Publications.

  • Mobile ads fuel the free app devolution. Companies run millions of their budget on adspend but most of that money goes through a notoriously fraudulent value chain consisting of players that care very little about the user, the publisher, or the advertiser. In this talk, we'll reverse some of their techniques, tell a couple of stories, and understand the true cost of free apps.

    Links:

  • Governments, email vendors, social media websites, and even your favorite food recipes forum require account registrations where you pass your private password to foreign servers, subjecting your online identity to theft and data breaches. This doesn’t need to be the case. In this talk, the speaker introduce zero-knowledge password protocols; a well-established field of cryptography that puts privacy first, as well as demo a full implementation of such a protocol live.

    Links:

  • Governments, email vendors, social media websites, and even your favorite food recipes forum require account registrations where you pass your secret, often the same, password over insecure channels, riddled with sniffing agents while subjecting your online identity to theft, data breaches, and a whole bag of privacy concerns.

    This doesn't need to be the case. With the massive explosion of fast, secure, and privacy-preserving cryptographic protocols, your credentials need never leave your device and websites don't need to store your passwords for authentication to complete.

    In this talk, I'll introduce zero-knowledge password protocols; a well-established field of cryptography that puts privacy first, as well as demo a full implementation of such a protocol live.

    Links:

  • Obfuscation is the deliberate act of introducing anomalies in a binary to deter analysis. In this talk, the speaker will introduce a few modern obfuscation techniques with a focus on mobile platforms and ways to work with them. In this workshop, the speaker will showcase common obfuscation techniques, present semi-automated methods to simplify a hardened codebases, and present a modular disassembled Dalvik parser used to deobfuscate hardened APKs for better analysis.

    Links:

  • Obfuscation is the deliberate act of introducing anomalies in a binary, source or machine instructions in order to deter analysis and effectively "harden" the binary. In this talk, the speaker will attempt to introduce the concept of obfuscation with a focus on ELF & PE binaries to demonstrate the effectiveness of such techniques in deterring analysis and throwing the analyst on a wild goose chase. We'll cover a range of techniques, how and why they work, and how do different analysis tools react to those changes. Basic knowledge of computing is required for this talk.

    Links

    • Website (search for Abdullah Joseph)

    • Talk was not recorded

  • Many platforms, from government portals and email providers to social networks and cooking forums, demand account registration. This process typically involves using the same password across multiple sites, transmitting it over vulnerable networks teeming with eavesdroppers, and exposing your digital identity to theft, breaches, and a myriad of privacy issues.

    But it doesn't have to be this way. The advent of advanced cryptographic techniques offers robust solutions where your login information remains on your device, and websites no longer need to store your passwords to verify your identity.

    In this presentation, I will introduce zero-knowledge password proofs—a sophisticated cryptographic approach that prioritizes user privacy. Additionally, I will showcase a live demonstration of a complete implementation of this protocol.

    Links:

  • A key aspect of contemporary binary protection is its obfuscation, designed to thwart analysis and maintain secrecy. Both nation-state actors and everyday cybercriminals are deeply invested in ensuring their code remains inaccessible and securely hidden from prying eyes.

    Meanwhile, the field of malware analysis has significantly advanced, thanks to the development of robust symbolic execution frameworks, binary instrumentation, and automated analysis tools.

    In this session, the speaker will:

    • Demonstrate several prevalent obfuscation techniques.

    • Introduce semi-automated strategies for simplifying complex Android codebases.

    • Present a modular Smali parser developed specifically for this presentation.

    • Illustrate the use of instrumentation frameworks to examine Dalvik system calls.

    • Explain how to realign a distorted APK to facilitate easier automated analysis.

    Links:

  • One of the prime features of modern binary protection is having an obfuscated nature to deter analysis and remain obscure. Both Nation-state actors, as well as your typical cyber-criminal, have a vested interest in keeping their codebase closed and locked with the key out of the window.

    Modern malware analysis has also progressed to a very mature stage with the advent of maintained symbolic execution frameworks, binary instrumentation, and automated analysis environments.

    In this talk, the speaker will:

    • Showcase a few common obfuscation techniques.

    • Present semi-automated methods to simplify a hardened Android codebase.

    Furthermore, this talk will present a modular Smali parser created for this talk, usage of instrumentation frameworks to analyze Dalvik system calls, and realigning a distorted APK to ease automated analysis.

    Links:

  • Talk I gave in OWASP Berlin Chapter on Code Protection

    Links:

  • Mobile app analysis is not the same as analyzing regular desktop apps. The challenges in establishing a debugger session far surpasses the time a reverser has to accomplish a task. In this talk, I’ll showcase my typical workflow when working with mobile apps.

    Links:

  • Guest lecture in CCSF, hosted by Sam Bowne. I talked about a rampant Android Malware called “VikingHorde”

    Links:

  • Mobile Software Development Kits (SDKs) are the backbone of modern app development, promising ease of integration and a wealth of functionalities. However, beneath their polished surfaces lies a minefield of security vulnerabilities that can compromise user data, infringe on privacy, and expose apps to malicious exploits. From inadequate encryption practices and insecure data storage to hidden backdoors and unchecked permissions, mobile SDKs can be a ticking time bomb waiting to detonate.

    In this talk, the speaker will delve into the most egregious security failings of popular mobile SDKs, showcasing real-world examples and dissecting the technical flaws. Attendees will learn how to identify and mitigate these vulnerabilities, understand the risks of third-party SDK integration, and gain insights into best practices for secure mobile app development. Prepare to have your perceptions shattered as we uncover the hidden dangers lurking within your favorite apps.

    Links

  • The speaker will go through the process of reversing two samples of live malware: the first is a Windows ransomware, the second is an Android malware. Moreover, the speaker will demonstrate the tooling and resources necessary to identify, handle and understand a malware sample. The idea here is to establish the methodology of how to approach a malware sample rather than focus on the technicalities of the platform.

    Links

  • Where there’s money, there is fraud. Companies invest massive amounts on their ad campaigns to showcase their product to the world. In reality, however, most of that money goes to fraudsters and malicious app makers.

    In this talk, the speaker will demonstrate how a popular app with over 100 million downloads conducts their mobile fraud operation and performs a commonplace mobile fraud technique: Click Injection.

    Links

  • In the ever-evolving landscape of cybersecurity, traditional static analysis techniques often fall short when faced with sophisticated malware and obfuscated binaries that dynamically alter their behavior. Enter emulation-based reversing—a cutting-edge approach that enables researchers to dissect and understand the most elusive threats in a controlled, virtual environment. By emulating the target system, this method allows for the observation of code execution in real-time, revealing hidden functionalities and bypassing anti-analysis mechanisms.

    In this talk, the speaker will explore the intricacies of emulation-based reversing, demonstrating its power and versatility through detailed case studies and technical deep dives. Attendees will discover how to set up robust emulation environments, utilize advanced tools to track code execution, and interpret the findings to uncover the true nature of malicious software. Whether you're a seasoned reverse engineer or a cybersecurity enthusiast, this session will equip you with the knowledge and skills to tackle the most challenging moving targets in the digital threat landscape.

    Links

  • Learn how to analyze a mobile fraud case presented at DefCamp 2018. The course aims to provide insights into the techniques used in stealing traffic and understanding mobile fraud. The teaching method involves analyzing a real-life case study to demonstrate the process. This course is intended for individuals interested in information security, hacking, and mobile fraud analysis.

    Links: