Mayall:a framework for desktop JavaScript auditing and post-exploitation analysis

Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime --- an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed

A look into the information your smartphone leaks

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Some smartphone applications (apps) pose a risk to users’ personal information. Events of apps leaking information stored in smartphones illustrate the danger that they present. In this paper, we investigate the amount of personal information leaked during the installation and use of apps when accessing the Internet. We have opted for the implementation of a Man-in-the-Middle proxy to intercept the network traffic generated by 20 popular free apps installed on different smartphones of distinctive vendors. This work describes the technical considerations and requirements for the deployment of the monitoring WiFi network employed during the conducted experiments. The presented results show that numerous mobile and personal unique identifiers, along with personal information are leaked by several of the evaluated apps, commonly during the installation process

Diversity with AntiVirus products: Additional empirical studies

In this paper we describe the design of a new set of empirical studies we will run to test the gains in detection capabilities from using diverse AntiVirus products. This new work builds on previous work on this topic reported in [1, 2, 3]. We describe the motivation for this work, how it extends the previous work and what studies we will conduct

Implementing SaaS Solution for CRM

Greatest innovations in virtualization and distributed computing have accelerated interest in cloud computing (IaaS, PaaS, SaaS, aso). This paper presents the SaaS prototype for Customer Relationship Management of a real estate company. Starting from several approaches of e-marketing and SaaS features and architectures, we adopted a model for a CRM solution using SaaS Level 2 architecture and distributed database. Based on the system objective, functionality, we developed a modular solution for solve CRM and e-marketing targets in real estate companies.E-Marketing, SaaS Architecture, Modular Development

Traffic characteristics mechanism for detecting rogue access point in local area network

Rogue Access Point (RAP) is a network vulnerability involving illicit usage of wireless access point in a network environment. The existence of RAP can be identified using network traffic inspection. The purpose of this thesis is to present a study on the use of local area network (LAN) traffic characterisation for typifying wired and wireless network traffic through examination of packet exchange between sender and receiver by using inbound packet capturing with time stamping to indicate the existence of a RAP. The research is based on the analysis of synchronisation response (SYN/ACK), close connection respond (FIN/ACK), push respond (PSH/ACK), and data send (PAYLOAD) of the provider’s flags which are paired with their respective receiver acknowledgment (ACK). The timestamp of each pair is grouped using the Equal Group technique, which produced group means. These means were then categorised into three zones to form zone means. Subsequently, the zone means were used to generate a global mean that served as a threshold value for identifying RAP. A network testbed was developed from which real network traffic was captured and analysed. A mechanism to typify wired and wireless LAN traffic using the analysis of the global mean used in the RAP detection process has been proposed. The research calculated RAP detection threshold value of 0.002 ms for the wired IEEE 802.3 LAN, while wireless IEEE 802.11g is 0.014 ms and IEEE 802.11n is 0.033 ms respectively. This study has contributed a new mechanism for detecting a RAP through traffic characterisation by examining packet communication in the LAN environment. The detection of RAP is crucial in the effort to reduce vulnerability and to ensure integrity of data exchange in LA

Zero permission android applications - attacks and defenses

Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties

iRogue: Identifying Rogue Behavior from App Reviews

An app user can access information of other users or third parties. We define rogue mobile apps as those that enable a user (abuser) to access information of another user or third party (victim), in a way that violates the victim's privacy expectations. Such apps are dual-use and their identification is nontrivial. We propose iRogue, an approach for identifying rogue apps based on their reviews, posted by victims, abusers, and others. iRogue involves training on deep learning features extracted from their 1,884 manually labeled reviews. iRogue first identifies how alarming a review is with respect to rogue behavior and, second, generates a rogue score for an app. iRogue predicts 100 rogue apps from a seed dataset curated following a previous study. Also, iRogue examines apps in other datasets of scraped reviews, and predicts an additional 139 rogue apps. On labeled ground truth, iRogue achieves the highest recall, and outperforms baseline approaches that leverage app descriptions and reviews. A qualitative analysis of alarming reviews reveals rogue functionalities. App users, platforms, and developers should be aware of such apps and their functionalities and take measures to curb privacy risk