BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:008eecd0-149b-4b89-9897-ddddfbc5f067 DTSTAMP:20260524T160731Z SUMMARY:Katalina - Gabi Cirlig DESCRIPTION:Katalina\n\nFriday August 11\, 10:00 ā€“ 11:55\, Society Boardr oom\, Forum\n\nGabi Cirlig\n\nAndroid malware has long relied on basic str ing obfuscation techniques to make analysts suffer while reversing it. The current state of the art in mass string deobfuscation relies on two techn iques. One of them is executing the sample and hoping to get some hits on the methods with the interesting strings\, while the other is forking big bucks for some well known tools in the industry. Both the workload and the financial impact of these methods can severely impact an independent rese archer's ability to tackle modern Android malware. My solution is simple: build an environment that can execute Android bytecode one instruction at a time. While the approach is not new (Unicorn comes to mind)\, there is n o such tool available for the Android ecosystem. This allows researchers t o speed up their reversing efforts and tackle more intricate and advanced malware with ease.\n\nSoftware developer turned rogue\, Gabriel went from developing apps for small businesses to 2M+ DAU Facebook games while keepi ng an eye for everything shiny and new. For a couple of years he has shift ed gears and started his career as a security researcher at HUMAN Security while speaking at various conferences showcasing whatever random stuff he hacked. With a background in electronics engineering and various programm ing languages\, Gabi likes to dismantle and hopefully put back whatever he gets his hands on.\n\nAudience: Mobile\n\n\nā€‹ URL:https://forum.defcon.org/node/246241 DTSTART:20230811T180000Z DTEND:20230811T195501Z LOCATION:Society Boardroom\, Forum END:VEVENT END:VCALENDAR