HackDig : Dig high-quality web security articles

Waterbear is Back, Uses API Hooking to Evade Security Product Detection

By Vickie Su, Anita Hsieh, and Dove Chiu Waterbear, which has been around for several years, is a campaign that uses modular malware capable of including additional functions remotely. It is associated with the cyberespionage group BlackTech, which mainly targets technology companies and government agencies in East Asia (specifically Taiwan, and in some inst
Publish At:2019-12-11 14:35 | Read:3902 | Comments:0 | Tags:Malware API Hooking BlackTech Waterbear

Android Native API Hooking with Library Injection and ELF Introspection.

This post can be considered both the part 2 of the previous "Dynamically inject a shared library into a running process on Android/ARM" and a proof of concept of the same, namely what can be done with library injection on Android. TL;DR I've updated the source code of the arminject project on github adding a library that once injected into a process will
Publish At:2015-05-04 23:30 | Read:9298 | Comments:0 | Tags:hooking api hooking library android injection elf relocation

Dynamically inject a shared library into a running process on Android/ARM

If you're familiar with Windows runtime code injection you probably know the great API CreateRemoteThread which lets us force an arbitrary running process to call LoadLibrary and load a DLL into its address space, this technique called DLL Injection is often used to perform user space API hooking, you can find a good post about it on Gianluca Braga's blog.
Publish At:2015-05-02 05:45 | Read:7434 | Comments:0 | Tags:hooking api hooking library android injection ptrace remote


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud