Profile cover photo
Profile photo
Yanick Fratantonio
PhD student at the UCSB's Seclab
PhD student at the UCSB's Seclab

Yanick's posts

Post has attachment

Post has attachment

Post has attachment

Post has attachment
From Android ART (binary-only) to DEX? Yes, we can!™ (kinda)
This is a write-up for the 0ctf 2016 quals "State of the ART" mobile/Android challenge worth 5 points. We (Shellphish) were one of the only three teams that solved it, and since I haven't seen any write-up on this, here is mine! Major props to @antonio_bc...

Beyond excited: my paper on detecting logic bombs in Android apps got accepted at IEEE Security and Privacy 2016!!!

Post has attachment
CSAWCTF 2015 -- pcapin (forensic 150) write-up
This is the write-up for solving "pcapin", a challenge from CSAW CTF 2015. It was in the "forensic" category, and it was worth it 150 points....may I say, 150 points my ass!?! This felt like a 1337 points least :D So, we have a pcap (links to...

Post has attachment
I'll soon give an invited talk at the upcoming Mobile Santa Barbara MeetUp! It's on May 6th @ 600pm! Details here:

Post has attachment
Believe it or not, it's my turn to give a presentation! Major Area Exam Alert! Come and see what a MAE from an on-track student looks like!

Everyone is welcome -- come if you can! During the talk, family hugs will be delivered as often as possible. Note: the talk is in HFH 4164 (fourth floor!), not the usual conference room! Also, the majority of the attendees will be Italian -- please be on time, we tend to get pissed pretty easily when somebody is late :D

The title of the talk is "Program Analysis to Secure the Mobile Platform". Below you can find the (updated) abstract. See you all tomorrow! :-)

Smartphones and tablets have become an indispensable part of our everyday lives. We use these devices to make phone calls, read emails, surf the web, make payments, and manage our schedules. Smartphones also possess an always increasing amount of computational resources and greater access to sensitive user information. As a result, these devices have become attractive targets for attackers, as evidenced by the recent explosion of the number of malware samples that target these mobile devices.

In this talk, I will discuss the application of program analysis techniques to increase the overall security of the mobile platform. First, I will present research works that analyze mobile applications to detect malicious features, such as stealing user's sensitive information, sending SMS to premium numbers, or implementing bot-like behaviors. Second, I will describe techniques to automatically discover and patch vulnerabilities in benign applications. Lastly, I will discuss approaches that aim to proactively mitigate the many threats that affect the mobile platform.

As a bonus, I will also discuss two state-of-the-art Italian women (yep, my mom and my sister will hopefully be in town!).

Everyone welcome!

Unbelievable, today ShellNoob got its 100th star on github :) If you haven't done so, feel bad and star it now at :P

Post has attachment
The "behind the scene" of DexWare, a DalvikVM based service for the iCTF 2013.
This write-up will describe the "behind the scene" of DexWare, a service I wrote for the iCTF 2013. To the best of my knowledge, this is the first service in the history of CTFs to be based on Dalvik-bytecode!! I hope this write-up will be a useful starting...
Wait while more posts are being loaded