So here is our first case study based on some IOS malware. So let me go through this area with you quickly. And then on the next slide, we'll talk about what the ground rules are and what type of analysis we're looking to get from you. So the scenario. So on July 15th the user working for your company reported that their iPhone was acting weird.
The I T department looked the incident quickly and saw had applications but couldn't take the case any further.
The security team needs you to perform an assessment to ensure the corporate network is not at risk and no company policies were broken. Please analyze the application and report your findings.
Okay, so the goal of this case study is to report the functionality of the IOS program using some of the techniques that we learned in class. But remember, you're not limited to those. You can use any techniques you want, what we're looking for from you, it's a basic report doesn't need to be long. It could be a cz long as short as you like,
but basically what you want to hit on the analysis techniques that you used and give us some results in the static, dynamic and network sections
and then wrap it up with a conclusion. Once you're finished, you can compare it to the report that we have and see how you did. Now, the only challenge you're gonna run into here is if you don't have access to a Mac or I device. But there's still some interesting functionality of the program you can uncover by running strings and mob S f, for example. So if you don't have access to these devices,
still go ahead and fill out the static analysis section
and then once you're finished, compare your results to what we have and see how you did. All right, before you begin, let me just show you a quick report that I wrote just to give you an example of some of the things that you can include and what we're looking for. Okay, so here I've got a report. I just got a cover page. It's short. It's seven pages, including pictures.
So here's my report. Have a title page
and I've got a small table of contents. Give you a summary
some key highlights. An executive summary. They give you a high level overview with an introduction again. Ah, hi. Little high level overview.
Then I dig into the malware analysis. I give you some strings information
giving you registry keys, how it runs in the bugger. This is, of course, for Windows, but you can use the same report format
that is showing you how them our looks for a V
then include some static and also without a pro showing them. You Texas,
giving you the network information and the file information, and that is it. So they go this So there's a format you can use pretty quickly just to kind of give you, Like I said, just to kind of give you an idea of what you can do for your report.