Mahmud Ab Rahman (MyCERT)

Presentation Title Reverse Engineering Android Malware
Presentation Abstract

Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, thus the platform is an attractive target for malware author. Malware author are aiming for users of Google’s Android mobile operating system with a malicious application that harvests personal information, controlling the system and sends it to a remote server. By utilizing SMS toll fraud; malware author will also steal money from infected mobile phone.

Malware infection on Android platform is going to be interesting in future (it’s happening now!). Thus, reversing Android Malware (Droid-ware) is interesting challenge to address. Malware analysis can be performed using two approaches, which is Dynamic Analysis and Dead-Listing Analysis (Reverse Engineering). Reverse engineering is a vitally important skill for today’s expert security professional. In this presentation, we’ll focus on the later approach to analyze Android Malware.

In this talk, the speaker will discuss on recent progress on Android malware scene. The speaker will provide details on few recent Android Malware samples. The speaker will also discuss on technical analysis on malicious Android applications by using reversing engineering approach. The analysis parts will focus on dissecting obfuscation such as encryption, string optimizing and generic obfuscation techniques applied inside Android Malware. The challenges when dealing with reversing Android Malware will be addressed as well.

About Mahmud Ab Rahman

Mahmud Ab Rahman currently works as Information Security Specialist for Malaysia Computer Emergency and Response Team (MyCERT) under umbrella of CyberSecurity Malaysia. Prior to that, he worked as an Intrusion Analyst at MyCERT department. His education background comprises of Master Degree in Computer Science from National University of Malaysia in 2006. Prior to that, he obtained a Degree in Computer Science from the same university.

Mahmud has been involved in the computer security field for over 5 years. His area of focus and interest is network security, honeynet, botnet monitoring, and malware analysis. He also engages in several large scale penetration-testing exercises and to provide solutions for any vulnerability detected. Moreover, he is recognized for conducting numbers of training for organizations to talk on topics ranging from introduction to advanced security courses. He is a occasional speaker at conferences such as FIRST AGM, FIRST TC,Honeynet Annual Workshop and Infosec.MY. He currently certified for SANS’s GPEN (gold) and GREM.