BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:483706f1-0cf2-4bc4-94cf-7ec7c7de35d3
DTSTAMP:20260420T094908Z
SUMMARY:(Beginner) Quark Engine - An Obfuscation-Neglect Android Malware Sc
 oring System
DESCRIPTION:Title: (Beginner) Quark Engine - An Obfuscation-Neglect Android
  Malware Scoring System\n\nDescription:\nAndroid malware analysis engine i
 s not a new story. Every antivirus company has their own secrets to build 
 it. With python and curiosity\, we develop a malware scoring system from t
 he perspective of Taiwan Criminal Law in an easy but solid way.\n\nWe have
  an order theory of criminal which explains stages of committing a crime. 
 For example\, crime of murder consists of five stages\, they are determine
 d\, conspiracy\, preparation\, start and practice. The latter the stage th
 e more we’re sure that the crime is practiced.\n\nAccording to the above
  principle\, we developed our order theory of android malware. We develop 
 five stages to see if the malicious activity is being practiced. They are:
 \n\nPermission requested.\nNative API call.\nCertain combination of native
  API.\nCalling sequence of native API.\nAPIs that handle the same register
 .\n\nWe not only define malicious activities and their stages but also dev
 elop weights and thresholds for calculating the threat level of a malware.
 \n\nMalware evolved with new techniques to gain difficulties for reverse e
 ngineering. Obfuscation is one of the most commonly used techniques. In th
 is talk\, we present a Dalvik bytecode loader with the order theory of and
 roid malware to neglect certain cases of obfuscation.\n\nInspired by the d
 esign principles of the CPython interpreter\, our Dalvik bytecode loader c
 onsists of functionalities such as 1. Finding cross-reference and calling 
 sequence of the native API. 2. Tracing the bytecode register. The combinat
 ion of these functionalities (yes\, the order theory) not only can neglect
  obfuscation but also match perfectly to the design of our malware scoring
  system.\n\nFurther\, we will also show a case study of Android malware an
 d demonstrate how the obfuscation technique is useless to our engine. Last
  but not least\, we will be open-sourcing everything (Malware Scoring Syst
 em\, Dalvik Bytecode Loader) during our presentation.\n\nGithub: https://g
 ithub.com/quark-engine/quark-engine\n\nSpeaker(s): JunWei Song\, KunYu Che
 n\n\nLocation: Blue Team Vlg / Blue Team Vlg - Talks Track 1\n\nDiscord: h
 ttps://discord.com/channels/708208267699945503/732454317658734613\n\nEvent
  starts: 2020-08-07 10:00 (10:00 AM) PDT (UTC -07:00)\n\nEvent ends: 2020-
 08-07 10:30 (10:30 AM) PDT (UTC -07:00)\n\nFor the most up-to-date informa
 tion\, please either visit https://info.defcon.org\, or use HackerTracker\
 , which is available for iOS and Android. This is an automated message\, a
 nd this data was last modified 2020-08-06T21:47 (UTC).
URL:https://forum.defcon.org/node/234086
DTSTART:20200807T180000Z
DTEND:20200807T183001Z
LOCATION:Blue Team Vlg / Blue Team Vlg - Talks Track 1
END:VEVENT
END:VCALENDAR