Home » Posts tagged "detection"

拿來分析 Android APK 檔的 Droidefence

忘記在哪邊看到的,分析 Android APK 檔的軟體:「Droidefense: Advance Android Malware Analysis Framework」。

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.

看起來是輔助用的工具... 先記錄下來 XD

AWS 推出 Amazon GuardDuty 進行內部網路監控

AWS 推出 Amazon GuardDuty 監控內部網路:「Amazon GuardDuty – Continuous Security Monitoring & Threat Detection」。

從示意圖可以看到結合了許多 log 資料,然後綜合判斷:

In combination with information gleaned from your VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, this allows GuardDuty to detect many different types of dangerous and mischievous behavior including probes for known vulnerabilities, port scans and probes, and access from unusual locations.

所以連 Bitcoin 相關網站也當作條件之一 XD

開了相當多區 (相較於之前 AWS Elemental MediaOOXX 系列...):

Amazon GuardDuty is available in production form in the US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), EU (Ireland), EU (Frankfurt), EU (London), South America (São Paulo), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions and you can start using it today!

Windows 將引入 TruePlay,推出作弊偵測的 API

在「Windows now includes gaming cheat detection at the system level」這邊看到微軟將會引入 TruePlay (然後跟 Sonostrueplay 衝名 XDDD) 作弊偵測機制。

很明顯的會有隱私問題,而也很明顯的微軟說不會有隱私問題:

As Microsoft notes, "to protect customer privacy, no data is shared or transmitted until permission is granted," and no information is sent until "processing has determined cheating is likely to have occurred."

這不是把人當傻子嗎,遊戲一開始就會要求你同意才能玩啊,所以資料一定會送出的啊... 而且 TruePlay 變成作業系統的標準配備後,作弊程式就會找 workaround 才會推出 :o

偵測 Chrome Headless

作者因為種種原因,想要偵測 Headless 模式的 Google Chrome:「Detecting Chrome Headless」。

之前因為主要是 PhantomJS,有很多地方跟一般的瀏覽器不同,可以利用這些不同的地方來判斷出是不是 PhantomJS:

Until now, one of the most popular headless browser was PhantomJS. Since it is built on the Qt framework, it exhibits many differences compared to most popular browsers. As presented in this post, it is possible to detect it using some browser fingerprinting techniques.

但從 Google Chrome 59 以後因為支援 Headless,使得大多數的判斷的失效:

Since version 59, Google released a headless version of its Chrome browser. Unlike PhantomJS, it is based on a vanilla Chrome, and not on an external framework, making its presence more difficult to detect.

所以作者找了不少方式想要判斷兩者的相異之處... 不過這些方式看起來不太穩定,加上 Firefox 也在準備了,之後只會愈來愈困難吧 :o

把才能用在奇怪的地方:老闆偵測器

作者用 OpenCV 學習老闆的臉,然後當老闆走過來的時候把畫面切到努力工作中的 screenshot XDDD:「Deep Learning Enables You to Hide Screen when Your Boss is Approaching」。

“My boss left his seat and he was approaching to my seat.”

“OpenCV has detected the face and input the image into the learned model.”

“The screen has switched by recognizing him! ヽ(‘ ∇‘ )ノ ワーイ”

作者是個日本人 (要說不意外嗎 XDDD),這套軟體的程式碼在「Hironsan/BossSensor」這邊 XDDD

超級浪費才能 XDDD

隨機產生「臉」的 pareidoloop

Hacker News 上看到的玩具:

  • 先隨機產生多邊形圖形。
  • 丟到 Face detection library 偵測是否有臉,沒有找到的話就回到第一步,如果有的話就會有個匹配值 (fitness)。
  • 如果有找到臉,就試著修改圖形 (進化) 找到更高的匹配值...

JavaScript 寫的,可以在 browser 上直接跑。原始程式碼在「https://github.com/phl/pareidoloop」,可以用瀏覽器玩的網站在「pareidoloop」。

用基因演算符合 Face detection library 偵測的特徵,還蠻有趣的玩具... 這是跑了大約半個小時跑出來的臉 (還蠻小張的):

有些臉的感覺,不過因為只有黑白圖片,而且又小小張的,感覺有點像是靈異照片 XDDD 像是「八大真實靈異照片!」這邊的例子...

Archives