In the last years several things have chaned in the world of iOS forensics, both in terms of acquisition and in terms of analysis. The objective of this presentation is to provide an overview of the state of the art in terms of acquisition techniques and overcoming of the device's protection mechanisms, in particular the access code chosen by the user. In addition, the presentation aims to highlight what information we are missing by using the techniques and tools available on the market and what are the alternative paths we can use to overcome this problem
IoT devices are an emerging field in IT in general and of course in Digital Forensics. It is more and more common to read about news on investigation made also by means of analysing data stored on IoT devices. As any other smart device, Smart TVs can be connected to Internet and interact with other devices in home or business contexts, becoming a potentially target of criminal activity and a source of information during digital investigations related to the reconstruction of user’s activity. However the lack of documentations, the uses of proprietary and closed-‐source operating systems and the risk to damage the devices during experiments make researches about Smart TVs challenging in cyber security and digital forensics fields.
This presentation offers an overview on how to deal with an Apple TV from the point of view of digital forensics analyst: what kind of information we can obtain and how to analyze it.
IoT devices are an emerging field in IT in general and of course in Digital Forensics. It is more and more common to read about news on investigation made also by means of analysing data stored on IoT devices. As any other smart device, Smart TVs can be connected to Internet and interact with other devices in home or business contexts, becoming a potentially target of criminal activity and a source of information during digital investigations related to the reconstruction of user’s activity. However the lack of documentations, the uses of proprietary and closed-‐source operating systems and the risk to damage the devices during experiments make researches about Smart TVs challenging in cyber security and digital forensics fields.
This presentation offers an overview on how to deal with an Apple TV from the point of view of digital forensics analyst: what kind of information we can obtain and how to analyze it.
Cant touch this: cloning any Android HCE contactless cardSlawomir Jasek
There is no doubt that mobile contactless payments has grown exponentially and Host Card Emulation – the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware, has also significantly boosted the number of applications.
HCE support for Android is usually delivered as an external, certified “black-box” library to compile in your application. Obviously vendors promise “highest level of security” – including: card data tokenization, “secure element in the cloud”, device fingerprinting, phone unlock requirement, code obfuscation, additional authorization, etc. For mobile payments, they often successfully convince implementing bank that it is technically impossible to “clone” a virtual card from owner’s device to another one.
Based on several assessments, we have noticed that even IT security representatives were surprised by the possibilities of mobile malware to attack the process. Not to mention risk departments, which took into consideration only a few limited-value fraudulent transactions made by an accidental thief using a stolen phone. Therefore, delivering the PoC demo of card cloning to a different device, every time caused confusion and uncertainty the least. Furthermore, proving that the intruder is also able to renew virtual card tokens, or make payments for higher amounts, turned out to be a shock.
With introduction of root-exploiting financial malware, they already have technical means to attack HCE. Therefore it is now crucial to understand associated risks, and properly plan mitigation ahead. This presentation will start with a short introduction on HCE – including “ISIS”‘s role in its complicated history, current coverage and growth predictions, basics of operation, typical infrastructure and differences in hardware Secure Element. We will cover several possibilities to attack HCE including a universal method of cloning any Android contactless payment (including Google’s own Android Pay) to a different device. Several layers of security mechanisms to mitigate the risk will be presented along with some statistics on methods used by current applications. The audience will leave with a deep understanding of HCE technology and its limitations, along with exemplary solutions to potential problems.
Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy toolSlawomir Jasek
Bluetooth Low Energy is probably the most thriving technology implemented recently in all kinds of IoT devices: gadgets, wearables, smart homes, medical equipment and even banking tokens. The BLE specification assures secure connections through link-layer encryption, device whitelisting and bonding - a mechanisms not without flaws, although that's another story we are already aware of. A surprising number of devices do not (or simply cannot - because of the use scenario) utilize these mechanisms. The security (like authentication) is, in fact, provided on higher "application" (GATT protocol) layer of the data exchanged between the "master" (usually mobile phone) and peripheral device. The connection from "master" in such cases is initiated by scanning to a specific broadcast signal, which by design can be trivially spoofed. And guess what - the device GATT internals (so-called "services" and "characteristics") can also be easily cloned.
Using a few simple tricks, we can assure the victim will connect to our impersonator device instead of the original one, and then just proxy the traffic - without consent of the mobile app or device. And here it finally becomes interesting - just imagine how many attacks you might be able to perform with the possibility to actively intercept the BLE communication! Basing on several examples, I will demonstrate common flaws possible to exploit, including improper authentication, static passwords, not-so-random PRNG, excessive services, bad assumptions - which allow you to take over control of smart locks, disrupt smart home, and even get a free lunch. I will also suggest best practices to mitigate the attacks. Ladies and gentlemen - I give you the BLE MITM proxy. A free open-source tool which opens a whole new chapter for your IoT device exploitation, reversing and debugging. Run it on a portable Raspberry Pi, carry around BLE-packed premises, share your experience and contribute to the code.
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw.
The presentation was done as part of null/OWASP/G4H Monthly Meet
Hardwear.io 2018 BLE Security Essentials workshopSlawomir Jasek
Bluetooth Low Energy (Smart, 4) is recently gaining more and more traction as one of the most common and rapidly growing IoT technologies. Unfortunatelly the prevalence of technology does not come with security. Alarming vulnerabilities in BLE smart locks, medical devices and banking tokens are revealed day by day. And yet, the knowledge on how to comprehensively assess them seems very uncommon.
In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. You will learn how to program and flash it yourself, using special web interface and ready templates. Such approach allows to better understand how things work “under the hood”, experiment with different options, and then secure the hardware properly.
From attacker’s perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay.
Having enough time, we will play with a collection of vulnerable smart locks, sex toys and other devices.
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudNick Landry
The Internet of Things (IoT) is here today in the devices, sensors, cloud services, and data your business uses. While it’s easy to connect a few devices to the cloud and send telemetry data, how do you scale this to hundreds or thousands or millions of devices? Microsoft delivers a flexible cloud-based approach that enables enterprises to capitalize on IoT by gathering, storing, and processing data centrally. This session provides an overview of Azure IoT Services including telemetry ingestion in IoT Hubs, near-real time stream analytics, reliable, bi-directional communication, device registration & security, transient or permanent storage, data processing, and finally presentation & visualization. We’ll also cover how Azure IoT Hubs support a broad set of devices, operating systems like Linux, Windows, mbed & TI RTOS, as well as protocols like HTTPS, MQTT and AMQPS. Learn about Microsoft's open position on IoT, and the technology and services being delivered to help you easily build IoT solutions tailored to your needs.
iOS device protection techniques include Secure Enclave, Touch ID, keychain, code sign, and baseband hardware integration. Main iOS device protection originates from Apple’s Secure Enclave mechanism, which is likely based on ARM TrustZone technology and is highly customized.
iOS Secure Enclave protection based on ARM TrustZone technology provides fairly good security by using both hardware segregation and proven cryptographic algorithms. This hardware assisted security implementation is by far the most secure solution for mobile device applications.
However, software/firmware with defects is still the weakest link under attack. In such case there is no complete security guarantee for both normal world and secure world.
-Specifically, low-level device attack could come from direct TrustZone hardware attack, driver reverse engineering, TEE firmware attack, and device jailbreaking
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
Cant touch this: cloning any Android HCE contactless cardSlawomir Jasek
There is no doubt that mobile contactless payments has grown exponentially and Host Card Emulation – the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware, has also significantly boosted the number of applications.
HCE support for Android is usually delivered as an external, certified “black-box” library to compile in your application. Obviously vendors promise “highest level of security” – including: card data tokenization, “secure element in the cloud”, device fingerprinting, phone unlock requirement, code obfuscation, additional authorization, etc. For mobile payments, they often successfully convince implementing bank that it is technically impossible to “clone” a virtual card from owner’s device to another one.
Based on several assessments, we have noticed that even IT security representatives were surprised by the possibilities of mobile malware to attack the process. Not to mention risk departments, which took into consideration only a few limited-value fraudulent transactions made by an accidental thief using a stolen phone. Therefore, delivering the PoC demo of card cloning to a different device, every time caused confusion and uncertainty the least. Furthermore, proving that the intruder is also able to renew virtual card tokens, or make payments for higher amounts, turned out to be a shock.
With introduction of root-exploiting financial malware, they already have technical means to attack HCE. Therefore it is now crucial to understand associated risks, and properly plan mitigation ahead. This presentation will start with a short introduction on HCE – including “ISIS”‘s role in its complicated history, current coverage and growth predictions, basics of operation, typical infrastructure and differences in hardware Secure Element. We will cover several possibilities to attack HCE including a universal method of cloning any Android contactless payment (including Google’s own Android Pay) to a different device. Several layers of security mechanisms to mitigate the risk will be presented along with some statistics on methods used by current applications. The audience will leave with a deep understanding of HCE technology and its limitations, along with exemplary solutions to potential problems.
Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy toolSlawomir Jasek
Bluetooth Low Energy is probably the most thriving technology implemented recently in all kinds of IoT devices: gadgets, wearables, smart homes, medical equipment and even banking tokens. The BLE specification assures secure connections through link-layer encryption, device whitelisting and bonding - a mechanisms not without flaws, although that's another story we are already aware of. A surprising number of devices do not (or simply cannot - because of the use scenario) utilize these mechanisms. The security (like authentication) is, in fact, provided on higher "application" (GATT protocol) layer of the data exchanged between the "master" (usually mobile phone) and peripheral device. The connection from "master" in such cases is initiated by scanning to a specific broadcast signal, which by design can be trivially spoofed. And guess what - the device GATT internals (so-called "services" and "characteristics") can also be easily cloned.
Using a few simple tricks, we can assure the victim will connect to our impersonator device instead of the original one, and then just proxy the traffic - without consent of the mobile app or device. And here it finally becomes interesting - just imagine how many attacks you might be able to perform with the possibility to actively intercept the BLE communication! Basing on several examples, I will demonstrate common flaws possible to exploit, including improper authentication, static passwords, not-so-random PRNG, excessive services, bad assumptions - which allow you to take over control of smart locks, disrupt smart home, and even get a free lunch. I will also suggest best practices to mitigate the attacks. Ladies and gentlemen - I give you the BLE MITM proxy. A free open-source tool which opens a whole new chapter for your IoT device exploitation, reversing and debugging. Run it on a portable Raspberry Pi, carry around BLE-packed premises, share your experience and contribute to the code.
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw.
The presentation was done as part of null/OWASP/G4H Monthly Meet
Hardwear.io 2018 BLE Security Essentials workshopSlawomir Jasek
Bluetooth Low Energy (Smart, 4) is recently gaining more and more traction as one of the most common and rapidly growing IoT technologies. Unfortunatelly the prevalence of technology does not come with security. Alarming vulnerabilities in BLE smart locks, medical devices and banking tokens are revealed day by day. And yet, the knowledge on how to comprehensively assess them seems very uncommon.
In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. You will learn how to program and flash it yourself, using special web interface and ready templates. Such approach allows to better understand how things work “under the hood”, experiment with different options, and then secure the hardware properly.
From attacker’s perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay.
Having enough time, we will play with a collection of vulnerable smart locks, sex toys and other devices.
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudNick Landry
The Internet of Things (IoT) is here today in the devices, sensors, cloud services, and data your business uses. While it’s easy to connect a few devices to the cloud and send telemetry data, how do you scale this to hundreds or thousands or millions of devices? Microsoft delivers a flexible cloud-based approach that enables enterprises to capitalize on IoT by gathering, storing, and processing data centrally. This session provides an overview of Azure IoT Services including telemetry ingestion in IoT Hubs, near-real time stream analytics, reliable, bi-directional communication, device registration & security, transient or permanent storage, data processing, and finally presentation & visualization. We’ll also cover how Azure IoT Hubs support a broad set of devices, operating systems like Linux, Windows, mbed & TI RTOS, as well as protocols like HTTPS, MQTT and AMQPS. Learn about Microsoft's open position on IoT, and the technology and services being delivered to help you easily build IoT solutions tailored to your needs.
iOS device protection techniques include Secure Enclave, Touch ID, keychain, code sign, and baseband hardware integration. Main iOS device protection originates from Apple’s Secure Enclave mechanism, which is likely based on ARM TrustZone technology and is highly customized.
iOS Secure Enclave protection based on ARM TrustZone technology provides fairly good security by using both hardware segregation and proven cryptographic algorithms. This hardware assisted security implementation is by far the most secure solution for mobile device applications.
However, software/firmware with defects is still the weakest link under attack. In such case there is no complete security guarantee for both normal world and secure world.
-Specifically, low-level device attack could come from direct TrustZone hardware attack, driver reverse engineering, TEE firmware attack, and device jailbreaking
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
iCloud securely stores your photos, videos, documents, music, apps, and more — and keeps them updated across all your devices. So you always have access to what you want, wherever you want it.
Apple's iCloud promises to synchronize all of your devices -- as long as they're made by Apple. See how Apple's iCloud stacks up to its competitors
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
The Samsung, now Seagate, SecretZone (SSZ) is a software program that protects personal information by creating a secure, password-‐protected folder on the Samsung external drive. This software is provided free along with Samsung devices, as for example a M series device, and can only be used with such devices.
This presentation will share two real DF cases where such tool was used by the suspects to hide their data, and how these cases were handled to overcome such protection. Moreover a major flaw in the SSZ implementation will be addressed, which allows to easily decrypt the whole "secret zone", despite the strong algorithms used (AES, Blowfish).
Windows credentials manager stores users’ credentials in special folders called vaults. Being able to access such credentials could be truly useful during a digital investigation for example, to gain access to other protected systems. Moreover, if data is in the cloud, there is the need to have the proper tokens to access it. This presentation will describe vaults’ internals and how they can be decrypted; the related
Python Open Source code will be made publicly available. During the session, credentials and vaults coming from Windows 7, Windows 8.1 and Windows 10 will be decrypted, focusing on particular cases of interest. Finally, the presentation will address the challenges coming from Windows Phone, such as getting system-users’ passwords and obtaining users’ ActiveSync tokens.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
5. •iOS devices use full disk encryption
•Other protection layers
(i.e. per-file key, backup password)
•JTAG ports are not available
•Chip-off techniques are not useful
because of full disk encryption
• But some experimental techniques are just out!
5
iOS Acquisition Challenges
6. •Turned off device
•LEAVE IT OFF!
•Turned on device
(locked or unlocked)
•DON’T TURN IT OFF AND
THINK!
6
iOS Forensics RULES!
7. 1.Activate Airplane mode
2.Connect to a power source
(i.e. external battery)
3.Verify the model
4.Verify the iOS version
7
PRESERVATION -Turned ON and LOCKED
10. 10
IDENTIFICATION - Identify the model (II) and the iOSVersion
•Libimobiledevice (Linux/Mac)
http://www.libimobiledevice.org/
•iMobiledevice (Windows)
http://quamotion.mobi/iMobileDevice/
•ideviceinfo -s
•They also work on locked devices!
13. 1. Prevent the phone locking!
I. Don’t press power button!
II. Disable Auto-lock!
2. Verify if a lock code is set!
3. Activate Airplane mode
4. Acquire the data as soon as possible, keeping the phone
unlocked!
OR
Connect to a computer to «pair» the iPhone
OR
1. Connect to a power source (i.e. external battery)
2. Identify the model
3. Identify the iOS version
13
PRESERVATION -Turned ON and UNLOCKED
16. • iTunes Backup Can be password protected!
• Apple File Relay Zdziarski, 2014 – Up to iOS 7
• Apple File Conduit Result depends on iOS version
• iCloud Already stored data or forced
• Full file system Possible only on jailbroken devices
File System
• Available up to iPhone 4
• Possible on jailbroken devices
Physical
16
ACQUISITION - Acquisition techniques
17. • Physical acquisition is always
possible
• In case of simple passcode all data
will be decrypted
• In case of complex passcode you
will get in any case native
applications data (i.e. address book,
SMS, notes, video, images, etc.)
17
ACQUISITION - iPhone 4 and below
18. 18
ACQUISITION –
Turned ON and unlocked –Turned OFF and without passcode
• Always possible doing some kind of file
system acquisition
• The obtained data strongly depends on
the iOS version
• General approach
• Connect the phone to a computer
containing iTunes or a mobile
forensics tool
• ”Pair” the phone with the computer
• Acquire the data with the various
possible techniques/protocols
19. 19
ACQUISITION –
Turned ON and unlocked –Turned OFF and without passcode
• Possible problems:
• Backup password
• Managed devices
Connection to PC inhibited
• iOS 11 (!!!)
20. 20
iOS 11 – Lockdown generation
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
• Establishing Trust
(“pairing”) with a PC now
requires the passcode!
21. 21
ACQUISITION -Turned ON and LOCKED
•Search for a lockdown certificate on
a synced computer
•Unlock through fingerprint
•Try to force an iCloud backup
•Specific iOS version vulnerability for
bypassing passcode
22. 22
ACQUISITION – Lockdown certificate
• Stored in:
• C:Program DataAppleLockdown Win 7/8/10
• /private/var/db/lockdown Mac OS X
• Certificate file name Device_UDID.plist
• The certificate can be extracted from the computer
and used in another with some forensic tools or
directly with iTunes
• Lockdown certificate stored on a computer is valid
for 30 days
• Lockdown certificate can be used within 48 hours
since last user unlocked with the passcode
23. • To configure Touch ID, you must first set up a
passcode. Touch ID is designed to minimize
the input of your passcode; but your passcode
will be needed for additional security
validation:
• After restarting your device
• When more than 48 hours have elapsed
from the last time you unlocked your device
• To enter the Touch ID & Passcode setting
• https://support.apple.com/en-us/HT204587
23
ACQUISITION – Fingerprint Unlock
24. 24
iOS 11 – SOS Mode
• Apple has added an new emergency
feature designed to give users an
intuitive way to call emergency by
simply pressing the Power button
five times in rapid succession
• This SOS mode not only allows
quickly calling an emergency number,
but also disables Touch ID
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
25. 25
ACQUISITION – Force iCloud backup
• Be careful when using this option and try other
methods first!
• Possible overwriting of already existing backup
• Risk of remote wiping
• Follow this approach:
• Bring the device close to a known Wi-Fi network
• Connect to a power source
• Wait a few hours
• Request data from Apple or download it
• Legal authorization
• Credentials or token is needed
26. • A comprehensive and continuously updated list
is maintained at:
• http://blog.dinosec.com/2014/09/bypas
sing-ios-lock-screens.html
• Latest available for iOS 10.3
• CVE-2017-2397
• “An issue was discovered in certain Apple
products. iOS before 10.3 is affected. The
issue involves the "Accounts" component. It
allows physically proximate attackers to
discover an Apple ID by reading an iCloud
authentication prompt on the lock screen.”
26
ACQUISITION – Specific iOS version vulnerability
27. • Try to use a lockdown
certificate
• It works well on iOS 7 (AFR and AFC)
• It can still get some data on iOS 8 (AFC)
• Not useful on iOS 9/10/11
• Some specific unlocking tools
• They work on iOS 7 and iOS 8
• UFED User Lock Code Recovery Tool
• IP-BOX
• MFC Dongle
• Xpin Clip
27
ACQUISITION –Turned OFF and LOCKED
31. 31
Alternative options
• Local backup stored on user’s computer
• Other data stored on user’s computer
• iCloud acquisition
• Experimental techniques (chip-off)
37. 37
Other data stored on the user’s computer
• Windows
• C:ProgramDataAppleComputer
• iTunesiPodDevices.xml Connected iOS devices
• C:Users[username]AppDataRoamingApple Computer
• MobileSyncBackup Device Backup
• Logs Various device logs
• MediaStream PhotoStream information
• iTunes iTunes Preferences and Apple
account information
• Mac OS X
• https://www.mac4n6.com/resources/
• Sarah Edwards
• Ubiquity Forensics - Your iCloud and You
41. 41
Logs folder
• Installed applications list and usage
• Various logs like PowerLog, Security, OnDemand
• iTunes username
• itunesstored.2.log file
• File name of e-mail attachments
• MobileMail logs
• List of Wi-Fi networks and history of latest
connections
• Wi-Fi logs
46. • You need
• User credentials
OR
• Token extracted from a computer (Windows/Mac)
• Only if iCloud Control Panel is installed!
• You can obtain
• iCloud Device Backup
• iCloud Calendars
• iCloud Contacts
• Photo Streams
• Email
• Specific application data
46
iCloud Acquisition
54. • You can request:
• Subscriber information
• Mail logs
• Email content
• Other iCloud Content
• iOS Device Backups
• iCloud Photo Library
• iCloud Drive
• Contacts
• Calendar
• Bookmarks
• Safari Browsing History
• Find My iPhone
• Game Center
• iOS Device Activation
• Sign-on logs
• My Apple ID and iForgot logs
• FaceTime logs
54
Apple support
https://images.apple.com/legal/privacy/law-enforcement-guidelines-outside-us.pdf
55. • Recently published research by Sergei Skorobogatov
• The bumpy road towards iPhone 5C NAND mirroring
• http://www.cl.cam.ac.uk/~sps32/5c_proj.html
• https://arxiv.org/pdf/1609.04327v1.pdf
• https://www.youtube.com/watch?v=tM66GWrwbsY
55
Chip Off (Experimental)