AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Possible Malicious API Usage

The attacker may steal information, attain high privileges by committing unauthorized code to the repository

Severity

High

Fix Cost

Medium

Trust Level

Low

Programming languages and frameworks provide high level and low level APIs for developers in order them to satisfy requirements. It is no secret that some of these APIs can also be used out of the scope of their project requirement set; stealing data, unauthorized privilege escalation, etc.

Although it is really hard to be sure whether the usage of an API is malicious or not, it’s still helpful to list the code pieces where suspicious APIs are used for further analysis.

Here are some the package names that may be used for malicious purposes;

                                            
System.Diagnostics.Process
System.Net.Sockets.TcpClient
System.Net.Sockets.UdpClient
System.Net.Sockets.TcpListener
System.Net.Sockets.Socket
System.Net.SmtpClient
            
            

In addition to these, there are so many methods in both the above packages and 3rd party DLLs that can be utilized for malicious purposes, it’s virtually not possible to enumerate them all. However, here are some the most obvious ones;

            
System.Net.HttpWebRequest
System.Net.WebRequest
System.Net.WebClient
System.Net.Http.HttpClient
RestSharp.RestClient (3rd party)
                

Programming languages and frameworks provide high level and low level APIs for developers in order them to satisfy requirements. It is no secret that some of these APIs can also be used out of the scope of their project requirement set; stealing data, unauthorized privilege escalation, etc.

Although it is really hard to be sure whether the usage of an API is malicious or not, it’s still helpful to list the code pieces where suspicious APIs are used for further analysis.

Here are some the package names that may be used for malicious purposes;


java.lang.Runtime
java.net.ServerSocket
java.net.DatagramSocket
java.net.Socket
com.sun.mail.smtp.SMTPTransport
java.lang.ClassLoader
java.lang.Reflect
java.lang.Class

		

In addition to these, there are so many methods in both the above packages and 3rd party jars that can be utilized for malicious purposes, it’s virtually not possible to enumerate them all. However, here are some the most obvious ones;

            
java.net.HttpURLConnection
org.apache.http.client.HttpClient

                
            

Programming languages and frameworks provide high level and low level APIs for developers in order them to satisfy requirements. It is no secret that some of these APIs can also be used out of the scope of their project requirement set; stealing data, unauthorized privilege escalation, etc.

Although it is really hard to be sure whether the usage of an API is malicious or not, it’s still helpful to list the code pieces, where suspicious APIs are used for further analysis.

Here are some the Android specific package names that may be used for malicious purposes;

                
android.location
android.bluetooth
android.net.wifi
android.telephony
                
            

Here are some the general Java package names that may be used for malicious purposes;

                
java.lang.Runtime
java.net.ServerSocket
java.net.DatagramSocket
java.net.Socket
javax.mail
com.sun.mail.smtp.SMTPTransport
java.lang.ClassLoader
java.lang.Reflect
java.lang.Class
                 
             

In addition to these, there are so many methods in both the above packages and 3rd party jars that can be utilized for malicious purposes, it’s virtually not possible to enumerate them all. However, here are some the most obvious ones;

                
java.net.HttpURLConnection
org.apache.http.client.HttpClient
                
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!