Focus Areas:
Software Supply Chain Security
,
Mobile Security
Presentation Material
Abstract
Ever wonder why there isn’t a metasploit-style framework for Android apps? We did!
Whether you’re a developer trying to protect your insecure app from winding up on user devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you’ve been looking for!
This tool combines Static Code Analysis with source-sink mapping, teaching by detailing misconfigurations, citing research detailing the issues and automatic exploitation into one, simple to use application!
Our tool will review any Android app, either from source or APK, highlight version specific issues, detail your app’s attack surface, inspect all your app components for misconfigurations and allow you to create on-demand proof-of-concept attack applications.