Election Security, Inside Android Malware, LLM Limits in Assembly Code Analysis

Welcome to OWASP Oslo chapter meetup. We will have three talks and food will be served.

Agenda:

• 17:00 - 17:15: Food and mingling
• 17:15 - 17:55: Hacking the Hackers’ Code: Inside Android Malware - Caner Kaya
• 18:00 - 18:40: When AI Meets Obfuscation: Testing LLM Limits in Assembly Code Analysis - Anton Tkachenko
• 18:45 - 19:30: From Ballots to Code: Exploring Election Security - Hallvard Nygård

Times are approximate.

Venue and food are kindly sponsored by Promon.

Hacking the Hackers’ Code: Inside Android Malware - Caner Kaya, Product Owner, Promon
In this session, we dive deep into the world of Android malware, focusing on how threat actors exploit the platform's Accessibility Service to gain control over devices. Accessibility Service, designed to assist users with disabilities, has become a common target for malware developers due to its powerful capabilities.
Through live demonstrations and real-world case studies, we will reverse-engineer a malicious app to reveal the tactics hackers use to bypass security measures and manipulate this critical service. Attendees will gain insights into identifying, dissecting, and mitigating these threats, enhancing their ability to protect Android users from sophisticated attacks.
Join us as we "hack the hackers" and uncover the hidden workings behind some of the most dangerous malware targeting Android.

Caner Kaya is a Product Owner at Promon, with a background as a Security Software Engineer and over seven years of expertise in Android security. As a passionate reverse engineer, Caner has uncovered critical vulnerabilities and analyzed numerous sophisticated malware targeting the Android platform. His deep technical knowledge and dedication to security have positioned him as a key figure in the field of mobile cybersecurity. Before joining Promon, Caner held pivotal roles at Telenor and TietoEVRY, where he contributed to a variety of technical and software development projects. With a strong commitment to advancing mobile security, Caner continues to push the boundaries of reverse engineering and threat mitigation.

When AI Meets Obfuscation: Testing LLM Limits in Assembly Code Analysis - Anton Tkachenko, Security Researcher, Promon
This presentation shares findings from systematic testing of how current Large Language Models handle assembly code deobfuscation—a critical challenge in both malware analysis and software protection.
We evaluated seven commercial LLMs (GPT-4, Claude, DeepSeek, and others) against real-world obfuscation techniques used by OLLVM. The results reveal clear patterns: models handle some techniques reasonably well but consistently fail when multiple obfuscation methods are combined. By analyzing specific error patterns across hundreds of deobfuscation attempts, we identified five recurring failure modes—from misinterpreting mathematical conditions to fabricating code constants.
Based on these observations, we developed a four-dimensional framework—Reasoning Depth, Pattern Recognition, Noise Filtering, and Context Integration—that helps explain and predict when and why LLMs succeed or fail at deobfuscation tasks.

Anton Tkachenko is a Security Researcher at Promon specializing in AI and code obfuscation. He holds a PhD in Mathematics from the Western University of Applied Sciences, providing a strong academic foundation for his work. Before his doctoral studies, Anton was a researcher at the Laboratory of Quantum Mechanics at BUCT.

From Ballots to Code: Exploring Election Security - Hallvard Nygård, Storebrand
Digital systems are integral parts of elections in Norway and elsewhere. Are they secure? Can we audit the systems? Can we audit the Norwegian elections on paper? Should Norway introduce electronic voting machines?
Democracy is at stake. Should we outsource democracy to the machines? As a professional, you should know a thing or two about election security and the election process.
In this talk, Hallvard will dive into the Norwegian election. How it works. What safeguards there are and what weaknesses he finds. The last couple of elections he's been hard at work collecting data and generally poking around.
Experienced from the world of ethical hacking through responsible disclosure, he has had a security mindset on while exploring, finding and reporting on election security. The reporting and also complaints to election officials aims to raise security awareness and harden the Norwegian election against attacks.