A bug in Firefox has exposed a little known fact about what apps can do behind your back.
Introduction During this lab we tie together techniques used in Lab 1 and Lab 2 to identify a malicious app sitting on our device along with the information it could have obtained access to. Following this, we move onto stage 3 of incident response, the containment phase to remove this malicious app from our device. […]
Introduction Rather than releasing our usual weekly incident response lab, this week we’re releasing a practical learning experience of an open source capture the flag competition. You may be asking yourself how this ties in with Android incident response training, you’ll have to use some advanced techniques associated with the identification phase of Android incident […]
There is no excerpt because this is a protected post.
Introduction In this lab we remain focused on the identification phase of responding to an Android incident. This time we uncover a little bit more by extracting a suspicious APK from our device and identify some of its capabilities. TL;DR Using ADB run the following commands to retrieve an APK from our test device: Then, […]
If like many of us, you’re feeling at a loose end during the Covid-19 lockdown, we’ve released a short, free Android Incident Response course to help keep your skills sharp. New labs will be released every Thursday This page can be treated as the central location for finding all labs Each lab should take ~20 […]
Introduction Incident response is often described as a 6 step process. These 6 steps help an organisation formulate a plan for responding to cyber security incidents and help keep future incidents at bay. During this lab, we focus on some simple techniques to triage key Android logs to help investigate the depth of a compromise […]
How Mobile Tracker free stalkerware works, how to detect it and how to remove it.