Manage Mobile Security Incidents Like A Boss
|
|
- Rosemary McKenzie
- 6 years ago
- Views:
Transcription
1 Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015
2 Legal Notice From My Lawyer The opinions expressed in this presentation represent my own and not my employers. 2
3 Bio Sr. Vulnerability Manager at Kimberly Clark. Built and manages KCC's first vulnerability management program. Previously I worked at Yahoo! where I built and led global e- Crime investigations and incident response teams. I received Yahoo! Hackovation and Yahoo! Excellence awards for his innovative work in successful operations against fake customer care centers. Adjunct faculty at the Texas A&M University and teach computer science courses. Completed Master of Science in Computer science and hold degrees in Mathematics and Electronics engineer. Currently working towards MBA at UT Dallas. 3
4 Agenda Mobile Industry In Numbers Mobile Security In Numbers Mobile Security vs PC Security Mobile Vulnerability Triage Android ios Conclusion 4
5 Mobile Industry In Numbers Google store has 1.6 million applications, and Apple store has 1.5 million applications. There are 102 billions mobile app download worldwide and 9 billions of them are paid apps. This generated 26 billions U.S. dollars.. NTX ISSA Cyber Security Conference October 2-3,
6 Security Problems Companies try to have mobile presence desperately and ask their IT departments or hire third parties to create mobile applications for their products, services and web sites. Companies would like to get their apps out as soon as possible like they wanted to have their websites without checking their security in 90s. 6
7 Mobile Security in Numbers 300 # of software aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185% in less than a year. IOS Vulnerabilities 40 Android Vulnerabilities
8 Mobile vs Traditional OS Vulnerability Type ios Vulnerabilities By Type Windows 7 Vulnerabilities By Type
9 9
10 The Challenges For Incident Responders Vulnerability X works only in Android version Y and hardware is Samsung Model Z This could mean security teams needs to buy all those hardware. Another issue is lack of mobile security knowledge. Often security teams try to handle mobile security incidents as traditional web security incidents. These cause longer hours of work and potentially don t help company to fix the issue. 10
11 Mobile vs PC Security DFIR Vulnerability Management Mobile Lots of thing to figure out Not capable tools Harder. Old vulnerabilities require new testing mechanism. Management of devices Distributed No custom image PC Well Established Good tools for testing vulnerabilities. Good patch management tools, process, methodologies Network Intrusion Harder LTE 4G 3G Established e-crime Apps store lots of Similar to mobile sensitive info including birth date, banking credentials etc CC is also stored Physical Security Easy to steal Established 11
12 Mobile Vulnerability Triage Listening traffic Web vulnerabilities, networking vulnerabilities SSL Vulnerabilities SSL Validation Hostname Mismatch 12
13 Mobile Vulnerability Triage Android Potential Solutions 1)Cloud Solutions -Testroid -For pentest of apk files 2)VM -Not flexible -Networking issue to dump traffic (need to use VPN otherwise no bridge mode for some corporate network ) 13
14 Mobile Vulnerability Triage 3)Android SDK No need to install image/api/device images Very flexible Full emulator which actually runs on real firmware image. Other than hardware vulnerability we can find reproduce any vulnerability in our code 14
15 Creating Emulator and Virtual AVD Manager Devices The AVD Manager provides a graphical user interface in which you can create and manage Android Virtual Devices (AVDs), which are required by the Android Emulator. You can launch the AVD Manager in one of the following ways: In Eclipse: select Window > Android Virtual Device Manager, or click the AVD Manager icon in the toolbar. In Android Studio: select Tools > Android > AVD Manager, or click the AVD Manager icon in the toolbar. In other IDEs: Navigate to your SDK's tools/ directory and execute android avd. Emulator The Android SDK includes a mobile device emulator a virtual mobile device that runs on your computer. The emulator lets you develop and test Android applications without using a physical device. 15
16 Creating VD 16
17 VD List 17
18 Emulator 18
19 Networking Scheme Router/gateway address First DNS server Special alias to your host loopback interface (i.e., on your development machine) / / Optional second, third and fourth DNS server (if any) The emulated device's own network/ethernet interface The emulated device's own loopback interface 19
20 Sniffing Traffic Sniff Traffic 1st way: $emulator -tcpdump pcapfile.pcap -avd myavd Hints: There are other commands related with emulator: 2nd way: $telnet localhost portnumber $network capture start pcapfile.pcap $network capture stop Hints: There are other commands related telnet: 20
21 Sniffing Traffic ios Devices Connect ios device into your Mac. Find out ios device s UDID: Open itunes Find your device and find serial number Click it, then you will see your UDID Go to your terminal and type ifconfig -l Type rvictl s UDID to start device rvictl -s f2f587fcf78ff82dccff88fff7ab6db9e9b0bf94 Starting device f2f587fcf78ff82dccff88fff7ab6db9e9b0bf94 [SUCCEEDED] Type ifconfig l You will see new interface i.e. rvi0 Go to wireshark or do tcpdump to dump the traffic sudo tcpdump i rvi0 w dump.dump 21
22 Validating SSL Vulnerabilities Download burpsuite and configure like this: Click proxy tab and then click intercept tab. Make sure intercept is off. Go to options tab (still under proxy tab). Under proxy listener add your network device (by default it is only listening on localhost) 22
23 Malicious Certificate By default burpsuite is act man in the middle for https connections. That means it sends its own cert to your mobile device and have deal with original https site by itself. Look below: Iphone- Encrypted with BurpsuiteCA--- BurpSuite- EncryptedWithBankingSiteCA--- BankingSite This means your app should recognize this is not a valid cert for the site it originally request i.e. banking site and drop the connection. At a minimum, you should receive a warning from the app, but ideally you see no traffic as well. Many apps will just fail silently or complain of connection issues, which isn't ideal, but not "insecure" per se If you see any traffic in Burp suite that means your app has a validation problem. 23
24 Second vulnerability: HostName Mismatch Is the certificate's hostname verified by your application? For this you will need to acquire a valid certificate, from a CA that is trusted by your device. Comodo is a good source for a free 90 days certificate. Install the valid certificate in your BurpProxy and configure it to offer this cert, rather than the default You can confirm step two is working, by going in to your native browser on the device and trying to go to a HTTPS site. You should receive a certificate hostname warning and when you view the certificate details, you should see that the cert you received is the one you installed in BurpSuite, not the one issued by the PortSwigger CA. 24
25 Mobile Device Configuration 25
26 Burp Suite Configuration 26
27 Conclusion Mobile industry is a fast growing 26 billion dollars industry. Companies are rushing their mobile solutions without proper security reviews This makes mobile apps attractive to hackers Most of the time incident responders don t have good process around triaging the vulnerabilities and know the difference between PC and Mobile vulnerabilities By using free tools an incident responder can triage mobile vulnerabilities We need to think creative! 27
28 Questions Linkedin: linkedin.com/in/guneydas Twitter:realinfosec 28
29 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) Thank you NTX ISSA Cyber Security Conference October 2-3,
Secure Communications Over a Network
Secure Communications Over a Network Course: MITS:5400G Proffessor: Dr. Xiaodong Lin By: Geoff Vaughan 100309160 March 20th 2012 Abstract The purpose of this experiment is to transmit an encrypted message
More informationUNT System Campus VPN Guide
Contents Introduction... 3 SSL Web Portal... 4 Installing AnyConnect VPNClient... 12 Connecting AnyConnect VPN client... 16 IPSec Client Configuration... 18 Apple OS X Configuration... 21 Android Configuration...
More informationThe Savage Curtain: Mobile SSL Failures
The Savage Curtain: Mobile SSL Failures Who are these guys? Tony Trummer - Staff Security Engineer aka SecBro Tushar Dalvi - Sr. Security Engineer & Pool Hustler A Private Little War Our Click to edit
More informationMobile hacking. Marit Iren Rognli Tokle
Mobile hacking Marit Iren Rognli Tokle 14.11.2018 «Hacker boss Marit» Software Engineer at Sopra Steria Leading TG:Hack, Norways largest hacking competition Leading UiO-CTF with Laszlo Shared 1st place
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationInstalling and configuring an Android device emulator. EntwicklerCamp 2012
Installing and configuring an Android device emulator EntwicklerCamp 2012 Page 1 of 29 Table of Contents Lab objectives...3 Time estimate...3 Prerequisites...3 Getting started...3 Setting up the device
More informationAdobe Marketing Cloud Bloodhound for Mac 3.0
Adobe Marketing Cloud Bloodhound for Mac 3.0 Contents Adobe Bloodhound for Mac 3.x for OSX...3 Getting Started...4 Processing Rules Mapping...6 Enable SSL...7 View Hits...8 Save Hits into a Test...9 Compare
More informationMoving Targets: Assessing the Security of Mobile Devices. March 3 rd, 2016 Kevin Johnson, CEO Secure Ideas
Moving Targets: Assessing the Security of Mobile Devices March 3 rd, 2016 Kevin Johnson, CEO Secure Ideas Conflict of Interest Kevin Johnson Has no real or apparent conflicts of interest to report. Kevin
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationApple 9L Mac OS X Security and Mobility Download Full Version :
Apple 9L0-625 Mac OS X Security and Mobility 10.6 Download Full Version : http://killexams.com/pass4sure/exam-detail/9l0-625 A. ipfw B. tcpfw C. sysctl D. Fwmgrd QUESTION: 61 A group of people are testing
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationChoose OS and click on it
1. Installation: 1.1. Install Node.js. Cordova runs on the Node.js platform, which needs to be installed as the first step. Download installer from: https://nodejs.org/en/download/ 1.1.1. Choose LTS version,
More informationThe missing link in the chain? Android network analysis. Rowland Yu Senior Threat Researcher II
The missing link in the chain? Android network analysis Rowland Yu Senior Threat Researcher II Facts Facts Monthly Sample Doubled from 2015 to 2018 600000 Monthly Android Malware Statistics: from September
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationSophos Firewall Configuring SSL VPN for Remote Access
Sophos Firewall Configuring SSL VPN for Remote Access Product Version: 1 Document date: October 2014 Contents 1 Introduction 3 2 Configuring Sophos Firewall 4 2.1 Defining a User Account 4 2.2 Configuring
More informationAdobe Marketing Cloud Bloodhound for Windows 2.2
Adobe Marketing Cloud Bloodhound for Windows 2.2 Contents Bloodhound 2.2 for Windows...3 Getting Started...4 Configure Devices to Send Hits to Bloodhound...5 Enable SSL...6 View Hits...7 Last updated 5/1/2017
More informationPalo Alto Networks PAN-OS
RSA Security Analytics Ready Implementation Guide Partner Information Last Modified: November 24 th, 2014 Product Information Partner Name Palo Alto Networks Web Site www.paloaltonetworks.com Product Name
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationios Ad Hoc Provisioning Quick Guide
ios Ad Hoc Provisioning Quick Guide Applies to: Applications developed for all kinds of ios devices (iphone, ipad, ipod). For more information, visit the Mobile homepage. Summary This article is a quick
More informationUser manual for AirWatch enrollment - Android. Enable your mobile device to access Corporate resources.
User manual for AirWatch enrollment - Android Enable your mobile device to access Corporate resources. Introduction to the AirWatch agent enrollment. This manual, describe, how you can install the AirWatch
More informationSecure Communication in Client-Server Android Apps
Secure Communication in Client-Server Android Apps With a bias towards mobile banking applications. AFRICA HACKON CONFERENCE, 2016. Convergent Security. whoami Masters Candidate Ethical Hacker Web Developer
More informationMan-In-The-Browser Attacks. Daniel Tomescu
Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:
More informationEMPOWER Course Calendar
1 Contents 2 Technology Mobility... 2 3 Technology Cloud... 3 4 Industry Orientation Courses - Circuit and Non Circuit Branches... 4 5 Industry Bridge Courses - Mechanical, Electrical and Instrumentation...
More informationUpdate Root Certificates Feature Isn Enabled >>>CLICK HERE<<<
Update Root Certificates Feature Isn Enabled Windows Xp If you are having issues accessing the itunes Store after updating to the latest version of Enable the option to "Set date and time automatically"
More informationAndroid Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.
Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware
More informationPost Connection Attacks
Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationAbila Nonprofit Online. Connection Guide
Abila Nonprofit Online This is a publication of Abila, Inc. Version 1.x 2014 Abila, Inc. and its affiliated entities. All rights reserved. Abila, the Abila logos, and the Abila product and service names
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationKerio Control. User Guide. Kerio Technologies
Kerio Control User Guide Kerio Technologies 2017 Kerio Technologies s.r.o. Contents Viewing activity reports in Kerio Control Statistics......................... 5 Overview..................................................................
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationLoad Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure
Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure Quick Reference Guide v1.0.2 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Nginx Web Servers and
More informationComodo Endpoint Manager Software Version 6.25
Comodo Endpoint Manager Software Version 6.25 End User Guide Guide Version 6.25.121918 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Endpoint Manager...3
More informationGetting Started. Overview CHAPTER
1 CHAPTER This chapter provides information that you need to get started with the IPICS Mobile Client. It includes these topics: Overview, page 1-1 Obtaining the IPICS Mobile Client, page 1-4 Obtaining
More informationCYAN SECURE WEB HOWTO. SSL Intercept
CYAN SECURE WEB HOWTO January 2009 Applies to: CYAN Secure Web 1.6 and above allows you to inspect SSL encrypted traffic. Therefore all filter mechanisms can be applied to HTTPS traffic. Without, all data
More informationComodo IT and Security Manager Software Version 5.4
Comodo IT and Security Manager Software Version 5.4 End User Guide Guide Version 5.4.090716 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Comodo IT
More informationGroupWise Messenger 18 Installation Guide. November 2017
GroupWise Messenger 18 Installation Guide November 2017 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights,
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationXenMobile Logs Collection Guide
XenMobile Logs Collection Guide 1 Contents Summary... 3 Background... 3 How to Collect Logs from Server Components... 4 Support Bundle Contents... 4 Configurations in App Controller to collect logs via
More informationLoad Balancing Web Servers with OWASP Top 10 WAF in Azure
Load Balancing Web Servers with OWASP Top 10 WAF in Azure Quick Reference Guide v1.0.3 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Web Servers and configure a
More informationKACE GO Mobile App 4.0. Release Notes
KACE GO Mobile App 4.0 Release Notes Table of Contents Quest KACE GO 4.0 Mobile App Release Notes...3 About the KACE GO Mobile App... 3 Capabilities for KACE Systems Management Appliance administrators...
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationWelcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:
Welcome Password Management & Public Wi-Fi Security Hosted by: Content by: Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome Foster & Motley Clients to Security Education
More informationPublic-Key Infrastructure (PKI) Lab
SEED Labs PKI Lab 1 Public-Key Infrastructure (PKI) Lab Copyright 2018 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationKACE GO Mobile App 3.1. Release Notes
KACE GO Mobile App 3.1 Release Notes Table of Contents Quest KACE GO 3.1 Mobile App Release Notes...3 About the KACE GO Mobile App... 3 Capabilities for KACE Systems Management Appliance (K1000) administrators...
More informationNetwork Security Monitoring: An Open Community Approach
Network Security Monitoring: An Open Community Approach IUP- Information Assurance Day, 2011 Greg Porter 11/10/11 Agenda Introduction Current State NSM & Open Community Options Conclusion 2 Introduction
More informationThe StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.
Introduction: Intended Audience The StrideLinx Remote Access Solution is designed to offer safe and secure remote access to industrial equipment worldwide for efficient remote troubleshooting, programming
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationData Breach Risk Scanning and Reporting
Data Breach Risk Scanning and Reporting 2017. SolarWinds. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document
More informationThe PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationVMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment AirWatch v9.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More informationTHE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:
June 2013 Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information can be easily transported and lost, while the
More informationAbout DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios
DPI-SSL About DPI-SSL Configuring Client DPI-SSL Settings Configuring Server DPI-SSL Settings About DPI-SSL About DPI-SSL Functionality Deployment Scenarios Customizing DPI-SSL Connections per Appliance
More informationHELP! My Vulnerability Management Program is Failing!
HELP! My Vulnerability Management Program is Failing! Kevin Dunn Technical VP NCC Group 02 October 2015 @NTXISSA #NTXISSACSC3 Session Overview Welcome & Introductions Scenario Your Day is Ruined Vulnerability
More informationAbout This Document 3. Overview 3. System Requirements 3. Installation & Setup 4
About This Document 3 Overview 3 System Requirements 3 Installation & Setup 4 Step By Step Instructions 5 1. Login to Admin Console 6 2. Show Node Structure 7 3. Create SSO Node 8 4. Create SAML IdP 10
More informationInstallation Guide - Windows
Kony Visualizer Enterprise Installation Guide - Windows Release V8 SP3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version
More informationComodo Device Manager Software Version 4.0
Comodo Device Manager Software Version 4.0 End User Guide Guide Version 4.0.112316 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1.Introduction to Comodo Device Manager...
More informationComodo TrustConnect Software Version 1.72
Comodo TrustConnect Software Version 1.72 User Guide Guide Version 1.72.082317 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents Comodo TrustConnect - Overview... 3 1. How
More informationMeeting 39. Guest Speaker Dr. Williams CEH Networking
Cyber@UC Meeting 39 Guest Speaker Dr. Williams CEH Networking If You re New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach,
More information12.1 Introduction OpenCV4Android SDK Getting the SDK
Chapter 12 OpenCV For Android 12.1 Introduction OpenCV (Open Source Computer Vision Library) is a popular open source software library designed for computer vision application and machine learning. Its
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationBarracuda Firewall Release Notes 6.6.X
Please Read Before Upgrading Before installing the new firmware version, back up your configuration and read all of the release notes that apply to the versions that are more current than the version that
More informationApp Development. Quick Guides for Masterminds. J.D Gauchat Cover Illustration by Patrice Garden
App Development Quick Guides for Masterminds J.D Gauchat www.jdgauchat.com Cover Illustration by Patrice Garden www.smartcreativz.com Quick Guides for Masterminds Copyright 2018 by John D Gauchat All Rights
More informationPULSE CONNECT SECURE APPCONNECT
PULSE CONNECT SECURE APPCONNECT A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway Product Release 8.1 Document Revision 1.0 Published:
More informationIntroduction to Xamarin Cross Platform Mobile App Development
Introduction to Xamarin Cross Platform Mobile App Development Summary: In this document, we talk about the unique ability to create native ios, Android, Mac and Windows apps using C# making Xamarin, a
More information1) What is the difference between Mobile device testing and mobile application testing?
1) What is the difference between Mobile device testing and mobile application testing? Ans. Mobile device testing means testing the mobile device and mobile application testing means testing of mobile
More informationBYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips
Table of Contents Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips 2 Current State of BYOD in the Enterprise Defining BYOD Bring-Your-Own-Device (BYOD): a business practice
More informationMTAT Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions
MTAT.07.019 Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions Kristjan Krips 1 Introduction Mozilla Firefox has 24.05% of the recorded usage share of web browsers as of October
More informationMobile Apps Why & How
Mobile Apps Why & How MOBIKATS Phillip Hunt CEO philliphunt@mobikats.com 07590 277045 Putting your Content in Everyone s Pocket. Copyright Mobikats 2012 What do we do? Consultancy on developing or reviewing
More informationRisk Intelligence. Quick Start Guide - Data Breach Risk
Risk Intelligence Quick Start Guide - Data Breach Risk Last Updated: 19 September 2018 --------------------------- 2018 CONTENTS Introduction 1 Data Breach Prevention Lifecycle 2 Choosing a Scan Deployment
More informationInto the Cloud & Other Horror Stories. Michael F. Angelo - CISSP, CRISC
Into the Cloud & Other Horror Stories Michael F. Angelo - CISSP, CRISC About Me Doing formalized Threat Modeling over 15 years thousands of models Doing Threat and Security Analysis over 30 years Doing
More informationGetting Started. Overview CHAPTER
CHAPTER 1 This chapter provides information that you need to get started with the IPICS Mobile Client. It includes these topics: Overview, page 1-1 Obtaining the IPICS Mobile Client, page 1-3, page 1-4
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationChat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev
Chat with a hacker Increase attack surface for Pentest A talk by Egor Karbutov and Alexey Pertsev $ Whoarewe Egor Karbutov & Alexey Pertsev Penetration testers @Digital Security Speakers Bug Hunters 2
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationLab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501
Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501 Lab Guide Official training material for Barracuda certified trainings and Authorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationComodo Internet Security Essentials Software Version 1.3
Comodo Internet Security Essentials Software Version 1.3 User Guide Guide Version 1.3.010518 Comodo Security Solutions 1255 Broad Street Clifton, NJ, 07013 United States Table of Contents Comodo Internet
More informationAT&T Developer Program
AT&T Developer Program Application Resource Optimizer (ARO) User Guide Publication Date: April 27, 2015 Legal Disclaimer This document and the information contained herein (collectively, the "Information")
More informationScanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.
I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking
More informationComodo Endpoint Manager Software Version 6.25
Comodo Endpoint Manager Software Version 6.25 End User Guide Guide Version 6.25.012219 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Endpoint Manager...3
More informationComodo Endpoint Manager Software Version 6.26
Comodo Endpoint Manager Software Version 6.26 End User Guide Guide Version 6.26.021819 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Endpoint Manager...3
More informationImporting your or Personal Authentication certificate to Android Devices
Personal Authentication Certificates Importing your Email or Personal Authentication certificate to Android Devices This document explains how you can import your CPAC/Email onto Android devices. Background
More informationAT&T Developer Program
AT&T Developer Program Application Resource Optimizer (ARO) User Guide Publication Date: August 13, 2014 Legal Disclaimer This document and the information contained herein (collectively, the "Information")
More informationAccessData offers a broad array of training options.
Forensics Training AccessData offers a broad array of training options. Our trainers have more than two centuries of cumulative experience in their respective fields. Take Advantage of the All Access Pass
More informationInstallation Guide - Mac
Kony Visualizer Enterprise Installation Guide - Mac Release V8 SP3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version
More informationCitrix SSO for Mac OS X. User Guide
Citrix SSO for Mac OS X User Guide Contents OVERVIEW... 3 FEATURE COMPARISON BETWEEN CITRIX VPN AND CITRIX SSO... 4 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX
More informationjava -jar Xmx2048mb /Applications/burpsuite_pro_v1.5.jar
Training: An Introduction to Burp Suite Part One By Mike Sheward Burp suite provides a solid platform for launching a web application security assessment. In this guide we re going to introduce the features
More informationVMware Tunnel Guide for Windows
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your Workspace ONE UEM environment Workspace ONE UEM v9.5 Have documentation feedback? Submit a Documentation Feedback support ticket using
More informationTable of Contents HOL-1757-MBL-6
Table of Contents Lab Overview - - VMware AirWatch: Technology Partner Integration... 2 Lab Guidance... 3 Module 1 - F5 Integration with AirWatch (30 min)... 8 Getting Started... 9 F5 BigIP Configuration...
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationJrsys Mobile Banking Solutions
Jrsys Mobile Banking Solutions Jrsys International corp. James Wu Mobile PKI solutions 1.Mobile CA 2.Mobile RA 3.Mobile Signing and Validation Service CA Mobile Signature/ Encryption Mobile PKI Mobile
More information2015 Online Trust Audit & Honor Roll Methodology
2015 Online Trust Audit & Honor Roll Methodology Jeff Wilbur VP Marketing, Iconix Craig Spiezle Executive Director & President, OTA 2015 All rights reserved. Online Trust Alliance (OTA) Slide 1 Who Is
More informationThe Security Impact of HTTPS Interception
The Security Impact of HTTPS Interception NDSS 17 Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. Alex Halderman, V. Paxson! G R Presented by: Sanjeev Reddy go NS
More informationPreparing Rapise for Android Mobile Testing. Testing Architectures. Installation Notes
Preparing Rapise for Android Mobile Testing Rapise lets you record and play automated tests against native applications on a variety of mobile devices using the Android operating system. Rapise gives you
More informationZimperium Global Threat Data
Zimperium Global Threat Report Q2-2017 700 CVEs per Year for Mobile OS 500 300 100 07 08 09 10 11 12 13 14 15 16 17 Outdated ios Outdated ANDROID 1 of 4 Devices Introduces Unnecessary Risk 1 out of 50
More information