SlideShare a Scribd company logo

Avalanche Disclosure

H
HackApp

The document discusses the results of analyzing over 15,000 iOS finance apps. Several common security issues were found, including hardcoded credentials in 4% of apps that could give access to user data and backend systems. Tests revealed unencrypted private keys, authentication secrets, and development environment details. Many apps also contained SMS gateway configurations and open VPN profiles.

TechnologyDesign
1 of 34
Download to read offline
Avalanche Disclosure Story about static analysis of 15k mobile Apps
Who am I? • Work hard on defense • Have fun in offensive • Break things Alexey Troshichev @pl0lq pl0lq@hackapp.com #ZeroNights2013 hackapp.com 2
What’s wrong with an App ? Insecure transfer Injections Insecure storage Architecture flaws Mobile OWASP for bla-bla-bla … #ZeroNights2013 hackapp.com 3
Common Attacks #ZeroNights2013 hackapp.com 4
On-device analysis ? Unlock Device Remove DRM Setup research environment Dynamic analysis Time & Brains #ZeroNights2013 hackapp.com 5
App is dangerous for user, but what’s about vendor ? Why should we waste time attacking one user, when we can just break into backend to get them all ? Why always just binary file? #ZeroNights2013 hackapp.com 6
What App can tell us? Testing environment disclosure Third party services authentication data Built-in accounts Something you can’t even imagine =) #ZeroNights2013 hackapp.com 7
Why it’s interesting? Installation is not important Finally, we are just searching strings… …and it could be automated =) #ZeroNights2013 hackapp.com 8
Let’s build a Grinder ! #ZeroNights2013 hackapp.com 9
AWK, STRINGS, GREP ? Not suitable for binary containers Too many garbage #ZeroNights2013 hackapp.com 10
“Typical” Application DRM #ZeroNights2013 hackapp.com 11
Actual Application #ZeroNights2013 hackapp.com 12
Steps Containers recursive traversal “Unusual” files search Selective GREP Structure validation #ZeroNights2013 hackapp.com 13
Let’s take ~15k iOS Apps from iTunes Finance section… …I like Finance #ZeroNights2013 hackapp.com 14
What’s inside ? 224061 files of 1396 types #ZeroNights2013 hackapp.com 15
Low hanging fruits 94452 files = 42% of whole #ZeroNights2013 hackapp.com 16
Shared authentication #ZeroNights2013 hackapp.com 17
“Secure” communication #ZeroNights2013 hackapp.com 18
Third party services #ZeroNights2013 hackapp.com 19
Third party services #ZeroNights2013 hackapp.com 20
Access to user data AWS-secret:eyH0aw7IW7wdL8z2eSyK/A8q7rIF7uEMVpvQkbwC You “publish” your contacts and photos by installing the app… =( #ZeroNights2013 hackapp.com 21
Not identified • • • • • • • • • • • • • • RSA private key:MIICeQIBADANBgkqhkiG9w6xmHVejkTokPs68ow== secret:164AC36F64FCC2D5 secret:33728B17A93A4A92 secret:4711429DAE3C6F7C secret:62ebd594bc903feeea5ee459715e08fa secret:6508E621E259AC4A secret:697E46CE13AA557B secret:76a863da0821f58ecb13e31cb761c573 secret:a7df64e1d5a33a93c12b06fa0f8c6f47 secret_android:2859389F73072C90 secret_android:3D05E67E03216A9B secret_android:66549A9BB401AF56 secret_android:678649CED531B8E8 secret_android:745A209380630940 (and more, and more, and more…) #ZeroNights2013 hackapp.com 22
4% Apps released with hardcoded credentials #ZeroNights2013 hackapp.com 23
DEV Environment svn://mokah.siab01.com/ https://test.freerange360.com/ http://test.mmf.berlingskemedia.net http://test.informatel.com http://test.improveagency.com http://test.appswiz.com https://test.freerange360. https://dev.magtab.com:8888 http://dev.touchpublisher.com http://dev.pressrun.com/ http://dev.openstreetmap.de/ http://dev.aleph-labs.com (and more, and more… ) #ZeroNights2013 hackapp.com 24
Mad Stuff #ZeroNights2013 hackapp.com 25
Shocking configs SMS gateway OpenVpn config #ZeroNights2013 hackapp.com 26
Unpredictable #ZeroNights2013 hackapp.com 27
Developers Certificates P12 containers, most are encrypted, but.. #ZeroNights2013 hackapp.com 28
HAVE NO TIME TO EXPLAIN #ZeroNights2013 hackapp.com 29
Is there an App for that? http://hackapp.com/ #ZeroNights2013 hackapp.com 30
Dashboard #ZeroNights2013 hackapp.com 31
Report #ZeroNights2013 hackapp.com 32
Details #ZeroNights2013 hackapp.com 33
Questions ? URL: Twitter: Mail: #ZeroNights2013 http://hackapp.com/ @hackapp info@hackapp.com hackapp.com 34

Recommended

Owasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdOwasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdPawel Rzepa
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...Mauricio Velazco
 
Feeding the Virtual Patch Pipeline
Feeding the Virtual Patch PipelineFeeding the Virtual Patch Pipeline
Feeding the Virtual Patch PipelineDevOps.com
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Purple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityPurple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityTanya Janca
 
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue TeamBlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue TeamMauricio Velazco
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 

Recommended

Owasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdOwasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdPawel Rzepa
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...Mauricio Velazco
 
Feeding the Virtual Patch Pipeline
Feeding the Virtual Patch PipelineFeeding the Virtual Patch Pipeline
Feeding the Virtual Patch PipelineDevOps.com
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Purple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityPurple is the New Black: Modern Approaches for Application Security
Purple is the New Black: Modern Approaches for Application SecurityTanya Janca
 
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue TeamBlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue TeamMauricio Velazco
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Dakiry
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSPriyanka Aash
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Opencart security testing
Opencart security testing Opencart security testing
Opencart security testing vikram vashisth
 
Security War Games
Security War GamesSecurity War Games
Security War GamesSeniorStoryteller
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfaceRed team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfacePriyanka Aash
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullSeniorStoryteller
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingPriyanka Aash
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Splunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk
 
Stephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudStephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudDevSecCon
 
Basics of Meterpreter Evasion
Basics of Meterpreter EvasionBasics of Meterpreter Evasion
Basics of Meterpreter EvasionNipun Jaswal
 
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy ConwayTakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy ConwayEC-Council
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...Jakub "Kuba" Sendor
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3TEKMONKS
 

More Related Content

What's hot

Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Dakiry
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSPriyanka Aash
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Opencart security testing
Opencart security testing Opencart security testing
Opencart security testing vikram vashisth
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfaceRed team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfacePriyanka Aash
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullSeniorStoryteller
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingPriyanka Aash
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Splunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk
 
Stephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudStephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudDevSecCon
 
Basics of Meterpreter Evasion
Basics of Meterpreter EvasionBasics of Meterpreter Evasion
Basics of Meterpreter EvasionNipun Jaswal
 
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy ConwayTakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy ConwayEC-Council
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 

What's hot (19)

Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWS
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Opencart security testing
Opencart security testing Opencart security testing
Opencart security testing
 
Security War Games
Security War GamesSecurity War Games
Security War Games
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfaceRed team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surface
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich Mogull
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos Testing
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Splunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout Session
 
Stephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudStephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloud
 
Basics of Meterpreter Evasion
Basics of Meterpreter EvasionBasics of Meterpreter Evasion
Basics of Meterpreter Evasion
 
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy ConwayTakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk
 

Similar to Avalanche Disclosure

BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...Jakub "Kuba" Sendor
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3TEKMONKS
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M85h1vang
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini PresentationRohit Kapoor
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Rohit Kapoor
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activityTranscendent Group
 
Securing Rails
Securing RailsSecuring Rails
Securing RailsAlex Payne
 
Why should you do a pentest?
Why should you do a pentest?Why should you do a pentest?
Why should you do a pentest?Abraham Aranguren
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonksRohit Kapoor
 
Give Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made EasyGive Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made EasySecurity Weekly
 
Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...n|u - The Open Security Community
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4TEKMONKS
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4Rohit Kapoor
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!Amit Gundiyal
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 

Similar to Avalanche Disclosure (20)

BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
 
Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini Presentation
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activity
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
 
Why should you do a pentest?
Why should you do a pentest?Why should you do a pentest?
Why should you do a pentest?
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
Give Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made EasyGive Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made Easy
 
Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones Security
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Avalanche Disclosure