Android malicious code analysis and penetration Testing

Source: Internet
Author: User
Tags app service virtual environment kali linux

This is a high-quality pre-sale recommendation >>>>Android Malicious code Analysis and penetration test for computer class


From the environment to the analysis, covering the whole process of service system, based on the online and offline skills, to show the virtual environment penetration testing true method


Editorial recommendations

From environment construction to analysis, covering the whole process of service system
Based on on-line/offline techniques, the real-world approach to virtual environmental penetration testing is presented.


Content Introduction

This book consists of two main topics, "Malicious Code Analysis" and "Mobile service diagnostics". The chapters contain the analysis steps, and the authors have personally written the application questions of the hacker contest, which readers can use to review what they have learned.
Android Application Analytics environment build
android application Structure analysis and threat of different elements in each region
Malicious Code analysis tool explained with specific examples
Android Service Diagnostic methods and procedures
Android Hacker contest questions and in-depth exercises


As a translator

Zhao ([email protected])
currently in the KB Investment securities Company is responsible for security work, Management Security Project (http://www.boanproject.com). A3 Security has been a 5-year penetration testing consultant, in the Penetration test project management, Network application development, source code diagnosis and other areas of the implementation of the vulnerability diagnosis. After that, the KTH security team is responsible for the security of mobile services and cloud services, and the handling of infringement incidents. "What is penetration testing ·", co-authored "Kali Linux & Backtrack Penetration Testing Practice" "Nmap NSE Security vulnerability Diagnosis Combat" "Digital Forensics World" "arrest Hacker's name Detective hacker" and so on. He is currently a researcher and a technical writer, and is active in various fields with members of the Security Prevention project team.
Park ([email protected])
now work in do-it company Security team, currently in LG Electronics responsible for personal information security protection. He has conducted a 3-year, 6-month security system operation and management in the Korean Library of Congress, analyzing various logs, pre-interception of internal and external illegal intrusion and misuse/abuse, and dealing with intrusion incidents. Co-author of "Kali Linux & Backtrack Penetration Testing Practice" "Nmap NSE security vulnerability diagnosis Practice." In the Security Protection Project team is mainly responsible for analyzing Backtrack/kali Linux tools, Nmap NSE Source code and principles, Android malicious code, etc., and with the security team members active in various fields.
Nanda ([email protected])
currently responsible for intelligent TV security vulnerability diagnosis, in the Security Protection project team as mobile PM. has been responsible for state-owned enterprises, banks, securities companies, credit card companies and other departments of penetration testing business, but also in the S electronic wireless business Department to perform mobile vulnerability diagnosis. Always focused on mobile security, source code auditing, embedded, Internet of Things (IoT) security.
Kim Heng van ([email protected])
in the SSR management consulting team responsible for the ISMS certification, ISO27001 certification, PIMS certification, personal Information Protection consulting business, in the Security Prevention Project team is responsible for organizing and carrying out reverse engineering-related technology offline activities.
Translator Profile:
Jin San Wu
currently living in Jilin, with more than more than 10 years of experience in the field of network security, and translated a large number of security topics related articles.
e-mail: [Email protected]
Personal homepage: http://tiefan.net
owasp Zi Ming
owasp, head of China, 51CTO information security expert, Microsoft Information Security White Paper translator. Now we know the technical director of Chuang Yu Information Technology Co., Ltd.


Objective

the popularity of domestic mobile devices is not long, but Korea's speed is very fast, not a few years, everyone in the use of smartphones. The development of technology needs to be based on the high development of all fields, and it has to go through long enough process, but the popularization speed of the fast mobile terminal has caused many security hidden dangers in the mobile field.
The network utilization rate of mobile terminals has exceeded the usage of PC desktops, and more and more personal information security issues have been concerned. On the PC side of the various security problems, also appeared in the mobile terminal.
with the popularity of smartphones and tablets, global mobile malicious code increased by 423% in 2013 over 2012, especially in Android, which has a very high market share in smart terminals. The number of mobile malicious code added each day is also beginning to exceed the PC end. For the unfamiliar mobile phone operators of the message fraud is increasing, resulting in the loss is also expanding.
Android Malicious Code growth (2011 ~2013) (Reference: Dr. Ann Institute (AHNLAB)
Mobile Malicious Code statistics)
like a PC, mobile devices cannot rely solely on antivirus software. Emerging malicious code is becoming smarter, and users can choose to install Android applications at any time, so they can only defend themselves against the threat posed by malicious code.
This book will discuss all areas of the Android malicious Code Analysis Environment, analysis methods, prevention methods, and so on, reflecting all the latest information on deadlines, and trying to provide more information to beginners and administrators interested in analyzing Android malicious code. I hope you will be able to effectively address the threat posed by malicious code by learning this book.
Reader Object
This book is intended for beginners and frontline technicians in the field of mobile security analytics and is suitable for the following audiences.
readers who want to learn mobile malicious code Analysis Technology
readers who want to learn mobile intrusion/security diagnostic tools
readers who want a comprehensive understanding of mobile security threats
readers who want to understand and actually use the mobile service diagnostic approach
featured in this book
In recent years, mobile application has developed rapidly, covering almost every aspect of social life, and its security has been paid more and more attention. This book from the perspective of professional analysis of the spread of Android malicious code and the threat, and from the actual combat level introduced the Code analysis environment, analysis methods, prevention methods, readers can not only through the penetration test test method to grasp the basic concept of Android vulnerability diagnosis, You can also get technologies and processes that can be shipped directly to your real business across multiple projects.
structure of the book
This book is intended for readers concerned with Android mobile security threats, consisting of two major themes: "Malicious Code Analysis" and "Mobile service diagnostics". The chapters contain the analysis steps, and the authors have personally written the application questions of the hacker contest, which readers can use to review what they have learned.
the contents of each chapter are as follows.
1th Android Basic concept: Introduce the basic concept of Android. Before building a malicious code analysis environment, grasp the overall Android concept and structure. The focus of this book is not on Android development, so only the necessary parts are explained. Only by mastering the basic concepts can we understand the analysis stage to be explained later.

. 2nd Android Application Diagnostics Environment: Describes how to build an Android analytics environment. When you analyze malicious code or mobile application services, you need to build an Android development environment. Google offers toolkits such as the Android SDK, the NDK, and a diagnostic environment that perfectly supports Java application development tools. The tools required for analysis and how to use them are described in detail.
3rd. Android App Analytics: An analysis method that you must know when diagnosing an Android malicious code application or vulnerability. The 3rd chapter will be used in chapters 4th, 5th and 7th and must be mastered.
The 4th chapter of Malicious Code Analysis: One of the highlights of this book, details of the analysis of malicious code used in the online analysis service and its significance, manual analysis steps. It is hoped that the reader can choose the appropriate method in the various methods of operation described.
5th Android Mobile Service Diagnostics: Describes how to diagnose the Android mobile app service. The test application provides a detailed explanation of the methods that can be applied to the actual business, based on the standards provided by owasp, demonstrating the various diagnostic methods and corresponding response plans.
The 6th chapter uses the Android Diagnostic Tool: An introduction to other important tools used to analyze Android apps. Comprehensive understanding of diagnostic methods through packet analysis, vulnerability analysis, open source framework diagnostic tools, and more.
7th Android Hacker Contest app Questions: Introduction to the Android Hacker contest test Questions to review prior to the Android malicious code analysis and diagnosis of the technology and tools. There are many mobile application diagnostic questions appearing in the hacker contest, and readers who want to participate in the hacker contest will also get useful information.
Precautions
The purpose of this book is to help readers who want to understand mobile security threats and those who want to engage in analytical work. The book describes in detail how to build a test environment on a local computer. The use of these tools to illegally invade unauthorized services is strictly prohibited and all legal liabilities arising therefrom shall be borne by the perpetrators themselves.



Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Android malicious code analysis and penetration Testing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.