Hacking a Moving Target
|
|
- Cora Bradford
- 5 years ago
- Views:
Transcription
1 Hacking a Moving Target Mobile ApplicaLon PenetraLon Chris Cuevas Senior Security Consultant ccuevas@secureideas.net Office Secure Ideas LLC hdp://
2 Chris Cuevas Security Consultant at Secure Ideas Open Source Advocate Contributor to SamuraiWTF and MobiSec Co- Author of Sec571: Mobile Device Security SANS Mentor SEC504 Incident Handling and Hacker Techniques I piss off large corporalons from Lme to Lme (shmoocon talk) 2012 Secure Ideas LLC hdp:// 2
3 What I'll be talking about today ios (yep I have one of those devices) Device Overview ADacks Android (yep I have one of those devices) Device Overview ADacks Blackberry (sorry not my area of experlse) ADacking Mobile ApplicaLons Demo 2012 Secure Ideas LLC hdp:// 3
4 Mobile Device Overview This is more important than some people think Understanding the adack surface is key to pulling off a successful adack What version of the underlying OS is running will draslcally alter what adack oplons I have to work with 2012 Secure Ideas LLC hdp:// 4
5 Apple Device Overview iphone 5 generalons of iphone Models 4 different storage capaciles 5 major versions of ios operalng system ipad 3 generalons of ipad models WiFi Only WiFi plus 3G WiFi plus 4GLTE 3 different storage capaciles 3 versions of ios operalng system
6 ios Version Overview Originally iphone OS for version 1 and 2 ios version 3 (release of ipad) Find my phone oplon added in mobileme HTML 5 support ios version 4 EncrypLon for user data Background localon Find my iphone ios version 5
7 ios App Store The ios App Store is the official store Released in July of 2008 Part of ios The App Store has over 500,000 apps 18 billion downloads As of October 2011 Accessible from a number of interfaces ios itunes Apple web site Apple vets applicalons before release They can revoke the applicalon
8 Android Device Overview Android runs on a wide variety of devices Chosen by the hardware manufacturer CPU Qualcomm, Tegra2, Snapdragon, Cortex A9 Storage From 512MB to 32GB The bootloader chosen by the carrier affects access Changes the image capabililes
9 Android Version Overview Android 2.2 Froyo Improved Exchange support Android 2.3 Gingerbread Switched from YAFFS to ext4 Android 3.0 Honeycomb Designed for Tablets Android 4.0 Ice Cream Sandwich Face Unlock Android Beam (NFC)
10 Android Markets Android has a number of marketplaces for applicalons Google Market Amazon App Store Vendor and Carrier Store fronts ApplicaLons can also be installed from the developer or a web site As with the variety of hardware, this variety of app sources causes difficulles DifficulLes for the developers and organizalons Controlling app sources is a problem Is the app installed the right one?
11 Mobile ADacks Let's look at some of the types of adacks we see on mobile devices today 2012 Secure Ideas LLC hdp:// 11
12 Malicious ApplicaLons Android Easy to anonymously sign apps to distribute through Android Market Google Bouncer (RootSmart for the bypass) ios More difficult to bypass vemng process, but not impossible RootSmart type bypass could work as well hdp://contagiominidump.blogspot.com/ (colleclon of mobile malware) 2012 Secure Ideas LLC hdp:// 12
13 Malicious Web Sites Malicious Javascript BeEF Hook Android browser has access to SDcard where applicalon data is stored HTML5 compliant browsers FTW J Web Workers Web Storage Firefox and Chrome Extensions 2012 Secure Ideas LLC hdp:// 13
14 Malicious Networks Lines are blurred over internal and external as the network is everywhere Cellular Data Plans slll connect you to the internet WiFi hotspots CredenLal HarvesLng MiTM ADacks Home Networks Sync OrganizaLonal Device to personal PC 2012 Secure Ideas LLC hdp:// 14
15 MiTM ADacks I have to be physically near the device Session Highjacking FaceNiff (FireSheep for Android) ARP Poisoning If I'm the gateway I control the flow of traffic Most apps communicate using hdp I love BURP 2012 Secure Ideas LLC hdp:// 15
16 Mobile ApplicaLon Discovery Mobile applicalon discovery is similar to web applicalons Most of the same flaws exist Slight differences in client- side adacks XSS has different targets for example The tools are similar Main focus is interceplng traffic
17 TesLng Techniques TesLng mobile applicalons can take many forms TesLng the back- end site or service Reverse engineering the applicalon Code analysis of the sopware We will focus on the first two As that is typically what penetralon tests include Mobile interfaces are open found during normal tests
18 Reverse Engineering A decompiler does not reconstruct the original source code But it gets us close enough There are many obstacles to overcome in reversing Mobile ApplicaLons ios applicalons are encrypted using Apple's binary encryplon scheme DecrypLng this format is not a new technique 2012 Secure Ideas LLC hdp:// 18
19 Android SDK A comprehensive set of development tools Includes a debugger, libraries, and an emulator Android applicalons are wriden in Java and packaged in.apk format contain.dex files which are compiled byte code files called Dalvik executables adb is our friend 2012 Secure Ideas LLC hdp:// 19
20 adb Android Debug Bridge (part of the SDK) lets you communicate with an emulator instance or connected Android- powered device You can push, pull, install, and remove files and apps using adb Secure Ideas LLC hdp:// 20
21 Xcode A suite of tools developed by Apple for developing sopware for OS X and ios The main applicalon is the Xcode IDE Apps are wriden in ObjecLve C An Object Oriented language that adds Smalltalk- style messaging to C Mach- O executable format which allows for "fat binaries" containing code for mullple architectures 2012 Secure Ideas LLC hdp:// 21
22 otool Displays specified parts of object files or libraries OpLons we are interested in - t Display the contents of the ( TEXT, text) seclon - o Display the contents of the OBJC segment used by the ObjecLve- C run- Lme system - V Display the disassembled operands symbolically hdp://pauldotcom.com/wiki/index.php/ Episode226#Guest_Tech_Segment:_Eric_MonL_on_iPhone_ ApplicaLon_Reversing_and_Rootkits 2012 Secure Ideas LLC hdp:// 22
23 dex2jar dex2jar is a tool for converlng Android's.dex format to Java's.class format dex- tool add support to DeObfuscate a jar dex- tool can also be used to modify an.apk Requires a decompiler to view the source Jd- gui JAD 2012 Secure Ideas LLC hdp:// 23
24 IntercepLon Tools IntercepLon is one of our main goals Can we get between the applicalon and the server IntercepLon tools do more then intercept They can analyze the traffic They can inject adacks 2012 Secure Ideas LLC hdp:// 24
25 isniff SSL man- in- the- middle tool Works on ios < devices vulnerable to CVE WriDen Redirect SSL traffic from NAT'd clients to isniff as follows iptables - t nat - A PREROUTING - p tcp - - deslnalon- port j REDIRECT - - to- ports Secure Ideas LLC hdp:// 25
26 Burp Suite Integrated plaworm for performing security teslng of web applicalons Some of the tools from the suite we will talk about today Burp IntercepLng Proxy Burp Intruder (fuzzing of applicalon requests) Burp Repeater (tool for manually modifying and reissuing individual HTTP requests) 2012 Secure Ideas LLC hdp:// 26
27 Mallory Mallory is a transparent proxy Proxies TCP and UDP This allows us to intercept traffic Without configuring the device with a proxy Great for older versions of Android
28 Mallory Mallory works with IPTables and the network adaptors Provides an access point for other devices It then tunnels the traffic through the Mallory system Allowing us to intercept and modify the traffic
29 Demo Decompile an Android.apk Unzip dex2jar Java decompiler Decompile an ios.ipa Yes I wish it was the beer too ;- ) Unzip otool 2012 Secure Ideas LLC hdp:// 29
30 Thank You To my family To SecureIdeas Special thanks to John H Sawyer for just being awesome 2012 Secure Ideas LLC hdp:// 30
Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationOWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101
OWASP German Chapter Stammtisch Initiative/Ruhrpott Android App Pentest Workshop 101 About What we will try to cover in the first session: Setup of a Mobile Application Pentest Environment Basics of Mobile
More informationMobile Hacking & Security. Ir. Arthur Donkers & Ralph Moonen, ITSX
Mobile Hacking & Security Ir. Arthur Donkers & Ralph Moonen, ITSX Introduction Who we are: Ir. Arthur Donkers Ralph Moonen ITSX 2 Agenda Mobile Threats BYOD iphone and Android hacking 3 Threats Various:
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationWhy Android? Why Android? Android Overview. Why Mobile App Development? 20-Nov-18
Why Android? Android Overview Dr. Siddharth Kaza Dr. Josh Dehlinger A lot of students have them 2010 survey by University of CO 1 : 22% of college students have Android phone (26% Blackberry, 40% iphone)
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationMobile hacking. Marit Iren Rognli Tokle
Mobile hacking Marit Iren Rognli Tokle 14.11.2018 «Hacker boss Marit» Software Engineer at Sopra Steria Leading TG:Hack, Norways largest hacking competition Leading UiO-CTF with Laszlo Shared 1st place
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationWireless Presentation Gateway User Guide
User Guide Table of Contents 1 Initial Setup Present Anything Without Wires p. 3 2 From A Laptop (Windows or Mac) First, download he client p. 4 Now connect p. 5 Additional Features p. 6 3 From An ios
More informationIntroduction To Android
Introduction To Android Mobile Technologies Symbian OS ios BlackBerry OS Windows Android Introduction to Android Android is an operating system for mobile devices such as smart phones and tablet computers.
More informationIJRDTM Kailash ISBN No Vol.17 Issue
ABSTRACT ANDROID OPERATING SYSTEM : A CASE STUDY by Pankaj Research Associate, GGSIP University Android is a software stack for mobile devices that includes an operating system, middleware and key applications.
More informationAndroid App Development. Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore
Android App Development Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore Mobile devices (e.g., smartphone, tablet PCs, etc.) are increasingly becoming an essential part of human life
More informationand Security Testing Shawn Valle gmail. com May 2013
and Security Testing Shawn Valle shawnvalle @ gmail. com May 2013 Introductions 16 years in IT and security (CISSP, MCP, LCP) Co-established FFRDC s Mobile Security Practice in 2010, leading engineering
More informationThursday, October 25, 12. How we tear into that little green man
How we tear into that little green man Who are you?! Mathew Rowley (@wuntee) Senior security consultant at Matasano Agenda Techniques MITM - SSL Static analysis -> Skype secret menu Modifying an app ->
More informationone_mobile User Guide
March 17, 2014 one_mobile User Guide Version Number v2.0 Client Services -1 - Table of Contents 1 Overview... 3 1.1 one_mobile Data... 3 2 Requirements... 4 2.1 ActiveSync... 4 2.1.1 List of Verified Supported
More informationAndroid In Industrial Applications. A Field Report
Garz & Fricke Android In Industrial Applications A Field Report Android In Industrial Applications A Field Report Contents What we will talk about Garz & Fricke Company Overview Introduction to Android
More informationjava -jar Xmx2048mb /Applications/burpsuite_pro_v1.5.jar
Training: An Introduction to Burp Suite Part One By Mike Sheward Burp suite provides a solid platform for launching a web application security assessment. In this guide we re going to introduce the features
More informationTeleOffice 3.1 TeleOffice Checklist
TeleOffice Checklist Document Date: 2015.10.17 Document Version: 3.1.002 1 Table of Contents 1 Table of Contents... 2 2 Introduction... 3 3 System Requirements... 4 3.1 Requirements for Windows PC... 4
More informationNetwork Defenses KAMI VANIEA 1
Network Defenses KAMI VANIEA 26 SEPTEMBER 2017 KAMI VANIEA 1 First the news http://arstech nica.com/secu rity/2015/04/ meet-greatcannon-theman-in-themiddleweapon-chinaused-ongithub/ 2 First the news http://arstechni
More informationSupported Devices, OS, and Browsers
Kony Visualizer Supported Devices, OS, and Browsers Release V8 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version stated
More informationTelemedicine Starter Kit
Telemedicine Starter Kit About Concentra Telemed Concentra Telemed is the first telemedicine product designed for workers compensation. Everything about it from the easy check-in to the thorough screening
More informationHow To Install Flash Firefox Android Tablet Os On Hp
How To Install Flash Firefox Android Tablet Os On Hp Adobe may have cut support for Flash in Android Jelly Bean and beyond, but it's not don't officially support Flash, it's really easy to add Flash support
More information1) What is the difference between Mobile device testing and mobile application testing?
1) What is the difference between Mobile device testing and mobile application testing? Ans. Mobile device testing means testing the mobile device and mobile application testing means testing of mobile
More informationMOBILE SECURITY OVERVIEW. Tim LeMaster
MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a
More informationNow SMS/MMS Android Modem Quick Start Guide
Now SMS/MMS Android Modem Quick Start Guide Using a GSM modem, or an Android phone as a modem, is a quick and efficient way to get started with SMS and/or MMS applications. No special service provider
More informationAndroid Reverse Engineering tools Not the Usual Suspects. Axelle Apvrille - Fortinet
Android Reverse Engineering tools Not the Usual Suspects Axelle Apvrille - Fortinet aapvrille@fortinet.com Virus Bulletin, October 2017 Virus Bulletin Oct 2017 - A. Apvrille 2/34 Outline 1 Docker environment
More informationCh 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated
Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17 What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers
More informationInstallation Guide - Mac
Kony Visualizer Enterprise Installation Guide - Mac Release V8 SP3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version
More information1. SUPPORT PLATFORMS 2. INSTALLATION GUIDE Install Android SDK
TABLE CONTENT 1. SUPPORT PLATFORMS... 2 2. INSTALLATION GUIDE... 2 2.1. Install Android SDK... 2 2.2. Setup environment... 3 2.2.1. Setup Android environment... 3 2.2.2. Set developer environment on Android...
More informationManage Mobile Security Incidents Like A Boss
Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015 Legal Notice From My Lawyer The opinions expressed in this presentation represent
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationAhmed Ali Big fan of Android
Ahmed Ali Big fan of Android Mobile Operating Systems What is your Mobile OS? What is your opinion about it? Why you are using it? Do you know any other OSs?? Mobile Operating Systems Click to edit Master
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationAndroid OS. Operating System based on Linux [ ] [Jonas Teuscher, Alex Cuordileone, Cédric Glaus]
1 Android OS Operating System based on Linux [24-02-16] [Jonas Teuscher, Alex Cuordileone, Cédric Glaus] 1 https://www.androidpit.com/android-marshmallow-update-overview-for-smartphones-and-tablets 2 https://blog.idrsolutions.com/2014/12/android-apps-ide-for-java-coder-programmers/
More informationSTAMP: AN AUTOMATED UNKNOWN ZERO- DAY VULNERABILITY DISCOVERY SYSTEM FOR MOBILE PLATFORMS
STAMP: AN AUTOMATED UNKNOWN ZERO- DAY VULNERABILITY DISCOVERY SYSTEM FOR MOBILE PLATFORMS Dr. S. P. T. Krishnan Institute for Infocomm Research Ms. Seetha M. J. Institute for Infocomm Research Session
More informationA MODEL FOR COMPARATIVE ANALYSIS OF THE SIMILARITY BETWEEN ANDROID AND IOS OPERATING SYSTEMS
Bulletin of the Transilvania University of Braşov Series V: Economic Sciences Vol. 7 (56) No. 2-2014 A MODEL FOR COMPARATIVE ANALYSIS OF THE SIMILARITY BETWEEN ANDROID AND IOS OPERATING SYSTEMS R. LIXĂNDROIU
More informationAndroid Overview. Francesco Mercaldo, PhD
Android Overview Francesco Mercaldo, PhD Post-Doctoral researcher Corso di Sicurezza delle Reti e dei Sistemi Software Università degli Studi del Sannio (fmercaldo@unisannio.it) Things are not always what
More informationMcAfee Network Security Platform
Revision B McAfee Network Security Platform (8.1.7.5-8.1.3.43 M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationSurviving Your Phone: Protecting Mobile Communications With Tor. Marco Bonetti - CutAway s.r.l.
Surviving Your Phone: Protecting Mobile Communications With Tor Marco Bonetti - CutAway s.r.l. whoami Marco Bonetti Security Consultant @ CutAway s.r.l. mbonetti@cutaway.it http://www.cutaway.it/ Tor user
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationWhat is Efficiency Worth?
Kevin M. Martin, CPA, CITP, MCSE Martin & Assoc., Cincinnati, Ohio Ohio Society of CPAs Cincinnati Accounting Show September 18, 2013 My Tablet Computing Experience Punch Cards Compaq Sewing Machine Laptop
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationManual For Android Jelly Bean Features Vs Ice
Manual For Android Jelly Bean Features Vs Ice Cream Sandwich Tablet Succeeded by, Android 4.1 "Jelly Bean" Android 4.0 "Ice Cream Sandwich" is a version of the Android mobile operating tablet-only release
More informationBLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS
Use one form per registrant. BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS This form is for those who have existing USA 2013 Training Registration and have an existing Confirmation Number. If
More informationEvidence.com May 2017 Release Notes
Evidence.com May 2017 Document Revision: A Evidence.com Version 2017.5 Apple, ios, and Safari are trademarks of Apple, Inc. registered in the US and other countries. Firefox is a trademark of The Mozilla
More informationBCA 6. Question Bank
BCA 6 030010601 : Introduction to Mobile Application Development Question Bank Unit 1: Introduction to Android and Development tools Short questions 1. What kind of tool is used to simulate Android application?
More informationAndroid System Development Training 4-day session
Android System Development Training 4-day session Title Android System Development Training Overview Understanding the Android Internals Understanding the Android Build System Customizing Android for a
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationBCW Web Browser Versions and Update Instructions Updated 5/5/2017
To remain HIPAA compliant and adhere to DPH security requirements, all BCW providers (public and private) are responsible for ensuring that the web browser on the PC(s) used to access BIBS meet the following
More informationSmall footprint inspection techniques for Android
Small footprint inspection techniques for Android Damien Cauquil, Pierre Jaury 29C3 December 29, 2012 Damien Cauquil, Pierre Jaury Small footprint inspection techniques for Android 1 / 33 Introduction
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationOpera Mini Manual For Android Tablet Internet
Opera Mini Manual For Android Tablet Internet Download Opera Mini for your Android tablet now. Enjoy faster and cheaper internet with Opera Mini, one of the world's most popular mobile browsers. Opera
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationXcode An Ssl Error Has Occurred And A Secure Connection To The Server Cannot Be Made
Xcode An Ssl Error Has Occurred And A Secure Connection To The Server Cannot Be Made xcode - Bot creation failed with error: An SSL error has occurred and a secure connection to the server cannot be made.
More informationFlash Player Manually For Android Tablet 2.2 Gratis
Flash Player Manually For Android Tablet 2.2 Gratis Flash Player is a free application for the Android that lets users view Flash-based applications on their mobile device. With this software, users are
More informationSostenuto Hardware and Software Configuration Guide. Date: October Page 1 of 15
Sostenuto 5.3.1 Hardware and Software Configuration Guide Date: October 2017 Page 1 of 15 All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, or
More informationWho are we? Jeremy Allen Rajendra Umadas. Scratching the Itch Introducing: Mallory Architecture/Design Open Source Tool
Who are we? Jeremy Allen Rajendra Umadas What do we do? Black box Mobile App Assessments, Thick Clients, Web apps Why Mallory Exists? Proxy setups for apps Throwaway tools that are all similar Scratching
More informationWhen providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS
When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationGeneral System Requirements MCS Apps
General System Requirements MCS Apps Document status Document owner LIVE Thomas Verdyck Goals Get insight on the minimal hardware & software requirements needed for running an app of the MCS Software suite.
More informationAndroid Analysis Tools. Yuan Tian
Android Analysis Tools Yuan Tian Malware are more creative: XcodeGhost More than 300 a pps are infected, including wechat and netease Collect device ID, Apple ID and p assword 10/3/15 CMU Mobile Security
More informationSESSION 113 INTEGRATING TABLETS. Joe Burke CTO Chetco Digital Instruments October 2, 2012
SESSION 113 INTEGRATING TABLETS Joe Burke CTO Chetco Digital Instruments October 2, 2012 Today s Overview 1 Getting Data to your Tablet 2 Pulling Vessel Data 3 Pushing Vessel Data Getting Data to your
More informationUnified Access Gateway Double DMZ Deployment for Horizon. Technical Note 04 DEC 2018 Unified Access Gateway 3.4
Unified Access Gateway Double DMZ Deployment for Horizon Technical Note 04 DEC 2018 Unified Access Gateway 3.4 Unified Access Gateway Double DMZ Deployment for Horizon You can find the most up-to-date
More informationEvent Password: NationalCenter2017 DON T FORGET STEP 2 ON THE NEXT PAGE!
Hi, We ve built a mobile app for 2017 Parents as Teachers International Conference! It has all the important information you ll need for the event, and features to enhance your event experience. Step 1:
More informationBest practices for mobile device encryption and security
Best practices for mobile device encryption and security Introduction College sensitive information stored on a mobile computing device is at risk for unauthorized access and disclosure if appropriate
More informationEnabling the Mobile Professional
Enabling the Mobile Professional Shawn Misquitta Senior Director of Technology What s driving the need for mobile solutions? Wireless and data connections are becoming ubiquitous and users expect to be
More informationReconstructing DALVIK. Applications. Marc Schönefeld CANSECWEST 2009, MAR18
Reconstructing DALVIK Applications Marc Schönefeld CANSECWEST 2009, MAR18 Motivation As a reverse engineer I have the tendency to look in the code that is running on my mobile device Coming from a JVM
More informationfebruary 2013 part 1 of 3
february 2013 part 1 of 3 contents hardware 3 software 10 hardware Microsoft Surface Pro Tablet Initial Reviews Mixed http://bit.ly/129hdn4 http://bit.ly/129hsrr http://nyti.ms/129hv6z -Laptop/Tablet Hybrid
More informationAccess Point Connection in Departments and SSSH
Access Point Connection in Departments and SSSH 1. Access point names. i) veccse ii) vecit iii) vecece iv) vecmba v) SSSH1 2. Proxy Address for Access Point(Wi-Fi) i) For CSE(vec-cse) Proxy Address:172.16.1.2
More informationCase Studies, Lessons Learned. Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University
Case Studies, Lessons Learned Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University Case Study Overview 3 different types of cases Troubleshooting We have systems
More informationSYSTEM REQUIREMENTS M.APP ENTERPRISE
SYSTEM REQUIREMENTS M.APP ENTERPRISE Description or Document Category October 06, 2016 Contents M.App Enterprise Server... 3 Hardware requirements... 3 Disk space requirements... 3 Production environment
More informationMobile Devices and Smartphones
Mobile Devices and Smartphones Smartphone Modern smartphones can do almost as much as a desktop PC could. They are extremely mobile and convenient. With a proper service provider they can access the internet
More informationTHE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS
SESSION ID: MBS-W04 THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS Nadir Izrael CTO & Co-Founder Armis, Inc. Ben Seri Head of Research Armis, Inc. Placeholder Slide: Image of spread of infection Placeholder
More informationIntegrated Software Environment. Part 2
Integrated Software Environment Part 2 Operating Systems An operating system is the most important software that runs on a computer. It manages the computer's memory, processes, and all of its software
More informationManually Install 2.2 Update Android To 4.0 In
Manually Install 2.2 Update Android To 4.0 In Samsung Galaxy Tab The Samsung Galaxy Tab 4 10.1 Wi-Fi and LTE models are getting the Android Samsung Galaxy Tab S 8.4 Android 5.0 Lollipop Update: Download
More informationCS260 Intro to Java & Android 04.Android Intro
CS260 Intro to Java & Android 04.Android Intro Winter 2015 Winter 2015 CS260 - Intro to Java & Android 1 Android - Getting Started Android SDK contains: API Libraries Developer Tools Documentation Sample
More informationMoving Targets: Assessing the Security of Mobile Devices. March 3 rd, 2016 Kevin Johnson, CEO Secure Ideas
Moving Targets: Assessing the Security of Mobile Devices March 3 rd, 2016 Kevin Johnson, CEO Secure Ideas Conflict of Interest Kevin Johnson Has no real or apparent conflicts of interest to report. Kevin
More informationMobile Middleware Course. Mobile Platforms and Middleware. Sasu Tarkoma
Mobile Middleware Course Mobile Platforms and Middleware Sasu Tarkoma Role of Software and Algorithms Software has an increasingly important role in mobile devices Increase in device capabilities Interaction
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationBUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, Magdeburg, Germany
BUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Email hpilz@av-test.de ABSTRACT The growth of the Smartphone market over the
More informationLecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing
Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationTales of Practical Android Penetration Testing (Mobile Pentest Toolkit) Alexander Subbotin OWASP Bucharest AppSec 2018
Tales of Practical Android Penetration Testing (Mobile Pentest Toolkit) Alexander Subbotin OWASP Bucharest AppSec 2018 About Me About Me IT Security Consultant (https://subbotin.de) Penetration Tester/Ethical
More informationMobile Testing Survival Knowledge Part IV. Created by Ivette Doss
Mobile Testing Survival Knowledge Part IV Created by Ivette Doss 1 Objectives Today: Specific of Mobile Testing: Android SDK daily testing activities (screenshots and logs) Emulator/Simulator RDA Services
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationAndroid Forensics: Investigation, Analysis And Mobile Security For Google Android PDF
Android Forensics: Investigation, Analysis And Mobile Security For Google Android PDF Android Forensics: Investigation, Analysis, and Mobile Security for Google Android examines the Android mobile platform
More informationAndroid Forensics. Investigation, Analysis, Google Android. and Mobile Security for. Andrew Hoog. John McCash, Technical Editor SYNGRESS
Android Forensics Investigation, Analysis, and Mobile Security for Google Android Andrew Hoog John McCash, Technical Editor AMSTERDAM BOSTON. HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO.
More informationMOBILE DEFEND. Powering Robust Mobile Security Solutions
MOBILE DEFEND Powering Robust Mobile Security Solutions Table of Contents Introduction Trustlook SECURE ai Mobile Defend Who Uses SECURE ai Mobile Defend? How it Works o Mobile Device Risk Score o Mobile
More informationWebSphere Puts Business In Motion. Put People In Motion With Mobile Apps
WebSphere Puts Business In Motion Put People In Motion With Mobile Apps Use Mobile Apps To Create New Revenue Opportunities A clothing store increases sales through personalized offers Customers can scan
More informationInstallation Guide - Mac
Kony Visualizer Enterprise Installation Guide - Mac Release 7.3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version stated
More informationPractical Automated Web Application Attack Techniques Justin Clarke Gotham Digital Science Gotham Digital Science Ltd
Practical Automated Web Application Attack Techniques Justin Clarke Gotham Digital Science Why this talk? The techniques are well known, but how about some way of applying ppy them? Commercial tools are
More informationConfiguration Guide. BlackBerry UEM. Version 12.9
Configuration Guide BlackBerry UEM Version 12.9 Published: 2018-07-16 SWD-20180713083904821 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the first time...9 Configuration
More informationNCP VPN Path Finder for Juniper SRX Gateways
NCP VPN Path Finder Technology In many cases, IPsec and SSL VPN are complementary, because they solve different problems. This complementary approach allows a single device to address all remote-access
More informationAHNLAB 조주봉 (silverbug)
AHNLAB 조주봉 (silverbug) Android Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Application framework Dalvik virtual machine Integrated
More informationConfiguration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2
Configuration Guide BlackBerry UEM Version 12.7 Maintenance Release 2 Published: 2017-12-04 SWD-20171130134721747 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationAvaya Mobile Video Release Notes
Release Notes Release 3.4.1 Issue 1.0 March 2018 3.4.1 Release Notes Page 1 Contents Purpose... 3 Support... 3 Publication history... 3 General remarks... 3 Software information... 3 Software download...
More informationBest Practices of IBM Notes Traveler Deployment. Date: 27 Aug 2015
Best Practices of IBM Notes Traveler Deployment Date: 27 Aug 2015 Open Mic Team Sandip Singh - IBM ICS Support engineer Presenter Sukanya Yenneti - IBM ICS Support engineer Presenter Ranjit Rai - IBM ICS
More informationInstallation Guide - Windows
Kony Visualizer Enterprise Installation Guide - Windows Release V8 SP3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version
More information