Keywords: hacking, android, malware, viruses, CTF
Hacking
... and NOT attacking. Hacking is definitely not attacking. Hacking means here to take advantage of a computer system to make advanced/unexpected interesting computing systems.Ph0wn: workshop and CTF
I am one of the main organizer of the ph0wn security competition. Ph0wn is a Capture The Flag (CTF) dedicated to smart devices.Security challenges (CTF - Capture The Flag)
I like (love?) participating to security challenges. Security challenges are settled by hacking teams to challenge other hackers with practical security problems: reverse engineering, attacks on websites, attack on network streams, attacks on embedded systems. I do insist on the fact that the challenges are made on fake systems, and definitely not on real webservers or computing systems.The name of my team is pic0wn.
A few recent results
- 14th team (of 3 persons) out of 600 teams in the N0PSctf, 2024.
- 3rd hybrid team in the 2023 TH-CON CTF
- 1st in the INPT/Enseeiht security challenge (2015/2016)
- 6th local team in the security challenge of Hack.lu'2015
- Completed the SSTIC'2015 security challenge (team participation), most original solution award
- Finished 2nd in the qualifications for the Trust The Future security challenge, organized by Airbus Defense and Space, Nov. 2014
- 5th local team in the security challenge of Hack.lu'2014. We published the solution to a few challenges in: F. Lugou, L. Apvrille, "Quelques épreuves du challenge sécurité Trust the Future", MISC Multi-System & Internet Cookbook, pp.62-66, Ed. Diamond, No 79, May/June 2015. pre-print version (license: CC BY-NC-ND) challenges (in tar.gz)
- 6th local team in the security challenge of Hack.lu'2013
Fighting Android malware
(Note: malware stands for "MALicious softWARE". A virus is a specific king of malware that can infect files and have ways to spread from one computer to another one).Android malware unfortunately have little difficulty to sneak in marketplaces. We estimate than more than 2k Android malware are released everyday. While known malware and their variants are nowadays quite well detected by anti-virus scanners, new unknown malware, which are fundamentally different from others (e.g. "0-day"), remain an issue.
To discover such new malware, the SherlockDroid (from the anti-virus company FORTINET) / Alligator framework filters masses of applications and only keeps the most likely to be malicious for future inspection by anti-virus teams. Apart from crawling applications from marketplaces, SherlockDroid extracts code-level features, and then classifies unknown applications with Alligator.
Alligator is a classification tool that I have developped. It can efficiently and automatically combines several classification algorithms.
Identified unknown Android malware
Android/MisoSMS.A!tr.spy, Android/Odpa.A!tr.spy, Adware/Geyser!Android, Riskware/Flexion!Android, Riskware/SmsControlSpy!Android, Riskware/Zdchial!Android, Riskware/SmsCred!Android, Riskware/Blued!Android, Riskware/SneakFont!Android, Virus: Riskware/SAppLock!Android, BadMirror: New Android Malware Family Spotted by SherlockDroid, etc..To go further
- Website of Alligator
- Ludovic Apvrille, Axelle Apvrille, "Identifying Unknown Android Malware with Feature Extractions and Classification Techniques", The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), Helsinki, Finland, 20-22 August, 2015. paper bibtex slides
Home automation / Domotics
I automate my house with my own solutions based on electronic boards like Arduinos and Raspberry Pi. I publishmy systems in French magazines (for instance: Hackable).- L. Apvrille, A. Apvrille, "Home ventilation controlled with raspberries", Hackable magazine, Vol. 11, Mar-Apr 2016. (In French: "Ventilation contrôlée par des framboises").
- A. Apvrille, L. Apvrille, "Remotely controlling a boiler with a Rapsberry Pi", Hackable magazine, Vol. 8, pp. 60-67, Sept-Oct. 2015. (In French: "Contrôler sa chaudière à distance avec un Raspberry Pi.").
