jueves, 4 de febrero de 2016

Vector Attack Scanner on Google Play

This is a tool to analyze android to detect points to attack, as intents, receivers, services, processes, libraries and MBaaS libs. This uses a static analysis methods to do this, the vector attack founded by this tool, can be attacked by fuzzing methods to discover vulnerabilities. 

More security researchers, bug hunters, exploit writers, find a problems as insecure compilation flags, methods/functions exposes, with this tool is more easy, this tool search by you automatically. 

It is well known in the world of IT Security, that have been created countermeasures and memory protections to prevent easily create exploits and prevent programmers to write programs that execute arbitrary code.

This version check Android Manifest to detect points to attack and check ELF Binary Format to search compilation flags as RELRO, PaX, PIE, ASLR, NX, RPATH, RUNPATH, StackCanary and FORTIFY SOURCE protections. 

Too analyze Mobile Backend as a service (MBaaS) libs, determining that libraries are using, this module was created because many companies do not maintain good security for these services; Too analyze insecure/banned functions on ELF files and dependency libraries.

What is this protections: 

RELRO: Is a generic mitigation technique to harden the data sections of an ELF binary/process. There are two different "operation modes" of RELRO. 

PaX: Is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. 

PIE: Are executable binaries made entirely from position-independent code. While some systems only run PIC executables, there are other reasons they are used. 

ASLR: Is a computer security technique involved in protection from buffer overflow attacks. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. 

NX: The NX bit, which stands for No-eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. 

rPath and RunPath: Is a term in programming which refers to a run-time search path hard-coded in an executable file or library, used during dynamic linking to find the libraries the executable or library requires. 

StackCanary: Are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, the first data to be corrupted will usually be the canary, and a failed verification of the canary data is therefore an alert of an overflow, which can then be handled, for example, by invalidating the corrupted data. 

FORTIFY SOURCE: Is macro provides lightweight support for detecting buffer overflows in various functions that perform operations on memory and strings. Not all types of buffer overflows can be detected with this macro, but it does provide an extra level of validation for some functions that are potentially a source of buffer overflow flaws.