2022 - 2023 #

Cyber Security Topics #

The 2022 - 2023 members’ focus will be on cyber-security. Members will be given a tutorial with an emphasis on Android and Web:

• Malware isolation (Android on Docker)
• Traffic and API analysis (Wireshark, httptoolkit)
• Access control vulnerabilities (BOLA, currently top OWASP vulnerability)
• Tracking and reverse engineering (apktool, jadx, etc)
• Injection and XSS
• Fraud detection and UI/UX (email / app link handlers, common mitigation strategies including DNS blocking, ad block, etc)

Schedule #

• Community Survey - Members will poll their communities for examples of applications, vulnerable APIs, or examples of malware/scams
• Literature Review
• Sandboxing containers - Utilizing docker and shell scripts, members will semi-automate data collection
• Analysis - Identification of traffic patterns and other behavior; creating applications to summarize statistics
• Community Outreach - Presentation of findings