Threat Intelligence Analyst - Remote Access Tools in Digital Banking Fraud

Location: Diegem

Duration: 6 months with the possibility of extension

Remote Work: 2 days of home working possible

Purpose of Assignment:

The primary objective of this assignment is to conduct a thorough analysis of the functionality of common remote access tools. The specific tasks involved include:

• Installing common commercial remote access tools across various platforms, including Android, iOS, Windows, and macOS.
• Computing and collecting hash values (e.g., MD-5, SHA-1, SHA-256) of common commercial remote access tools.
• Dissecting the architecture of these tools to identify their core components and functionalities.
• Investigating the communication mechanisms used by these tools, including client-server and peer-to-peer models.
• Identifying and documenting the network communication ports (TCP/UDP) utilized by the remote access tools, if any.
• Analyzing whether the remote access tools expose Application Programming Interfaces (APIs).
• Documenting permissions requested and utilized by the remote access tools, with a particular focus on Android and iOS.
• Examining the impact of remote access tools on user interaction elements such as mouse movements and keypress duration.
• Formulating and recommending practical and effective approaches for detecting the presence of remote access tools on end-user devices.

Deliverables:

The key outcome of this assignment is a comprehensive written report detailing the findings of the analysis conducted across all the aforementioned tasks. This report should provide clear, well-supported insights into the functioning of the analyzed remote access tools and the recommended detection strategies.

Required Skills:

Technical Skills:

• Operating systems: Familiarity with the internals, configuration, and security mechanisms of common operating systems, including Android, iOS, Windows, and macOS.
• Networking fundamentals: Good understanding of computer networking concepts, protocols (TCP/IP, UDP), and network security principles.
• Mobile security: Knowledge of Android and iOS security architectures, permission models, inter-process communication, and common mobile malware techniques.
• Security tools and technologies: Exposure to various security tools used for system monitoring, network analysis, and endpoint security.
• Scripting and automation: Proficiency in scripting languages (e.g., Python, Bash) for automating tasks related to analysis and data collection.

Analytical and Problem-Solving Skills:

• Critical thinking: Ability to analyze complex technical information, identify patterns, and draw logical conclusions.
• Problem-solving: Capacity to investigate technical challenges, troubleshoot issues during analysis, and devise effective solutions.
• Attention to detail: Meticulous approach to examining system behavior, network traffic, and application functionalities.

Communication and Documentation Skills:

• Technical writing: Proven ability to clearly and concisely document technical findings, methodologies, and recommendations in a structured and professional manner.
• Verbal communication: Ability to effectively communicate technical concepts and findings to both technical and non-technical audiences.

Other Skills:

• Independent work: Ability to manage time effectively, prioritize tasks, and work independently with minimal supervision.
• Curiosity and initiative: A proactive approach to learning and exploring new security threats and technologies.

Qualifications:

• Junior or intermediate profile
• Bachelor (or Master) in Computer Science
• Practical experience is the most important