k0de
  less

████████╗██╗  ██╗███████╗    ██████╗  ██████╗  ██████╗ ███╗   ███╗
╚══██╔══╝██║  ██║██╔════╝    ██╔══██╗██╔═══██╗██╔═══██╗████╗ ████║
   ██║   ███████║█████╗      ██║  ██║██║   ██║██║   ██║██╔████╔██║
   ██║   ██╔══██║██╔══╝      ██║  ██║██║   ██║██║   ██║██║╚██╔╝██║
   ██║   ██║  ██║███████╗    ██████╔╝╚██████╔╝╚██████╔╝██║ ╚═╝ ██║
   ╚═╝   ╚═╝  ╚═╝╚══════╝    ╚═════╝  ╚═════╝  ╚═════╝ ╚═╝     ╚═╝
    

BIO

About me!

My name is Eduardo Blázquez but people commonly knows me as Fare9. I'm research assistant and PhD student at UC3M's Computer Security Lab (COSEC), my research has been focused on the Android ecosystem security and privacy, but right now I enjoy writing tools for static (binary) analysis and I'm learning more about Compiler's internals. Before joining COSEC lab I worked as Reverse Engineer at ReversingLabs, and as Malware Analyst in Panda Security. I got my Computer Degree at University of Alcalá de Henares (UAH), and later a Master's degree in Cybersecurity at University Carlos III of Madrid (UC3M). As I said I'm learning about Compiler's internals, and I'm trying to focus on the LLVM framework, I also enjoy doing reverse engineering and I like coding on different programming languages. Right now I mostly program in C++, and do some data analysis in Python, but I also enjoy coding in C and assembly.

Hobbies

When I’m not in front of my laptop I like playing videogames, reading manga or watching anime.

I like martial arts, I have a 1st Dan Black Belt on Ninjutsu Jinsoku Ryu, and also I have a 5 Khan in Thai Boxing by the FIMT. Right now I practice Karate Goju Ryu style.

I really like different Asian cultures, but I fell in love with Japanese culture when I was very young, so commonly I’m listening Chinese, Korean or Japanese music at the laboratory (I leave a list at the bottom of this page). From time to time I also cook Japanese food at home, and currently I’m learning Japanese Language (right now I hold JLPT Noken 5).

Publications

Here I’ll leave my publications in conferences as well as different important articles I could write:

Kunai: A static analysis framework for Android apps

Eduardo Blázquez, Juan Tapiador

Elsevier. SoftwareX

Abstract

Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on Qemu

Antonio Nappa & Eduardo Blázquez

Packt Publishing

Abstract

This paper describes Kunai, a C++ library that offers static analysis functionalities for Android apps. Kunai’s main goal is to provide analysts and researchers with a framework to conduct advanced static analysis of Dalvik code, including parsing, disassembling and code analysis. Written in C++, it focuses on efficiency and an extensible software architecture that enables the integration of new analysis modules easily. Kunai is particularly suitable for the development of analysis pipelines that need to scale up to process large app datasets.

@article{BLAZQUEZ2023101370,
title = {Kunai: A static analysis framework for Android apps},
journal = {SoftwareX},
volume = {22},
pages = {101370},
year = {2023},
issn = {2352-7110},
doi = {https://doi.org/10.1016/j.softx.2023.101370},
url = {https://www.sciencedirect.com/science/article/pii/S2352711023000663},
author = {Eduardo Blázquez and Juan Tapiador},
keywords = {Android, Static analysis, Software analysis, Mobile apps}
}

Book Description

Emulation and fuzzing are amongst the many techniques that are in use for cybersecurity, but how to use these techniques?

Fuzzing against the machine is a hands-on guide that will take you through the “how” of these powerful tools and techniques. Using a variety of real-world use cases and practical examples, you’ll be taken from an overview of the fundamental concepts of fuzzing and emulation to advanced vulnerability research, giving you the tools and skills, you need to find the security flaws in your software.

This book starts with an introduction to Qemu, a tool that allows you to run software for whatever architecture you can think of, and American fuzzy lop (AFL) and it’s improved version AFL++, free and open source famous fuzzer engines. You’ll combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in systems such as iOS, Android and Samsung’s Mobile Baseband software, Shannon. Once you’ve read the introductions and set up your environment you will get flexibility to dive into whichever chapter you want, although they get steadily more advanced as the book progresses.

By the end of the book, you’ll have the skills, knowledge, and practice required to find the flaws in any firmware by emulating and fuzzing it with Qemu and several fuzzing engines.

Trouble Over-The-Air: An analysis of FOTA Apps in the Android Ecosystem

Eduardo Blázquez, Sergio Pastrana, Álvaro FEAL, Julien GAMBA, Platon Kotzias, Narseo VALLINA-RODRÍGUEZ, Juan Tapiador

42nd IEEE Symposium on Security and Privacy. March 2021

Introduction 1 minute video: Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Talk: Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem (you can activate subs in English)

Abstract

Android firmware updates are typically managed by the so-called FOTA (Firmware Over-the-Air) apps. Such apps are highly privileged and play a critical role in maintaining devices secured and updated. The Android operating system offers standard mechanisms—available to Original Equipment Manufacturers (OEMs)—to implement their own FOTA apps but such vendor-specific implementations could be a source of security and privacy issues due to poor software engineering practices. This paper performs the first large-scale and systematic analysis of the FOTA ecosystem through a dataset of 2,013 FOTA apps detected with a tool designed for this purpose over 422,121 pre-installed apps. We classify the different stakeholders developing and deploying FOTA apps on the Android update ecosystem, showing that 43% of FOTA apps are developed by third parties. We report that some devices can have as many as 5 apps implementing FOTA capabilities. By means of static analysis of the code of FOTA apps, we show that some apps present behaviors that can be considered privacy intrusive, such as the collection of sensitive user data (e.g., geolocation linked to unique hardware identifiers), and a significant presence of third-party trackers. We also discover implementation issues leading to critical vulnerabilities, such as the use of public AOSP test keys both for signing FOTA apps and for update verification, thus allowing any update signed with the same key to be installed. Finally, we study telemetry data collected from real devices by a commercial security tool. We demonstrate that FOTA apps are responsible for the installation of non-system apps (e.g., entertainment apps and games), including malware and Potentially Unwanted Programs (PUP). Our findings suggest that FOTA development practices are misaligned with Google’s recommendations.

@inproceedings{blazquez2021fota,
  author    = {E. Bl\'azquez and S. Pastrana and \'A. Feal and J. Gamba and P. Kotzias and N. Vallina-Rodriguez and J. Tapiador},
  booktitle = {2021 2021 IEEE Symposium on Security and Privacy (SP)},
  title     = {Trouble Over-the-Air: An Analysis of FOTA Apps in the Android Ecosystem},
  year      = {2021},
  volume    = {},
  issn      = {2375-1207},
  pages     = {1641-1657},
  keywords  = {privacy;security;android;supply-chain;updates},
  doi       = {10.1109/SP40001.2021.00095},
  url       = {https://doi.ieeecomputersociety.org/10.1109/SP40001.2021.00095},
  publisher = {IEEE Computer Society},
  address   = {Los Alamitos, CA, USA},
  month     = {may}
}

Methods for automatic malware analysis and classification: a survey

Int. J. Information and Computer Security, Vol. 17, Nos. 1/2, 2022

Toni Gržinić, Eduardo Blázquez

Abstract

In this survey, we try to summarise modern malware classification methods and analysis tools, and give an insight into the current research efforts that are used to build state-of-the-art malware classification systems that are used to detect the most dangerous malware families built for the operating system, Microsoft Windows. Before diving into automatic classification methods and features (malware indicators) used, we describe the accompanying analysis approaches that are the fundamental building block of every automatic classifier. This paper has the intention to summarise and categorise various efforts of researches that emerged in the last years and recognise upcoming challenges in the vibrant malware landscape.

@article{10.1504/ijics.2022.121297,
author = {Gr\v{z}ini\'{c}, Toni and Gonz\'{a}lez, Eduardo Bl\'{a}zquez},
title = {Methods for Automatic Malware Analysis and Classification: A Survey},
year = {2022},
issue_date = {2022},
publisher = {Inderscience Publishers},
address = {Geneva 15, CHE},
volume = {17},
number = {1–2},
issn = {1744-1765},
url = {https://doi.org/10.1504/ijics.2022.121297},
doi = {10.1504/ijics.2022.121297},
month = {jan},
pages = {179–203},
numpages = {24},
keywords = {survey, dynamic analysis, static analysis, malware classification}

Music

As I said in hobbies here you can find a list of songs I like to listen while working:

人間椅子 (Ningen Isu) - 怪人二十面相 (Kaijin Nijū Mensō)

人間椅子「見知らぬ世界」(”Mishiranusekai” - NINGEN ISU)

ウルフルズ “サンシャインじゃない? (Ulfuls - Sunshine janai?)

ウルフルズ - ガッツだぜ!! (Ulfuls - Gattsu daze!!)

BLACKPINK - ‘마지막처럼 (AS IF IT’S YOUR LAST)’

MOMOLAND「BAAM -Japanese ver.-」

MOMOLAND「BBoom BBoom -Japanese ver.-」

BLACKPINK - ‘STAY’

SING女團-千年

Dreamcatcher(드림캐쳐) ‘MAISON’ MV