2014 | 胡文君 & Claud Xiao | http://hitcon.org/2014/downloads/P1_12_%E8%83%A1%E6%96%87%E5%90%9B%20-%20Guess%20Where%20I%20am-Android%E6%A8%A1%E6%8B%9F%E5%99%A8%E8%BA%B2%E9%81%BF%E7%9A%84%E6%A3%80%E6%B5%8B%E4%B8%8E%E5%BA%94%E5%AF%B9.pdf https://github.com/MindMac/HideAndroidEmulator |
| On the Feasibility of Automa3cally Generating Android Component Hijacking Exploits | Hitcon 2014 | 19th-22th August 2014 | Wu Daoyuan | http://hitcon.org/2014/downloads/P1_09_Daoyuan%20Wu%20-%20On%20the%20Feasibility%20of%20Automatically%20Generating%20Android%20Component%20Hijacking%20Exploits.pdf |
| Play Flappy Bird while you pentest Android in style | Hitcon 2014 | 19th-22th August 2014 | Chris Liu & Matthew Lionetti | http://hitcon.org/2014/downloads/P1_10_Chris%20Liu%20-%20Matthew%20Lionetti%20-%20TackyDroid%20Slides.pptx |
| Android 頑固木馬常見手法與清理 | Hitcon 2014 | 19th-22th August 2014 | 趙閩 | http://hitcon.org/2014/downloads/E1_09_%E8%B6%99%E9%96%A9%20-%20Android%E9%A1%BD%E5%9B%BA%E6%9C%A8%E9%A9%AC%E5%B8%B8%E8%A7%81%E6%89%8B%E6%B3%95%E4%B8%8E%E6%B8%85%E7%90%86.ppt |
| Find your own Android kernel bug | 「Android root 技术沙龙」 2014 | 23rd August 2014 | 方家弘 | http://vdisk.weibo.com/s/annw3IyXNHGMM/1408963206 |
| root 的黑白事儿 | 「Android root 技术沙龙」 2014 | 23rd August 2014 | Mick | http://vdisk.weibo.com/s/annw3IyXNHHat |
| root技术与Android应用开发 | 「Android root 技术沙龙」 2014 | 23rd August 2014 | 涂勇策 | http://vdisk.weibo.com/s/annw3IyXNHGMT |
| 瞬间爆炸!Root掉你的手机 | 「Android root 技术沙龙」 2014 | 23rd August 2014 | 申迪 | http://vdisk.weibo.com/s/annw3IyXNHGMM |
| Bypassing wifi pay-walls with Android | RootedCon 2014 | 19th-20th September 2014 | Pau Oliva Fora | http://www.slideshare.net/rootedcon/pau-olivafora-rootedcon2014 |
| A distributed approach to malware analysis | BruCON 0x06 - 2014 | 25th-26th September 2014 | Daan Raman | https://speakerdeck.com/nviso/a-distributed-approach-to-malware-analysis-brucon-0x06-daan-raman https://speakerd.s3.amazonaws.com/presentations/7fd55e002ab5013264af0601935acf54/A_distributed_approach_to_malware_analysis_vFINAL_Distribute.pdf |
| Advanced Tracing and Monitoring of Android Applications | Hacktivity 2014 | 10th-11th October 2014 | Zsombor Kovács penetration tester, Gergő Köpenczei | https://www.hacktivity.com/en/downloads/archives/361/ |
| Enter The Snapdragon! | Hacktivity 2014 | 10th-11th October 2014 | Daniel Komaromy | https://www.hacktivity.com/en/downloads/archives/319/ |
| Android Forensics: The Joys of JTAG | Ruxcon 2014 | 11th-12th October 2014 | tty0x80 | https://ruxcon.org.au/assets/2014/slides/tty0x80-Ruxcon%20Presentation-12th-October-2014-for-release.pdf |
| TACKYDROID: Pentesting Android Applications in Style | HiTB KUL 2014 | 15th-16th October 2014 | Chris Liu & Matthew Lionetti | http://conference.hitb.org/hitbsecconf2014kul/materials/D2T2%20-%20Chris%20Liu%20and%20Matthew%20Lionetti%20-%20TackyDroid.pdf |
| BREAKING “SECURE” MOBILE APPLICATIONS | HiTB KUL 2014 | 15th-16th October 2014 | Dominic Chell | |
| http://conference.hitb.org/hitbsecconf2014kul/materials/D2T1%20-%20Dominic%20Chell%20-%20Breaking%20Secure%20Mobile%20Applications.pdf | ||||
| Hide Android Applications in Images | BlackHat Europe 2014 | 14th-17th October 2014 | Axelle Apvrille & Ange Albertini | https://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images.pdf https://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.pdf |
| MAN IN THE BINDER: HE WHO CONTROLS IPC, CONTROLS THE DROID | BlackHat Europe 2014 | 14th-17th October 2014 | Nitay Artenstein & Idan Revivo | https://www.blackhat.com/docs/eu-14/materials/eu-14-Artenstein-Man-In-The-Binder-He-Who-Controls-IPC-Controls-The-Droid.pdf https://www.blackhat.com/docs/eu-14/materials/eu-14-Artenstein-Man-In-The-Binder-He-Who-Controls-IPC-Controls-The-Droid-wp.pdf |
| Mobile Hacking – Reverse Engineering the Android OS | HackerHalted 2014 | 16th-17th October 2014 | Tom Updegrove | http://www.slideshare.net/EC-Council/hacker-halted-2014-reverse-engineering-the-android-os |
| Vaccinating Android | GrrCon 2014 | 16th-17th October 2014 | Milan Gabor & Danjel Grah | https://github.com/viris/android/blob/master/vaccine/BSidesLV-MilanGabor-DanijelGrah.pdf?raw=true |
| Making Android's Bootable Recovery Work For You | EkoParty 2014 | 29th-31st October 2014 | Drew Suarez | http://matasano.com/research/eko2014_recovery.pdf |
| An Infestation of Dragons: Exploring Vulnerabilities in the ARM TrustZone Architecture | PacSec Japan 2014 | 12th-13th November 2014 | Josh "m0nk" Thomas, Charles Holmes & Nathan Keltner | https://pacsec.jp/psj14/PSJ2014_Josh_PacSec2014-v1.pdf |
| Hey, we catch you - dynamic analysis of Android applications | PacSec Japan 2014 | 12th-13th November 2014 | Wenjun Hu | https://pacsec.jp/psj14/PSJ2014_Wenjun_Hey-%20We%20Catch%20You%20-%20Dynamic%20Analysis%20of%20Android%20Applications.pdf |
| Steroids for your App Security Assessment | ZeroNights 2014 | 13th-14th November 2014 | Marco Grassi | http://2014.zeronights.org/assets/files/slides/grassi.pdf |
| Racing with DROIDS | ZeroNights 2014 | 13th-14th November 2014 | Peter Hlavaty | http://2014.zeronights.org/assets/files/slides/racingwithdroids.pdf |
| Countering mobile malware in CSP’s network Android honeypot as anti-fraud solution | ZeroNights 2014 | 13th-14th November 2014 | Denis Gorchakov, Nikolay Goncharov | http://2014.zeronights.org/assets/files/slides/android_new.zip |
| Creating a kewl and simple Cheating Platform on Android | DeepSec 2014 | 18th-21st November 2014 | Milan Gabor & Danijel Grah | https://deepsec.net/docs/Slides/2014/Creating_a_kewl_and_simple_Cheating_Platform_on_Android_-_Milan_Gabor-Danijel_Grah.pdf |