Is using an Android emulator like BlueStacks a forensically viable method of testing app behavior?
For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my due diligence to match the operating system and version numbers. Could this be used as an explanation in court, or is this a dangerous oversimplification or misunderstanding of BlueStacks capability?
๐ฃExpensive_Ad6442
The official android emulator should behave as it would on a live system, so should be indicative enough of the app's functionality to demonstrate what you need to show.
Depending on the context, it's worth considering that an app could identify that it's in an emulator and change its behaviour accordingly though, so if it's something custom/niche then consider that some analysis of the apk might be required.
๐คminimize
I wouldn't use BlueStacks just based on the amount of bloatware and OS-level modifications done to it, but people have certainly used it for that purpose (for better or worse).
I think what you're looking for is the official Android dev tools via Android Studio.
https://developer.android.com/studio/run/emulator
๐คCrisisJake
๐@malwr
For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my due diligence to match the operating system and version numbers. Could this be used as an explanation in court, or is this a dangerous oversimplification or misunderstanding of BlueStacks capability?
๐ฃExpensive_Ad6442
The official android emulator should behave as it would on a live system, so should be indicative enough of the app's functionality to demonstrate what you need to show.
Depending on the context, it's worth considering that an app could identify that it's in an emulator and change its behaviour accordingly though, so if it's something custom/niche then consider that some analysis of the apk might be required.
๐คminimize
I wouldn't use BlueStacks just based on the amount of bloatware and OS-level modifications done to it, but people have certainly used it for that purpose (for better or worse).
I think what you're looking for is the official Android dev tools via Android Studio.
https://developer.android.com/studio/run/emulator
๐คCrisisJake
๐@malwr
reddit
Is using an Android emulator like BlueStacks a forensically viable...
For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my...
Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg
๐ฃDLLCoolJ
๐@malwr
๐ฃDLLCoolJ
๐@malwr
Arch Cloud Labs
Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg
About the Project Today, weโre going to analyze a malicious binary recently identified by Arch Cloud Labs malware collection system โArchieโ. This binary leverages the LoadLibraryA function to resolve DLLs at run time for additional functionality. Malwareโฆ
A Technical Analysis of Royal Ransomware [PDF](https://securityscorecard.pathfactory.com/research/the-royal-ransomware)
๐ฃCyberMasterV
๐@malwr
๐ฃCyberMasterV
๐@malwr
Security Scorecard
A Technical Analysis Of The Royal Ransomware
This malware encrypts files with the AES algorithm, either fully or partially. The extension of the affected files changes to โ.royalโ. Find out more in this technical analysis of the Royal Ransomware from SecurityScorecardโs Senior Malware Analyst, Vladโฆ
๐2
๐ฅ1
GuardDog: Identifying malicious PyPI packages using static code analysis and package metadata analysis
๐ฃthorn42
๐@malwr
๐ฃthorn42
๐@malwr
Datadoghq
Finding malicious PyPI packages through static code analysis: Meet GuardDog
GuardDog is an open-source tool to identify malicious PyPI packages through source code and metadata analysis
Framework Proposal to Regulate Lawful Hacking by Police within Criminal Investigations - PhD dissertation
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Proquest
Framework Proposal to Regulate Lawful Hacking by Police within Criminal Investigations - ProQuest
Explore millions of resources from scholarly journals, books, newspapers, videos and more, on the ProQuest Platform.
Emulate Any ISA Card With A Raspberry Pi And An FPGA
๐ฃr_retrohacking_mod2
Hoping for a model that could emulate a real 3DFx
๐คRetroBastardo
comments in the article are more interesting, specially RP2040 based ISA cards
๐คincrediblediy
If you already have the FPGA, maybe you could use that instead of the Pi?
๐คDwedit
๐@malwr
๐ฃr_retrohacking_mod2
Hoping for a model that could emulate a real 3DFx
๐คRetroBastardo
comments in the article are more interesting, specially RP2040 based ISA cards
๐คincrediblediy
If you already have the FPGA, maybe you could use that instead of the Pi?
๐คDwedit
๐@malwr
Hackaday
Emulate Any ISA Card With A Raspberry Pi And An FPGA
One of the reasons the IBM PC platform became the dominant standard for desktop PCs back in the mid-1980s was its open hardware design, based around what would later be called the ISA bus. Any manuโฆ
A vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance
๐ฃSSDisclosure
๐@malwr
๐ฃSSDisclosure
๐@malwr
SSD Secure Disclosure
SSD Advisory โ Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution - SSD Secure Disclosure
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance.