Maxim Gaponov, profile picture
Uploaded byMaxim Gaponov
261 views

Behind The Code // by Exness

This document discusses the security of password managers on smartphones, highlighting the challenges posed by their design and the ease with which they can be compromised compared to PCs. It covers flash storage forensics, detailing the characteristics of flash memory and the complexities involved in data retrieval and erasure on these devices. Additionally, it briefly describes the functionality of 4G modems and the significance of Extended Berkeley Packet Filters (eBPF) for network security and observability.

Internet
Related topics:
Information Security

Embed presentation

Welcome
Hidden Threats of Technological Enhancements Dmitry Sklyarov / Security Researcher | Reverse Engineer
Agenda 01. Password Managers on Smartphones 02. Flash Storage Forensics 03. 4G modem – best present ever!
01. Password Managers on Smartphones
Authentication: PC Trusted Platform Module Password /Passphrase Biometrics SmartCard + PIN
Authentication: PC Password /Passphrase X X X
Authentication: Smartphone (modern) Hardware security features Password /Passphrase Biometrics of different types But… To unlock the phone after reboot you have to provide the
Authentication: Smartphone Password is the only option on the smartphones. “Lock patterns” are essentially numeric passcodes [1-4-2-5-6-9-8]
Password Typing PC: Full-sized keyboard, motor memory Long and complex passwords are easy
PC: Full-sized keyboard, motor memory Long and complex passwords are easy Smartphone: Touch keyboard Long and complex passwords are hard Password Typing
Password Typing It is fair to assume that passwords on the smartphones are shorter than their PC counterparts. * * * *
Password Transformation Fast CPU Can do complex password-to-key transforms PC:
Password Transformation PC: Fast CPU Can do complex password-to-key transforms Smartphone: Relatively slow CPU Complex password-to-key transforms will impact usability
Password Cracking Offline attacks can utilize GPUs for attackers’ advantage
Authentication Wrap Up PC: Password entered not too often (usually just after unlocking console) Smartphone: Password entered every time you need access data (after switching applications or after short time-out) Handling passwords on smartphone is more difficult than on PC Smartphone requires stronger password protection than PC but provides less capabilities for doing so!
Threat Model Assumptions: 01. Attacker has: Recover master password for password manager(s) on the mobile device Extract passwords stored by those managers 02. Attacker wants to: Physical access to the device, or Backup of the device, or Access to password manager database file
Are those assumptions fair at all?
Physical Access PC: Computers are relatively big. Thus, hard to steal or lose. You know where it is (well, most of the time). Smartphone: Lots of phones go in wrong hands every year. Many are left in the bars. Do you really know where exactly your phone is right now?
Physical Access Someone just got physical access to the device
Device Backup Apple iOS: Need device password Optional encryption (not enforced) PBKDF2-SHA1 with 20’000 iterations BlackBerry: Need device passcode or iTunes pairing Optional encryption (enforced by device) PBKDF2-SHA1 with 10’000 iterations
Database Files Apple iOS: Need device password BlackBerry: Via afc (need passcode or iTunes pairing) Via SSH (jailbroken devices) Via physical imaging (up to iPhone 4)
iOS Passcode Starting with iOS 4 passcode is involved in encryption of sensitive data Passcode key derivation is slowed down by doing 50’000 iterations - Each iteration requires talking to hardware AES - 6 p/s on iPhone 4 Can’t be performed off-line and scaled Checking all 6-digit passcodes will take more than 40 hours
Cracking Passwords Name Keeper® Password & Data Vault Password Safe - iPassSafe Free Strip Lite - Password Manager SafeWallet - Password Manager DataVault Password Manager mSecure - Password Manager LastPass for Premium Customers 1Password Pro BlackBerry Password Keeper BlackBerry Wallet 1.0 BlackBerry Wallet 1.2 iOS passcode Complexity 1x MD5 1x AES-256 4000x PBKDF2-SHA1 + 1x AES-256 10x PBKDF2-SHA1 + 1x AES-256 1x SHA-256 + 1x SHA-1 1x SHA-256 + 1x Blowfish 2x SHA-256 + 1x AES-256 1x MD5 + 1x AES-128 3x PBKDF2-SHA1 + 1x AES-256 2x SHA-256 1x SHA-512 + 100x PBKDF2-SHA1 + 1x AES-256 50000 iterations with HW AES CPU p/s 60 M 20 M 5000 1500 K 7 M 300 K 5 M 15 M 5 M 6 M 200K 6 GPU p/s 6000 M N/A 160 K 20 M 500 M N/A 20 M 20 M 20 M 300 M 3200 K 0 Len/24h 14.7 12.2 10.1 12.2 13.6 10.4 12.2 12.2 12.2 13.4 11.4 5.7
Cracking Passwords Name Keeper® Password & Data Vault Password Safe - iPassSafe Free Strip Lite - Password Manager SafeWallet - Password Manager DataVault Password Manager mSecure - Password Manager LastPass for Premium Customers 1Password Pro BlackBerry Password Keeper BlackBerry Wallet 1.0 BlackBerry Wallet 1.2 iOS passcode Complexity 1x MD5 1x AES-256 4000x PBKDF2-SHA1 + 1x AES-256 10x PBKDF2-SHA1 + 1x AES-256 1x SHA-256 + 1x SHA-1 1x SHA-256 + 1x Blowfish 500x PBKDF2-SHA256 + 1x AES-256 1x MD5 + 1x AES-128 3x PBKDF2-SHA1 + 1x AES-256 2x SHA-256 1x SHA-512 + 100x PBKDF2-SHA1 + 1x AES-256 50000 iterations with HW AES CPU p/s 60 M 20 M 5000 1500 K 7 M 300 K 12 K 15 M 5 M 6 M 200K 6 GPU p/s 6000 M N/A 160 K 20 M 500 M N/A 600 K 20 M 20 M 300 M 3200 K 0 Len/24h 14.7 12.2 10.1 12.2 13.6 10.4 10.7 12.2 12.2 13.4 11.4 5.7
None of the tested password keepers offers reliable protection on top of OS security Using them on improperly configured device may expose sensitive data Paid apps are not necessarily more secure than free ones Summary
02. Flash Storage Forensics
Magnetic Recording Invented in 1898 Media moves near magnetic head
Magnetic drives becomes smaller…
and smaller… Toshiba's 0.85” 4GB HDD General principles still the same Any piece of data could be modified independently Erasing performed via overwriting Data erasure standards exists
Flash Memory Intel’s m-SATA 80G SSD (2010) Invented in 1984 Two major types: NOR (1988, Intel) NAND (1989, Toshiba) Stores electrical charge into a floating gate of transistor Able to retain data for 10-100 years
Flash Memory Characteristics Any byte could be written independently Need erase (make all bits=1) before re-writing Erasing with precision of block (e.g. 64K) only - Limited number of guaranteed erase cycles - Usually between 10’000 and 1’000’000 - Inerasable block should be marker as “bad” Some blocks could be inerasable when leaving factory
Flash Memory Layout Spare area could be used for: Marking bad pages/blocks Storing ECC data Holding Physical-to-Logical mapping information Bank 1 Bank 2 Bank 3 Erase Block 1 Erase Block 2 Erase Block 3 Page 1 Page 2 Page 3 Page N Erase Block N Bank N Data (512b) Spare
Wear Leveling Dynamic process that rearranges pages/blocks in order to extend flash lifetime Algorithms developed by memory device manufacturers Implementation details usually keeps secret Goal: evenly spread the erasing of blocks over the full range of physical blocks Data is written on blocks with the lowest erase count. Writing and erasing of data are evenly distributed. Blocks are maximized and ideally, fail at the same time.
Logical Characteristics Simulates behavior of common HDD Logical Block Addressing Logical Address translates to Physical Address by Flash Memory Controller TRIM command for SSD Intel’s m-SATA 80G SSD (2010)
Logical Characteristics Flash-aware firmware Tight integration between OS and Flash Memory Logical-to-Physical translation often performed on CPU Embedded Device (e.g. Smartphone)
Flash Translation Layer (FTL) Responsible for finding Physical Page that represents actual data for specific Logical Page Number (LPN) of Block device State of mapping tables is stored in Flash and cached in RAM Unused (TRIM-ed) LPNs are not mapped at all
Altering data in Flash Storage Any modification of data changes the mapping New data is written to new (free) page Previous version of page data (and content of TRIM-ed pages) still resides somewhere in Flash until block erased due to wear leveling or garbage collection
FTL in iOS devices LPN Implemented in software (runs on CPU) Spare area of Data pages contains: USN (Update Sequence Number) allows to find all Physical pages that were used to store data of some Logical page allows to build the ordered “history” of page copies
Accessing raw Flash on iOS devices IOFlashControllerUserClient kernel service is available externalMethod functions allows perform “raw” reading of Physical pages ReadPage request support removed in iOS 5 - RAMdisk based on iOS 4 could help - It is possible to patch the kernel in memory and restore ability to read pages
Which devices could be examined? Anything prior to iPhone4S /iPad2/iPod5 by loading custom RAMdisk/Kernel 01. Jailbroken device by patching kernel in memory 03. Any iOS device if you know how to obtain digital signature for your RAMdisk from Apple 02.
How “Forensic” is it? Not too much… Booting the iDevice causes some alteration of Flash content Obtaining Flash dump twice would not produce identical results 01. 02.
Is there secure way to erase data? Deleting file produces good result at logical level (due to TRIM) – better that HDD Neither deleting nor overwriting are actually removes the data at physical level – much worse than HDD Probability of successful data recovery depends on amount of unused space on Flash Storage (more space – more chances)
03. 4G modem – best present ever!
How it looks (approximately ;)
Back side: nothing Explore textual marks on Modem Hmm, what the actual manufacturer name and model number? Front side: 4G” logo operator’s logo Under the cover (access to SIM and SD cards): Operator’s internal model number IMEI Serial number
Explore packaging Manufacturer name (ZTE) printed on the box and in booklet
ZTE MF823 4G Modem Specification LTE-FDD: 800/900/1800/2600MHz; UMTS: 900/2100MHz; LTE-FDD: DL/UL 100/50Mbps (Category3) DC-HSPA+: DL/UL 42/5.76Mbps Size: 90 x 28.4 x 13mm OS: Win7, Windows XP, Vista, Win8, Mac OS
ZTE MF823 4G Modem re-Branding MegaFon (Russia) Beeline (Russia) O2 (Germany) Three (UK) Altel (Kazakhstan)
Is there Modem anymore? After plugging into PC running Windows 7: CWID USB SCSI CD-ROM USB Device ZTE MMC Storage USB Device (MicroSD Card Reader) After performing “Eject CD Drive”: CD-ROM (sometimes they come back!) MicroSD Card Reader Remote NDIS* based Internet Sharing Device *NDIS == Network Driver Interface Specification No drivers required! (at least on Windows 7 ;)
Remote NDIS adapter properties > ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.0.182 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1
How to speak with MF823? Results of ports scan for 192.168.0.1
HTTP server on 192.168.0.1 GET /index.html HTTP/1.1 Host: 192.168.0.1 HTTP/1.1 404 Site or Page Not Found GET / HTTP/1.1 Host: 192.168.0.1 HTTP/1.0 302 Redirect Server: GoAhead-Webs/2.5.0 Location: http://192.168.0.1/index.html
HTTP server Handlers Defined UrlHandlers: /goform /cgi-bin /mmc2 /api/xmlclient/post /client/backup /api/nvramul.cgi Defined GoForm handlers: /goform/goform_get_cmd_process /goform/goform_set_cmd_process /goform/goform_process /goform/formTest
Getting diagnostics info http://192.168.0.1/goform/ goform_get_cmd_process? cmd=device_diagnostics Returns: productName softwareVersion modemVersion routerVersion webUiVersion hardwareVersion serialNumber simSerialNumber simMsisdn deviceImei simImsi simStatus sdCardAvailable sdCardTotalMemory sdCardUsedMemory currentConnectedUsers maxConnectedUsers timeSinceStartup
Switching to Download (FACTORY) mode http://192.168.0.1/goform/goform_process? goformId=MODE_SWITCH&switchCmd=FACTORY New devices appears: ZTE Diagnostics Interface (COMX) ZTE NMEA Device (COMY) ZTE Proprietary USB Modem NB: Send AT+ZCDRUN=F to COM-port associated with “ZTE NMEA Device” to return from Download mode
telnetd on 192.168.0.1 OpenEmbedded Linux 9615-cdp msm 20130729 9615-cdp 9615-cdp login: root Password: zte9x15 root@9615-cdp:~# id uid=0(root) gid=0(root) groups=0(root)
Root is good! Full-featured ARM-based Linux busybox apps (e.g. nc and netstat) iptables tcpdump gdbserver CD image at /usr/zte_web/ZTEMODEM.ISO HTTP server root at /usr/zte_web/web/* auto_apn copy zte_log
What is actually under your control?
What is actually under your control?
What are the treats? log all internet activity replicate all internet activity access to local network? GPS-enabled? store/report GPS location WiFi-enabled? access to local WiFi under remote management controls all external traffic
My favorite Modem ;)
Q&A
eBPF the hidden linux superpower Alexander Sungurov, Exness / Security Architect
Bit of history 01. Who knows what is BPF/eBPF/Systemtap/DTrace? 02. Have you ever used any of these technology before? 03. Why do we need eBPF if we already have /proc/vmstat/lsof/strace/tcpdump/ ... ?
Bit of history Who knows what is BPF/eBPF/Systemtap/DTrace? 01. Why do we need eBPF if we already have /proc/vmstat/lsof/strace/tcpdump/ ... ? 03. Have you ever used any of these technology before? 02.
Man bpf * Run code in the kernel without having to write a ko (kernel module) Description The bpf() system call performs a range of operations related to extended Berkeley Packet Filters. Extended BPF (or eBPF) is similar to the original ("classic") BPF (cBPF) used to filter network pack‐ ets. For both cBPF and eBPF programs, the kernel statically analyzes the programs before loading them, in order to ensure that they cannot harm the running system. eBPF extends cBPF in multiple ways, including the ability to call a fixed set of in-kernel helper functions (via the BPF_CALL opcode extension provided by eBPF) and access shared data structures such as eBPF maps. limited C eBPF bytecode
λ ~ sudo tcpdump host 127.0.0.1 and port 80 -d (000) ldb [0] (001) and #0xf0 (002) jeq #0x40 jt 3 jf 19 (003) ld [12] (004) jeq #0x7f000001 jt 7 jf 5 (005) ld [16] (006) jeq #0x7f000001 jt 7 jf 19 (007) ldb [9] (008) jeq #0x84 jt 11 jf 9 (009) jeq #0x6 jt 11 jf 10 (010) jeq #0x11 jt 11 jf 19 (011) ldh [6] (012) jset #0x1fff jt 19 jf 13 (013) ldxb 4*([0]&0xf) (014) ldh [x + 0] (015) jeq #0x50 jt 18 jf 16 (016) ldh [x + 2] (017) jeq #0x50 jt 18 jf 19 (018) ret #262144 (019) ret #0 tcpdump?
Enhanced BPF Observability Intrusion Detection Container security DDoS mitigation SDN verifier / linter BPF BPF actions sockets user probes (uprobes) kernel probes (kprobes) tracepoints kernel
Capabilities BPF Compiler Collection (BCC)
Security -> IDS / EDR Сustomizable Lighter Fast reaction
Observability -> Debug / Profiling View all what you need
eXpress Data Path (XDP) Allows easily mitigate DDoS attacks on L3-L7 Your weakest point is your network bandwidth Requires supported network cards to offload XDP program on it Application Network devices BPF program Network stack Kernel Fast drop
Container Security Detection Prevention Monitoring
Tools ● bcc – BPF Compiler Collection ● Cilium – container-aware eBPF-based Networking, Observability, Security ● Katran – high-performance layer 4 load balancing forwarding plane ● Falco – Open Source Security Tool for containers, Kubernetes and Cloud ● bpftrace – High-level tracing language for Linux eBPF ● KubeArmor – Container-aware Runtime Security Enforcement System ● Tracee – Linux Runtime Security and Forensics using eBPF ● Pixie – Scriptable observability for Kubernetes
eBPF use-cases ● Facebook uses Katran as a software-based solution to load balancing at a FB scale. ● Google announces Cilium & eBPF as the new networking dataplane for GKE. ● Netflix uses eBPF flow logs at scale for network insight. ● Cloudflare used eBPF to Build Programmable filter in Magic Firewall ● CF uses XDP to mitigate DDoS attacks ● etc …
One-liners / quick examples ● files opened by process: bpftrace -e 'tracepoint:syscalls:sys_enter_open { printf("%s %sn", comm, str(args->filename)); }' ● Any invoked processes / forks / children: bpftrace -e 'tracepoint:syscalls:sys_enter_exec* { printf("%s %sn", comm, str(args->filename)); } ● get any line entered in bash (command sniffing): bpftrace -e 'uretprobe:/bin/bash:readline { printf("readline: "%s"n", str(retval)); }'
References / Credits ● Brendan Gregg’s blog - http://www.brendangregg.com/ ● IOVisor project - https://www.iovisor.org/ ● Project Cilium - https://cilium.io/ ● BCC - https://github.com/iovisor/bcc ● Linux kernel project - https://kernel.org
Q&A
Corporate Cryptocurrency Wallet Management Valery Tyukhmenev, Exness / Application Security Engineer | The Wheel Reinventor
Cryptocurrency is decentralized digital money that’s based on blockchain technology. A blockchain is an open, distributed ledger that records transactions in code. In practice, it’s a little like a checkbook that’s distributed across countless computers around the world. Transactions are recorded in “blocks” that are then linked together on a “chain” of previous cryptocurrency transactions. What is cryptocurrency? 86 86 86 86 86 Corporate Cryptocurrency Wallet Management Cryptocurrency https://www.forbes.com/advisor/investing/cryptocurrency/what-is-cryptocurrency/ https://marketing.exness.com/crypto/
87 87 87 87 87 Corporate Cryptocurrency Wallet Management https://www.forbes.com/sites/jonathanponciano/2022/03/29/second -biggest-crypto-hack-ever-600-million-in-ethereum-stolen-from-nft- gaming-blockchain/ Why it should be protected?
88 88 88 88 88 Corporate Cryptocurrency Wallet Management https://crystalblockchain.com/s ecurity-breaches-and-fraud-inv olving-crypto/ Why it should be protected?
89 89 89 89 89 Corporate Cryptocurrency Wallet Management https://www.coinparticle.com/market/all Cryptocurrency
Know Your Transaction or KYT is a commonly used financial industry term that refers to the process of examining financial transactions for fraudulent or suspicious activities including money laundering. As cryptocurrency adoption continues to grow, it has been important for institutions to have the ability to drill down into crypto transactions for evidence of financial crimes. Addition to KYC / AML 90 90 90 90 90 Corporate Cryptocurrency Wallet Management KYT (Know Your Transaction) https://crystalblockchain.com/articles/the-importanc e-of-knowing-your-cryptocurrency-transaction-kyt/
91 91 91 91 91 Wallet Types Hot Wallet ● Private key is being stored on special hardware device with ● no internet access ● Requires manual actions ● for signing ● Usually signed TX is being broadcasted on separate device ● Best overall security Corporate Cryptocurrency Wallet Management https://glacierprotocol.org/ ● Easiest to start using crypto ● Keys are being generated and stored online ● Transactions (TXs) are being signed by provider ● Lowest security level ● Uses proprietary software to generate and store wallets ● Keys stored offline on device (eg smartphone) ● TXs are being signed on user’s device ● Balanced approach for everyday usage Warm Wallet Cold Wallet
The enclosed instructions tell the person to connect the Ledger to their computer, open a drive that appears, and run the enclosed application. The instructions then tell the person to enter their Ledger recovery phrase to import their wallet to the new device. Hardware Wallets is not a panacea 92 92 92 92 92 Corporate Cryptocurrency Wallet Management https://www.bleepingcomputer.com/news/cryptocurrency/criminals-are-mailing-alt ered-ledger-devices-to-steal-cryptocurrency/ Wallet Types
93 93 93 93 93 Crypto Custody Types Corporate Cryptocurrency Wallet Management ● Custodian handles any problems ● Easier for small business ● Usually have insurance ● Custodian controls crypto liquidity (can be frozen etc) ● Custodian may be hacked (or any other 3rd-party risk) ● Fees can be applied Third-party custody ● Full control of crypto liquidity ● No 3rd party risks ● Have to handle the management of keys ● Also can be hacked Self-Custody
This standard defines how to derive private and public keys of a wallet from a binary master seed (m) and an ordered set of indices (called path) usually provided by values separated by slash: m / purpose' / coin_type' / account' / change / address_index m / 44' / 0' / 1' / 3 / 37 There are two possible types of BIP32 derivation: hardened or non-hardened How does it work? 94 94 94 94 94 Corporate Cryptocurrency Wallet Management Hierarchical Deterministic Wallets (BIP-0032) https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki
95 95 95 95 95 Corporate Cryptocurrency Wallet Management https://medium.com/@blainemalone01/hd-wallets-why -hardened-derivation-matters-89efcdc71671 https://learnmeabitcoin.com/technical/extended-keys A parent extended public key together with a non-hardened child private key can expose the parent private key. Hierarchical Deterministic Wallets
96 Corporate Cryptocurrency Wallet Management Corporate Key Structure
Hardware Security Modules (HSMs) are hardware devices that can reside on a computer motherboard, but the more advanced models are contained in their own chassis as an external device and can be accessed via the network. What are HSM & TPM? 97 97 97 97 97 Corporate Cryptocurrency Wallet Management HSM Trusted Platform Modules (TPMs) are small hardware devices that are usually embedded into computer motherboards and are available as external devices. https://goteleport.com/blog/tpm-vs-hsm-difference/ Hardware Security Module TPM Trusted Platform Module
Mechanism that moves multiple signatures verification on the blockchain side. scriptPubKey: m {pubkey}...{pubkey} n OP_CHECKMULTISIG scriptSig: OP_0 ...signatures… Order matters! OP_0 sigB sigA OP_2 pubA pubB pubC OP_3 OP_CHECKMULTISIG -> fail 98 98 98 98 98 Corporate Cryptocurrency Wallet Management Bitcoin Multisig (BIP-0011) https://www.forbes.com/advisor/investing/cryptocurrency/what-is-cryptocurrency/ https://marketing.exness.com/crypto/
99 99 99 99 99 Corporate Cryptocurrency Wallet Management Real-World Business Bitcoin Multisig Implementation
100 100 100 100 100 Corporate Cryptocurrency Wallet Management Real-World Business Bitcoin Multisig Implementation
101 101 101 101 101 Corporate Cryptocurrency Wallet Management Real-World Business Bitcoin Multisig Implementation
102 102 102 102 102 MPC TSS DKG Multi-party computation ] [ Distributed key generation ] [ Threshold signature scheme ] [ Corporate Cryptocurrency Wallet Management https://github.com/ZenGo-X/awesome-tss Multiple Bugs in Multi-Party Computation: https://www.youtube.com/watch?v=0Okqvm4lBQI Allows to make the signature and derive the keys without having the private key in the same place Allows to generate the private key parts without having the original one in the same place Allows to make a signature of transaction having M of N required secret parts ● Can be combined with standards like multisig & hd wallets ● Universal solution for multiple blockchains ● Requires more research for enterprise usage MPC, TSS, DKG New Wave of Secure Cryptocurrency Management
Q&A

More Related Content

PPTX
Mobile Forensics
byprimeteacher32
 
PPTX
iOS Forensics
byTjylen Veselyj
 
PDF
Mobile Forensics on a Shoestring Budget
byBrent Muir
 
PDF
iPhone Data Protection in Depth
bySeguridad Apple
 
PPT
iPhone forensics on iOS5
bySatish b
 
PDF
Comparison of android and black berry forensic techniques
byYury Chemerkin
 
PPTX
811719104102_Tamilmannavan S.pptx
byDEVIKAS92
 
PDF
iPhone forensics course overview
bySatish b
 
Mobile Forensics
byprimeteacher32
 
iOS Forensics
byTjylen Veselyj
 
Mobile Forensics on a Shoestring Budget
byBrent Muir
 
iPhone Data Protection in Depth
bySeguridad Apple
 
iPhone forensics on iOS5
bySatish b
 
Comparison of android and black berry forensic techniques
byYury Chemerkin
 
811719104102_Tamilmannavan S.pptx
byDEVIKAS92
 
iPhone forensics course overview
bySatish b
 

Similar to Behind The Code // by Exness

PDF
Android Forensics: Exploring Android Internals and Android Apps
byMoe Tanabian
 
PPTX
Flash drives
byAnimesh Shaw
 
PPTX
CBSE Informatics Practices Chapter-11 Basic Computer Organization
byFaizSSIS
 
PDF
iOS and BlackBerry Forensics
byAndrey Belenko
 
PDF
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
PDF
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
byEC-Council
 
PDF
CNIT 125 Ch 3. Asset Security
bySam Bowne
 
PDF
2. Asset Security
bySam Bowne
 
PDF
Using fault injection attacks for digital forensics
byJustin Black
 
PDF
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
byPositive Hack Days
 
PDF
DefCon 2012 - Gaining Access to User Android Data
byMichael Smith
 
PDF
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
bynooralmousa
 
PDF
iOS Application Penetation Test
byJongWon Kim
 
PDF
Data Decryption & Password Recovery
byAndrey Belenko
 
PDF
ASFWS 2011 - Secure software development for mobile devices
byCyber Security Alliance
 
PDF
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
byShakacon
 
PDF
2012 03 The Death of Passwords
byRaleigh ISSA
 
PDF
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
bySeth Law
 
PPTX
Mobile device security using transient authentication
byPaulo Martins
 
PPT
4471_mobile_device_security_handout.ppt
byBalwinderKaur626266
 
Android Forensics: Exploring Android Internals and Android Apps
byMoe Tanabian
 
Flash drives
byAnimesh Shaw
 
CBSE Informatics Practices Chapter-11 Basic Computer Organization
byFaizSSIS
 
iOS and BlackBerry Forensics
byAndrey Belenko
 
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
byEC-Council
 
CNIT 125 Ch 3. Asset Security
bySam Bowne
 
2. Asset Security
bySam Bowne
 
Using fault injection attacks for digital forensics
byJustin Black
 
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
byPositive Hack Days
 
DefCon 2012 - Gaining Access to User Android Data
byMichael Smith
 
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
bynooralmousa
 
iOS Application Penetation Test
byJongWon Kim
 
Data Decryption & Password Recovery
byAndrey Belenko
 
ASFWS 2011 - Secure software development for mobile devices
byCyber Security Alliance
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
byShakacon
 
2012 03 The Death of Passwords
byRaleigh ISSA
 
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
bySeth Law
 
Mobile device security using transient authentication
byPaulo Martins
 
4471_mobile_device_security_handout.ppt
byBalwinderKaur626266
 

More from Maxim Gaponov

PDF
Behind the Code 'September 2022 // by Exness
byMaxim Gaponov
 
PDF
Paper Prototyping for Agile Development
byMaxim Gaponov
 
PDF
Развитие команд
byMaxim Gaponov
 
PDF
User Story Canvas
byMaxim Gaponov
 
PDF
Иду по приборам… Практические советы по визуализации работ. Москва
byMaxim Gaponov
 
KEY
Иду по приборам. Львов, 2011
byMaxim Gaponov
 
PDF
Тактическое управление продуктами: все еще недостающее звено
byMaxim Gaponov
 
PDF
Бумажное прототипирование
byMaxim Gaponov
 
PDF
Как трансформируются компании и люди
byMaxim Gaponov
 
PDF
Организационные изменения и участие в них
byMaxim Gaponov
 
PDF
Работаем с требованиями при помощи ментальных карт. WhaleRider 2012
byMaxim Gaponov
 
PDF
Я, Трансформатор
byMaxim Gaponov
 
PDF
Проектируем взаимодействие с помощью... комиксов
byMaxim Gaponov
 
Behind the Code 'September 2022 // by Exness
byMaxim Gaponov
 
Paper Prototyping for Agile Development
byMaxim Gaponov
 
Развитие команд
byMaxim Gaponov
 
User Story Canvas
byMaxim Gaponov
 
Иду по приборам… Практические советы по визуализации работ. Москва
byMaxim Gaponov
 
Иду по приборам. Львов, 2011
byMaxim Gaponov
 
Тактическое управление продуктами: все еще недостающее звено
byMaxim Gaponov
 
Бумажное прототипирование
byMaxim Gaponov
 
Как трансформируются компании и люди
byMaxim Gaponov
 
Организационные изменения и участие в них
byMaxim Gaponov
 
Работаем с требованиями при помощи ментальных карт. WhaleRider 2012
byMaxim Gaponov
 
Я, Трансформатор
byMaxim Gaponov
 
Проектируем взаимодействие с помощью... комиксов
byMaxim Gaponov
 

Recently uploaded

PPTX
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
PPTX
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
PPTX
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PPTX
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
PPTX
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PPTX
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
DOCX
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PDF
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
PPTX
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
PDF
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
PDF
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 

Behind The Code // by Exness

  • 1.
  • 2.
    Hidden Threats of Technological Enhancements DmitrySklyarov / Security Researcher | Reverse Engineer
  • 3.
    Agenda 01. Password Managerson Smartphones 02. Flash Storage Forensics 03. 4G modem – best present ever!
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
    Authentication: Smartphone Password is theonly option on the smartphones. “Lock patterns” are essentially numeric passcodes [1-4-2-5-6-9-8]
  • 9.
    Password Typing PC: Full-sized keyboard, motormemory Long and complex passwords are easy
  • 10.
    PC: Full-sized keyboard, motor memory Longand complex passwords are easy Smartphone: Touch keyboard Long and complex passwords are hard Password Typing
  • 11.
    Password Typing It isfair to assume that passwords on the smartphones are shorter than their PC counterparts. * * * *
  • 12.
    Password Transformation Fast CPU Can docomplex password-to-key transforms PC:
  • 13.
    Password Transformation PC: Fast CPU Can docomplex password-to-key transforms Smartphone: Relatively slow CPU Complex password-to-key transforms will impact usability
  • 14.
    Password Cracking Offline attacks canutilize GPUs for attackers’ advantage
  • 15.
    Authentication Wrap Up PC: Password entered nottoo often (usually just after unlocking console) Smartphone: Password entered every time you need access data (after switching applications or after short time-out) Handling passwords on smartphone is more difficult than on PC Smartphone requires stronger password protection than PC but provides less capabilities for doing so!
  • 16.
    Threat Model Assumptions: 01. Attacker has: Recover masterpassword for password manager(s) on the mobile device Extract passwords stored by those managers 02. Attacker wants to: Physical access to the device, or Backup of the device, or Access to password manager database file
  • 17.
  • 18.
    Physical Access PC: Computers are relativelybig. Thus, hard to steal or lose. You know where it is (well, most of the time). Smartphone: Lots of phones go in wrong hands every year. Many are left in the bars. Do you really know where exactly your phone is right now?
  • 19.
    Physical Access Someone justgot physical access to the device
  • 20.
    Device Backup Apple iOS: Needdevice password Optional encryption (not enforced) PBKDF2-SHA1 with 20’000 iterations BlackBerry: Need device passcode or iTunes pairing Optional encryption (enforced by device) PBKDF2-SHA1 with 10’000 iterations
  • 21.
    Database Files Apple iOS: Needdevice password BlackBerry: Via afc (need passcode or iTunes pairing) Via SSH (jailbroken devices) Via physical imaging (up to iPhone 4)
  • 22.
    iOS Passcode Starting withiOS 4 passcode is involved in encryption of sensitive data Passcode key derivation is slowed down by doing 50’000 iterations - Each iteration requires talking to hardware AES - 6 p/s on iPhone 4 Can’t be performed off-line and scaled Checking all 6-digit passcodes will take more than 40 hours
  • 23.
    Cracking Passwords Name Keeper® Password& Data Vault Password Safe - iPassSafe Free Strip Lite - Password Manager SafeWallet - Password Manager DataVault Password Manager mSecure - Password Manager LastPass for Premium Customers 1Password Pro BlackBerry Password Keeper BlackBerry Wallet 1.0 BlackBerry Wallet 1.2 iOS passcode Complexity 1x MD5 1x AES-256 4000x PBKDF2-SHA1 + 1x AES-256 10x PBKDF2-SHA1 + 1x AES-256 1x SHA-256 + 1x SHA-1 1x SHA-256 + 1x Blowfish 2x SHA-256 + 1x AES-256 1x MD5 + 1x AES-128 3x PBKDF2-SHA1 + 1x AES-256 2x SHA-256 1x SHA-512 + 100x PBKDF2-SHA1 + 1x AES-256 50000 iterations with HW AES CPU p/s 60 M 20 M 5000 1500 K 7 M 300 K 5 M 15 M 5 M 6 M 200K 6 GPU p/s 6000 M N/A 160 K 20 M 500 M N/A 20 M 20 M 20 M 300 M 3200 K 0 Len/24h 14.7 12.2 10.1 12.2 13.6 10.4 12.2 12.2 12.2 13.4 11.4 5.7
  • 24.
    Cracking Passwords Name Keeper® Password& Data Vault Password Safe - iPassSafe Free Strip Lite - Password Manager SafeWallet - Password Manager DataVault Password Manager mSecure - Password Manager LastPass for Premium Customers 1Password Pro BlackBerry Password Keeper BlackBerry Wallet 1.0 BlackBerry Wallet 1.2 iOS passcode Complexity 1x MD5 1x AES-256 4000x PBKDF2-SHA1 + 1x AES-256 10x PBKDF2-SHA1 + 1x AES-256 1x SHA-256 + 1x SHA-1 1x SHA-256 + 1x Blowfish 500x PBKDF2-SHA256 + 1x AES-256 1x MD5 + 1x AES-128 3x PBKDF2-SHA1 + 1x AES-256 2x SHA-256 1x SHA-512 + 100x PBKDF2-SHA1 + 1x AES-256 50000 iterations with HW AES CPU p/s 60 M 20 M 5000 1500 K 7 M 300 K 12 K 15 M 5 M 6 M 200K 6 GPU p/s 6000 M N/A 160 K 20 M 500 M N/A 600 K 20 M 20 M 300 M 3200 K 0 Len/24h 14.7 12.2 10.1 12.2 13.6 10.4 10.7 12.2 12.2 13.4 11.4 5.7
  • 25.
    None of thetested password keepers offers reliable protection on top of OS security Using them on improperly configured device may expose sensitive data Paid apps are not necessarily more secure than free ones Summary
  • 26.
  • 27.
    Magnetic Recording Invented in1898 Media moves near magnetic head
  • 28.
  • 29.
    and smaller… Toshiba's 0.85”4GB HDD General principles still the same Any piece of data could be modified independently Erasing performed via overwriting Data erasure standards exists
  • 30.
    Flash Memory Intel’s m-SATA80G SSD (2010) Invented in 1984 Two major types: NOR (1988, Intel) NAND (1989, Toshiba) Stores electrical charge into a floating gate of transistor Able to retain data for 10-100 years
  • 31.
    Flash Memory Characteristics Any bytecould be written independently Need erase (make all bits=1) before re-writing Erasing with precision of block (e.g. 64K) only - Limited number of guaranteed erase cycles - Usually between 10’000 and 1’000’000 - Inerasable block should be marker as “bad” Some blocks could be inerasable when leaving factory
  • 32.
    Flash Memory Layout Spare areacould be used for: Marking bad pages/blocks Storing ECC data Holding Physical-to-Logical mapping information Bank 1 Bank 2 Bank 3 Erase Block 1 Erase Block 2 Erase Block 3 Page 1 Page 2 Page 3 Page N Erase Block N Bank N Data (512b) Spare
  • 33.
    Wear Leveling Dynamic processthat rearranges pages/blocks in order to extend flash lifetime Algorithms developed by memory device manufacturers Implementation details usually keeps secret Goal: evenly spread the erasing of blocks over the full range of physical blocks Data is written on blocks with the lowest erase count. Writing and erasing of data are evenly distributed. Blocks are maximized and ideally, fail at the same time.
  • 34.
    Logical Characteristics Simulates behavior ofcommon HDD Logical Block Addressing Logical Address translates to Physical Address by Flash Memory Controller TRIM command for SSD Intel’s m-SATA 80G SSD (2010)
  • 35.
    Logical Characteristics Flash-aware firmware Tight integrationbetween OS and Flash Memory Logical-to-Physical translation often performed on CPU Embedded Device (e.g. Smartphone)
  • 36.
    Flash Translation Layer (FTL) Responsiblefor finding Physical Page that represents actual data for specific Logical Page Number (LPN) of Block device State of mapping tables is stored in Flash and cached in RAM Unused (TRIM-ed) LPNs are not mapped at all
  • 37.
    Altering data in FlashStorage Any modification of data changes the mapping New data is written to new (free) page Previous version of page data (and content of TRIM-ed pages) still resides somewhere in Flash until block erased due to wear leveling or garbage collection
  • 38.
    FTL in iOSdevices LPN Implemented in software (runs on CPU) Spare area of Data pages contains: USN (Update Sequence Number) allows to find all Physical pages that were used to store data of some Logical page allows to build the ordered “history” of page copies
  • 39.
    Accessing raw Flash oniOS devices IOFlashControllerUserClient kernel service is available externalMethod functions allows perform “raw” reading of Physical pages ReadPage request support removed in iOS 5 - RAMdisk based on iOS 4 could help - It is possible to patch the kernel in memory and restore ability to read pages
  • 40.
    Which devices could beexamined? Anything prior to iPhone4S /iPad2/iPod5 by loading custom RAMdisk/Kernel 01. Jailbroken device by patching kernel in memory 03. Any iOS device if you know how to obtain digital signature for your RAMdisk from Apple 02.
  • 41.
    How “Forensic” isit? Not too much… Booting the iDevice causes some alteration of Flash content Obtaining Flash dump twice would not produce identical results 01. 02.
  • 42.
    Is there secure wayto erase data? Deleting file produces good result at logical level (due to TRIM) – better that HDD Neither deleting nor overwriting are actually removes the data at physical level – much worse than HDD Probability of successful data recovery depends on amount of unused space on Flash Storage (more space – more chances)
  • 43.
    03. 4G modem – bestpresent ever!
  • 44.
  • 45.
    Back side: nothing Explore textual markson Modem Hmm, what the actual manufacturer name and model number? Front side: 4G” logo operator’s logo Under the cover (access to SIM and SD cards): Operator’s internal model number IMEI Serial number
  • 46.
    Explore packaging Manufacturer name (ZTE)printed on the box and in booklet
  • 47.
    ZTE MF823 4G ModemSpecification LTE-FDD: 800/900/1800/2600MHz; UMTS: 900/2100MHz; LTE-FDD: DL/UL 100/50Mbps (Category3) DC-HSPA+: DL/UL 42/5.76Mbps Size: 90 x 28.4 x 13mm OS: Win7, Windows XP, Vista, Win8, Mac OS
  • 48.
    ZTE MF823 4GModem re-Branding MegaFon (Russia) Beeline (Russia) O2 (Germany) Three (UK) Altel (Kazakhstan)
  • 49.
    Is there Modem anymore? Afterplugging into PC running Windows 7: CWID USB SCSI CD-ROM USB Device ZTE MMC Storage USB Device (MicroSD Card Reader) After performing “Eject CD Drive”: CD-ROM (sometimes they come back!) MicroSD Card Reader Remote NDIS* based Internet Sharing Device *NDIS == Network Driver Interface Specification No drivers required! (at least on Windows 7 ;)
  • 50.
    Remote NDIS adapter properties >ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.0.182 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1
  • 51.
    How to speak withMF823? Results of ports scan for 192.168.0.1
  • 52.
    HTTP server on 192.168.0.1 GET/index.html HTTP/1.1 Host: 192.168.0.1 HTTP/1.1 404 Site or Page Not Found GET / HTTP/1.1 Host: 192.168.0.1 HTTP/1.0 302 Redirect Server: GoAhead-Webs/2.5.0 Location: http://192.168.0.1/index.html
  • 53.
    HTTP server Handlers DefinedUrlHandlers: /goform /cgi-bin /mmc2 /api/xmlclient/post /client/backup /api/nvramul.cgi Defined GoForm handlers: /goform/goform_get_cmd_process /goform/goform_set_cmd_process /goform/goform_process /goform/formTest
  • 54.
    Getting diagnostics info http://192.168.0.1/goform/ goform_get_cmd_process? cmd=device_diagnostics Returns: productNamesoftwareVersion modemVersion routerVersion webUiVersion hardwareVersion serialNumber simSerialNumber simMsisdn deviceImei simImsi simStatus sdCardAvailable sdCardTotalMemory sdCardUsedMemory currentConnectedUsers maxConnectedUsers timeSinceStartup
  • 55.
    Switching to Download (FACTORY)mode http://192.168.0.1/goform/goform_process? goformId=MODE_SWITCH&switchCmd=FACTORY New devices appears: ZTE Diagnostics Interface (COMX) ZTE NMEA Device (COMY) ZTE Proprietary USB Modem NB: Send AT+ZCDRUN=F to COM-port associated with “ZTE NMEA Device” to return from Download mode
  • 56.
    telnetd on 192.168.0.1 OpenEmbeddedLinux 9615-cdp msm 20130729 9615-cdp 9615-cdp login: root Password: zte9x15 root@9615-cdp:~# id uid=0(root) gid=0(root) groups=0(root)
  • 57.
    Root is good! Full-featuredARM-based Linux busybox apps (e.g. nc and netstat) iptables tcpdump gdbserver CD image at /usr/zte_web/ZTEMODEM.ISO HTTP server root at /usr/zte_web/web/* auto_apn copy zte_log
  • 58.
  • 59.
  • 60.
    What are thetreats? log all internet activity replicate all internet activity access to local network? GPS-enabled? store/report GPS location WiFi-enabled? access to local WiFi under remote management controls all external traffic
  • 61.
  • 62.
  • 63.
    eBPF the hidden linux superpower AlexanderSungurov, Exness / Security Architect
  • 64.
    Bit of history 01.Who knows what is BPF/eBPF/Systemtap/DTrace? 02. Have you ever used any of these technology before? 03. Why do we need eBPF if we already have /proc/vmstat/lsof/strace/tcpdump/ ... ?
  • 65.
    Bit of history Whoknows what is BPF/eBPF/Systemtap/DTrace? 01. Why do we need eBPF if we already have /proc/vmstat/lsof/strace/tcpdump/ ... ? 03. Have you ever used any of these technology before? 02.
  • 66.
    Man bpf * Runcode in the kernel without having to write a ko (kernel module) Description The bpf() system call performs a range of operations related to extended Berkeley Packet Filters. Extended BPF (or eBPF) is similar to the original ("classic") BPF (cBPF) used to filter network pack‐ ets. For both cBPF and eBPF programs, the kernel statically analyzes the programs before loading them, in order to ensure that they cannot harm the running system. eBPF extends cBPF in multiple ways, including the ability to call a fixed set of in-kernel helper functions (via the BPF_CALL opcode extension provided by eBPF) and access shared data structures such as eBPF maps. limited C eBPF bytecode
  • 67.
    λ ~ sudotcpdump host 127.0.0.1 and port 80 -d (000) ldb [0] (001) and #0xf0 (002) jeq #0x40 jt 3 jf 19 (003) ld [12] (004) jeq #0x7f000001 jt 7 jf 5 (005) ld [16] (006) jeq #0x7f000001 jt 7 jf 19 (007) ldb [9] (008) jeq #0x84 jt 11 jf 9 (009) jeq #0x6 jt 11 jf 10 (010) jeq #0x11 jt 11 jf 19 (011) ldh [6] (012) jset #0x1fff jt 19 jf 13 (013) ldxb 4*([0]&0xf) (014) ldh [x + 0] (015) jeq #0x50 jt 18 jf 16 (016) ldh [x + 2] (017) jeq #0x50 jt 18 jf 19 (018) ret #262144 (019) ret #0 tcpdump?
  • 68.
    Enhanced BPF Observability Intrusion Detection Containersecurity DDoS mitigation SDN verifier / linter BPF BPF actions sockets user probes (uprobes) kernel probes (kprobes) tracepoints kernel
  • 69.
  • 70.
    Security -> IDS/ EDR Сustomizable Lighter Fast reaction
  • 71.
    Observability -> Debug/ Profiling View all what you need
  • 72.
    eXpress Data Path(XDP) Allows easily mitigate DDoS attacks on L3-L7 Your weakest point is your network bandwidth Requires supported network cards to offload XDP program on it Application Network devices BPF program Network stack Kernel Fast drop
  • 73.
  • 74.
    Tools ● bcc –BPF Compiler Collection ● Cilium – container-aware eBPF-based Networking, Observability, Security ● Katran – high-performance layer 4 load balancing forwarding plane ● Falco – Open Source Security Tool for containers, Kubernetes and Cloud ● bpftrace – High-level tracing language for Linux eBPF ● KubeArmor – Container-aware Runtime Security Enforcement System ● Tracee – Linux Runtime Security and Forensics using eBPF ● Pixie – Scriptable observability for Kubernetes
  • 75.
    eBPF use-cases ● Facebookuses Katran as a software-based solution to load balancing at a FB scale. ● Google announces Cilium & eBPF as the new networking dataplane for GKE. ● Netflix uses eBPF flow logs at scale for network insight. ● Cloudflare used eBPF to Build Programmable filter in Magic Firewall ● CF uses XDP to mitigate DDoS attacks ● etc …
  • 76.
    One-liners / quickexamples ● files opened by process: bpftrace -e 'tracepoint:syscalls:sys_enter_open { printf("%s %sn", comm, str(args->filename)); }' ● Any invoked processes / forks / children: bpftrace -e 'tracepoint:syscalls:sys_enter_exec* { printf("%s %sn", comm, str(args->filename)); } ● get any line entered in bash (command sniffing): bpftrace -e 'uretprobe:/bin/bash:readline { printf("readline: "%s"n", str(retval)); }'
  • 77.
    References / Credits ●Brendan Gregg’s blog - http://www.brendangregg.com/ ● IOVisor project - https://www.iovisor.org/ ● Project Cilium - https://cilium.io/ ● BCC - https://github.com/iovisor/bcc ● Linux kernel project - https://kernel.org
  • 78.
  • 79.
    Corporate Cryptocurrency Wallet Management Valery Tyukhmenev,Exness / Application Security Engineer | The Wheel Reinventor
  • 80.
    Cryptocurrency is decentralizeddigital money that’s based on blockchain technology. A blockchain is an open, distributed ledger that records transactions in code. In practice, it’s a little like a checkbook that’s distributed across countless computers around the world. Transactions are recorded in “blocks” that are then linked together on a “chain” of previous cryptocurrency transactions. What is cryptocurrency? 86 86 86 86 86 Corporate Cryptocurrency Wallet Management Cryptocurrency https://www.forbes.com/advisor/investing/cryptocurrency/what-is-cryptocurrency/ https://marketing.exness.com/crypto/
  • 81.
    87 87 87 87 87 Corporate CryptocurrencyWallet Management https://www.forbes.com/sites/jonathanponciano/2022/03/29/second -biggest-crypto-hack-ever-600-million-in-ethereum-stolen-from-nft- gaming-blockchain/ Why it should be protected?
  • 82.
    88 88 88 88 88 Corporate CryptocurrencyWallet Management https://crystalblockchain.com/s ecurity-breaches-and-fraud-inv olving-crypto/ Why it should be protected?
  • 83.
    89 89 89 89 89 Corporate CryptocurrencyWallet Management https://www.coinparticle.com/market/all Cryptocurrency
  • 84.
    Know Your Transactionor KYT is a commonly used financial industry term that refers to the process of examining financial transactions for fraudulent or suspicious activities including money laundering. As cryptocurrency adoption continues to grow, it has been important for institutions to have the ability to drill down into crypto transactions for evidence of financial crimes. Addition to KYC / AML 90 90 90 90 90 Corporate Cryptocurrency Wallet Management KYT (Know Your Transaction) https://crystalblockchain.com/articles/the-importanc e-of-knowing-your-cryptocurrency-transaction-kyt/
  • 85.
    91 91 91 91 91 Wallet Types Hot Wallet ●Private key is being stored on special hardware device with ● no internet access ● Requires manual actions ● for signing ● Usually signed TX is being broadcasted on separate device ● Best overall security Corporate Cryptocurrency Wallet Management https://glacierprotocol.org/ ● Easiest to start using crypto ● Keys are being generated and stored online ● Transactions (TXs) are being signed by provider ● Lowest security level ● Uses proprietary software to generate and store wallets ● Keys stored offline on device (eg smartphone) ● TXs are being signed on user’s device ● Balanced approach for everyday usage Warm Wallet Cold Wallet
  • 86.
    The enclosed instructionstell the person to connect the Ledger to their computer, open a drive that appears, and run the enclosed application. The instructions then tell the person to enter their Ledger recovery phrase to import their wallet to the new device. Hardware Wallets is not a panacea 92 92 92 92 92 Corporate Cryptocurrency Wallet Management https://www.bleepingcomputer.com/news/cryptocurrency/criminals-are-mailing-alt ered-ledger-devices-to-steal-cryptocurrency/ Wallet Types
  • 87.
    93 93 93 93 93 Crypto CustodyTypes Corporate Cryptocurrency Wallet Management ● Custodian handles any problems ● Easier for small business ● Usually have insurance ● Custodian controls crypto liquidity (can be frozen etc) ● Custodian may be hacked (or any other 3rd-party risk) ● Fees can be applied Third-party custody ● Full control of crypto liquidity ● No 3rd party risks ● Have to handle the management of keys ● Also can be hacked Self-Custody
  • 88.
    This standard defineshow to derive private and public keys of a wallet from a binary master seed (m) and an ordered set of indices (called path) usually provided by values separated by slash: m / purpose' / coin_type' / account' / change / address_index m / 44' / 0' / 1' / 3 / 37 There are two possible types of BIP32 derivation: hardened or non-hardened How does it work? 94 94 94 94 94 Corporate Cryptocurrency Wallet Management Hierarchical Deterministic Wallets (BIP-0032) https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki
  • 89.
    95 95 95 95 95 Corporate CryptocurrencyWallet Management https://medium.com/@blainemalone01/hd-wallets-why -hardened-derivation-matters-89efcdc71671 https://learnmeabitcoin.com/technical/extended-keys A parent extended public key together with a non-hardened child private key can expose the parent private key. Hierarchical Deterministic Wallets
  • 90.
    96 Corporate Cryptocurrency WalletManagement Corporate Key Structure
  • 91.
    Hardware Security Modules(HSMs) are hardware devices that can reside on a computer motherboard, but the more advanced models are contained in their own chassis as an external device and can be accessed via the network. What are HSM & TPM? 97 97 97 97 97 Corporate Cryptocurrency Wallet Management HSM Trusted Platform Modules (TPMs) are small hardware devices that are usually embedded into computer motherboards and are available as external devices. https://goteleport.com/blog/tpm-vs-hsm-difference/ Hardware Security Module TPM Trusted Platform Module
  • 92.
    Mechanism that movesmultiple signatures verification on the blockchain side. scriptPubKey: m {pubkey}...{pubkey} n OP_CHECKMULTISIG scriptSig: OP_0 ...signatures… Order matters! OP_0 sigB sigA OP_2 pubA pubB pubC OP_3 OP_CHECKMULTISIG -> fail 98 98 98 98 98 Corporate Cryptocurrency Wallet Management Bitcoin Multisig (BIP-0011) https://www.forbes.com/advisor/investing/cryptocurrency/what-is-cryptocurrency/ https://marketing.exness.com/crypto/
  • 93.
    99 99 99 99 99 Corporate CryptocurrencyWallet Management Real-World Business Bitcoin Multisig Implementation
  • 94.
    100 100 100 100 100 Corporate Cryptocurrency WalletManagement Real-World Business Bitcoin Multisig Implementation
  • 95.
    101 101 101 101 101 Corporate Cryptocurrency WalletManagement Real-World Business Bitcoin Multisig Implementation
  • 96.
    102 102 102 102 102 MPC TSS DKG Multi-party computation] [ Distributed key generation ] [ Threshold signature scheme ] [ Corporate Cryptocurrency Wallet Management https://github.com/ZenGo-X/awesome-tss Multiple Bugs in Multi-Party Computation: https://www.youtube.com/watch?v=0Okqvm4lBQI Allows to make the signature and derive the keys without having the private key in the same place Allows to generate the private key parts without having the original one in the same place Allows to make a signature of transaction having M of N required secret parts ● Can be combined with standards like multisig & hd wallets ● Universal solution for multiple blockchains ● Requires more research for enterprise usage MPC, TSS, DKG New Wave of Secure Cryptocurrency Management
  • 97.