Botconf Author Listing

Yusuf Kocadas


Last known affiliation: Denuvo

  
TLP:CLEAR
Date: 2024-04-24
Parsing the Unparsable: Turning Analyzers into Victims
Yusuf Kocadas 🗣 | Furkan Er 🗣

Abstract (click to view)

While thinking about how to prevent statical analysis on our customers’ applications. I have found myself analyzing publicly available apk parsers on github. I have walked through a bunch of issues to see which apps have broken/crashed their parsers, and collected many of both legit and malicious apps. Then, I started to extract their peculiarities and commonalities. After working on these outputs. I dived into analyzing open source parsers and bumped into many issues and some of them turned out to be crucial security problems. Furthermore, some of these parsers are backbone of many security products. In this talk, I will share my findings and how to turn analyzers into victims.

Scroll to Top