creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1cffd664f555699d8e2b46f5ea94edaaa520f721
Anthropic-Cybersecurity-Skills/skills/detecting-mobile-malware-behavior/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.7 KiB
Raw Blame History

API Reference: Detecting Mobile Malware Behavior

Android Dangerous Permissions

Permission Risk Abuse Scenario
SEND_SMS HIGH Premium rate SMS fraud
READ_SMS HIGH OTP/2FA theft
BIND_ACCESSIBILITY_SERVICE CRITICAL Screen scraping, keylogging
BIND_DEVICE_ADMIN CRITICAL Device lockout, ransomware
INSTALL_PACKAGES CRITICAL Dropper functionality
SYSTEM_ALERT_WINDOW HIGH Overlay phishing attacks

Android Analysis Tools

# Extract permissions from APK
aapt dump permissions app.apk

# Decompile APK
apktool d app.apk -o output_dir/

# Decompile to Java source
jadx app.apk -d java_output/

# Run MobSF scan
docker run -p 8000:8000 opensecurity/mobile-security-framework-mobsf

Suspicious API Patterns

# Dynamic code loading
r"DexClassLoader|PathClassLoader"
# Shell execution
r"Runtime\.exec|ProcessBuilder"
# Device fingerprinting
r"TelephonyManager\.getDeviceId"

MobSF REST API

import requests
# Upload APK
resp = requests.post("http://localhost:8000/api/v1/upload",
    files={"file": open("app.apk", "rb")},
    headers={"Authorization": API_KEY})

# Get scan results
resp = requests.post("http://localhost:8000/api/v1/scan",
    data={"hash": file_hash},
    headers={"Authorization": API_KEY})

Android Broadcast Receivers (Persistence)

Action Malware Use
BOOT_COMPLETED Auto-start on reboot
SMS_RECEIVED SMS interception
PHONE_STATE Call monitoring
CONNECTIVITY_CHANGE Network-triggered C2

CLI Usage

python agent.py --apk suspicious.apk
python agent.py --source-dir jadx_output/
python agent.py --apk app.apk --source-dir decompiled/
Reference in New Issue View Git Blame Copy Permalink