1
00:00:00,100 --> 00:00:03,510
To come, our analysis is mainly about could walk.

2
00:00:04,140 --> 00:00:09,490
Now that you have enough knowledge about the Android security architecture, you know, what does an

3
00:00:09,550 --> 00:00:10,950
HBK file has?

4
00:00:11,400 --> 00:00:13,650
And you know, the components of an application.

5
00:00:14,100 --> 00:00:20,790
We need to leverage this knowledge and use the keywords, specific keywords to search for potential

6
00:00:21,000 --> 00:00:22,050
malicious code.

7
00:00:22,530 --> 00:00:29,550
So what we will do, we will use some indicator words or some keywords to search for malicious classes,

8
00:00:29,970 --> 00:00:38,970
malicious methods, malicious activities that the developer might have used in writing the application.

9
00:00:39,300 --> 00:00:46,680
So mainly we will search for means to collect data such as storing the data and ask a light to be.

10
00:00:47,300 --> 00:00:55,290
We will search for means to collect information such as sending a semi's or posting some requests to

11
00:00:55,290 --> 00:01:01,590
an external Web site, compromising our credentials and sending those credentials, for example, to

12
00:01:01,590 --> 00:01:04,530
an FTB server or to an IP server.

13
00:01:04,860 --> 00:01:09,870
So different exfiltration techniques that can be used by the attacker.

14
00:01:10,260 --> 00:01:21,010
So many will search for words such as Get Borst Eskew, El Address, send HP and HTP asked that MIRV

15
00:01:21,270 --> 00:01:25,500
invoke a Web service or an IP Essam s m.

16
00:01:25,590 --> 00:01:25,770
M.

17
00:01:25,770 --> 00:01:29,490
S monitor Atzmon, for example.

18
00:01:29,490 --> 00:01:34,350
If we are sending data to an admin portal action, send an action call.

19
00:01:34,830 --> 00:01:37,890
This is a non comprehensive list of keyword search.

20
00:01:38,310 --> 00:01:44,280
But let's make it easy and use the list here to perform our basic static analysis.