Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux
🗣0xdea
If I recall correctly, the adversary strategy when meeting this kind of scheme is to continue to beat you until you're dead, even if you gave up all the secrets.
👤018118055
Maybe a stupid question, since a kernel module is needed, can't I just search for that on the target and then never trust the owner saying that only X layers of encryption are there instead of X+1? which of course can have worst results. Or is it "common sense" that the user has to modify the source and change names/parameters of the module to something else in order to hide it ?
👤ge_bil
So I can have a fake hidden volume filled with hentai and furry porn in case somebody uses the 5$ wrench technique, interesting 🤔🤣🤪
For research only, of course…
👤iamfromouttahere
🎖@malwr
🗣0xdea
If I recall correctly, the adversary strategy when meeting this kind of scheme is to continue to beat you until you're dead, even if you gave up all the secrets.
👤018118055
Maybe a stupid question, since a kernel module is needed, can't I just search for that on the target and then never trust the owner saying that only X layers of encryption are there instead of X+1? which of course can have worst results. Or is it "common sense" that the user has to modify the source and change names/parameters of the module to something else in order to hide it ?
👤ge_bil
So I can have a fake hidden volume filled with hentai and furry porn in case somebody uses the 5$ wrench technique, interesting 🤔🤣🤪
For research only, of course…
👤iamfromouttahere
🎖@malwr
Kudelski Security Research
Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux
Today we are excited to release Shufflecake, a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: w…
👍1🤣1
Is using an Android emulator like BlueStacks a forensically viable method of testing app behavior?
For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my due diligence to match the operating system and version numbers. Could this be used as an explanation in court, or is this a dangerous oversimplification or misunderstanding of BlueStacks capability?
🗣Expensive_Ad6442
The official android emulator should behave as it would on a live system, so should be indicative enough of the app's functionality to demonstrate what you need to show.
Depending on the context, it's worth considering that an app could identify that it's in an emulator and change its behaviour accordingly though, so if it's something custom/niche then consider that some analysis of the apk might be required.
👤minimize
I wouldn't use BlueStacks just based on the amount of bloatware and OS-level modifications done to it, but people have certainly used it for that purpose (for better or worse).
I think what you're looking for is the official Android dev tools via Android Studio.
https://developer.android.com/studio/run/emulator
👤CrisisJake
🎖@malwr
For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my due diligence to match the operating system and version numbers. Could this be used as an explanation in court, or is this a dangerous oversimplification or misunderstanding of BlueStacks capability?
🗣Expensive_Ad6442
The official android emulator should behave as it would on a live system, so should be indicative enough of the app's functionality to demonstrate what you need to show.
Depending on the context, it's worth considering that an app could identify that it's in an emulator and change its behaviour accordingly though, so if it's something custom/niche then consider that some analysis of the apk might be required.
👤minimize
I wouldn't use BlueStacks just based on the amount of bloatware and OS-level modifications done to it, but people have certainly used it for that purpose (for better or worse).
I think what you're looking for is the official Android dev tools via Android Studio.
https://developer.android.com/studio/run/emulator
👤CrisisJake
🎖@malwr
reddit
Is using an Android emulator like BlueStacks a forensically viable...
For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my...
A Technical Analysis of Royal Ransomware [PDF](https://securityscorecard.pathfactory.com/research/the-royal-ransomware)
🗣CyberMasterV
🎖@malwr
🗣CyberMasterV
🎖@malwr
Security Scorecard
A Technical Analysis Of The Royal Ransomware
This malware encrypts files with the AES algorithm, either fully or partially. The extension of the affected files changes to “.royal”. Find out more in this technical analysis of the Royal Ransomware from SecurityScorecard’s Senior Malware Analyst, Vlad…
👍2
🔥1
GuardDog: Identifying malicious PyPI packages using static code analysis and package metadata analysis
🗣thorn42
🎖@malwr
🗣thorn42
🎖@malwr
Datadoghq
Finding malicious PyPI packages through static code analysis: Meet GuardDog
GuardDog is an open-source tool to identify malicious PyPI packages through source code and metadata analysis
Framework Proposal to Regulate Lawful Hacking by Police within Criminal Investigations - PhD dissertation
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Proquest
Framework Proposal to Regulate Lawful Hacking by Police within Criminal Investigations - ProQuest
Explore millions of resources from scholarly journals, books, newspapers, videos and more, on the ProQuest Platform.
Emulate Any ISA Card With A Raspberry Pi And An FPGA
🗣r_retrohacking_mod2
Hoping for a model that could emulate a real 3DFx
👤RetroBastardo
comments in the article are more interesting, specially RP2040 based ISA cards
👤incrediblediy
If you already have the FPGA, maybe you could use that instead of the Pi?
👤Dwedit
🎖@malwr
🗣r_retrohacking_mod2
Hoping for a model that could emulate a real 3DFx
👤RetroBastardo
comments in the article are more interesting, specially RP2040 based ISA cards
👤incrediblediy
If you already have the FPGA, maybe you could use that instead of the Pi?
👤Dwedit
🎖@malwr
Hackaday
Emulate Any ISA Card With A Raspberry Pi And An FPGA
One of the reasons the IBM PC platform became the dominant standard for desktop PCs back in the mid-1980s was its open hardware design, based around what would later be called the ISA bus. Any manu…