CanSecWest 2013 - iOS 6 Exploitation 280 Days LaterStefan Esser
With the release of iOS6 Apple has cracked down on all published iOS exploitation information. It seems that nearly every trick and technique discussed in talks/papers or books of the last years has been taken care of by Apple in order to stop exploitation for jailbreaking or more malicious purposes.
This talk will tie in with the iOS6 Security talk by Azimuth Security that discussed various kernel hardenings performed by Apple, and discuss further security relevant changes in iOS 6.1 kernel affecting kernel exploitation and user space exploitation.
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
Talk from SyScan 2015 about Apple Security failing to patch vulnerabilities over and over again, because they have apparently no QA at all on security patches.
CanSecWest 2013 - iOS 6 Exploitation 280 Days LaterStefan Esser
With the release of iOS6 Apple has cracked down on all published iOS exploitation information. It seems that nearly every trick and technique discussed in talks/papers or books of the last years has been taken care of by Apple in order to stop exploitation for jailbreaking or more malicious purposes.
This talk will tie in with the iOS6 Security talk by Azimuth Security that discussed various kernel hardenings performed by Apple, and discuss further security relevant changes in iOS 6.1 kernel affecting kernel exploitation and user space exploitation.
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
Talk from SyScan 2015 about Apple Security failing to patch vulnerabilities over and over again, because they have apparently no QA at all on security patches.
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
Communication protocols are core to computing devices. They have evolved from the traditional Serial and LAN ports to complex (and lightweight) protocols of today, such as Bluetooth Low Energy (BLE), ANT+, ZigBee, etc.
Bluetooth Low Energy (BLE) is a popular protocol of choice for low energy, low performance computing systems. While versions of the BLE specification prior to 4.2 allowed simple key mechanisms to encrypt the communication between connected nodes, the more recent specification of BLE (4.2) provides better channel encryption via the Secure Simple Pairing (SSP) mode to protect data against snooping and man-in-the-middle style attacks. These protocols are used extensively by wearables such as smart watches and activity trackers.
Most wearables work in conjunction with a companion mobile application running on a platform that supports BLE with the aforementioned security mechanisms. We looked at Android and iOS for our study. We observe that there are fundamental assumptions (leading security limitations) in the adoption of the BLE security specifications on these two platforms. Relying on the standard BLE APIs for Android and iOS may be insufficient and may even project a false sense of security. It is critical to understand the degree of security that the BLE specifications can offer, and clearly separate that from the developers’ responsibility to design application level security in order to assure confidentiality and integrity of data being transmitted between a wearable device and its companion application.
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelStefan Esser
Targeting the iOS Kernel
Although the iPhone user land is locked down very tightly, previous talks about iPhone security have concentrated on user land attacks only. Therefore demonstrated exploit payloads have been very limited in what they can do or cannot do. More complicated work like user land rootkits or the addition of ASLR protection therefore relied entirely on kernel exploitation help from the jailbreaking community.
This presentation will introduce the audience into finding security bugs in iOS kernelspace and how this is different from hunting kernel bugs in Mac OS X. Reverse engineering will be used to extract a lot of information from the kernelcache and then this information is used to enumerate the kernel's attack surface and the corresponding code is located. In addition to that the secrets of activating the iOS internal kernel debugger will be revealed and it will be demonstrated by debugging a previous disclosed iOS kernel exploit.
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen.
What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.
During this talk, we looked at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll demonstrate analysis and techniques using free open source tooling such as Radare and Frida, and for some parts, we’ll use IDA Pro. And since “automation” is the buzzword of the year, we’ll discuss how to automate some of these activities, which typically take up most of the assessment window.
For more information, please visit our website at www.synopsys.com/software
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
Communication protocols are core to computing devices. They have evolved from the traditional Serial and LAN ports to complex (and lightweight) protocols of today, such as Bluetooth Low Energy (BLE), ANT+, ZigBee, etc.
Bluetooth Low Energy (BLE) is a popular protocol of choice for low energy, low performance computing systems. While versions of the BLE specification prior to 4.2 allowed simple key mechanisms to encrypt the communication between connected nodes, the more recent specification of BLE (4.2) provides better channel encryption via the Secure Simple Pairing (SSP) mode to protect data against snooping and man-in-the-middle style attacks. These protocols are used extensively by wearables such as smart watches and activity trackers.
Most wearables work in conjunction with a companion mobile application running on a platform that supports BLE with the aforementioned security mechanisms. We looked at Android and iOS for our study. We observe that there are fundamental assumptions (leading security limitations) in the adoption of the BLE security specifications on these two platforms. Relying on the standard BLE APIs for Android and iOS may be insufficient and may even project a false sense of security. It is critical to understand the degree of security that the BLE specifications can offer, and clearly separate that from the developers’ responsibility to design application level security in order to assure confidentiality and integrity of data being transmitted between a wearable device and its companion application.
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS KernelStefan Esser
Targeting the iOS Kernel
Although the iPhone user land is locked down very tightly, previous talks about iPhone security have concentrated on user land attacks only. Therefore demonstrated exploit payloads have been very limited in what they can do or cannot do. More complicated work like user land rootkits or the addition of ASLR protection therefore relied entirely on kernel exploitation help from the jailbreaking community.
This presentation will introduce the audience into finding security bugs in iOS kernelspace and how this is different from hunting kernel bugs in Mac OS X. Reverse engineering will be used to extract a lot of information from the kernelcache and then this information is used to enumerate the kernel's attack surface and the corresponding code is located. In addition to that the secrets of activating the iOS internal kernel debugger will be revealed and it will be demonstrated by debugging a previous disclosed iOS kernel exploit.
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen.
What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.
During this talk, we looked at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll demonstrate analysis and techniques using free open source tooling such as Radare and Frida, and for some parts, we’ll use IDA Pro. And since “automation” is the buzzword of the year, we’ll discuss how to automate some of these activities, which typically take up most of the assessment window.
For more information, please visit our website at www.synopsys.com/software
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
Indicator of Compromise (IOC) is a piece of information that can be used to search for or identify potentially compromised systems. openioc_scan is an open-source IOC scanner for memory forensics and implemented as a plugin of Volatility Framework. By checking IOCs in RAM images (e.g., code injection sign, used/hooked API functions, unpacked code sequences), we can detect malware faster and deeper than disk-based traditional IOCs. In this presentation, I explain how to define and improve IOCs for openioc_scan, introduce IOC examples including not only IOCs for specific malware but also ones focusing on generic traits of malware. I also show remote malware triage automation combining with F-Response.
iOS Development - Offline Class for JasakomerAndri Yadi
A slide I presented yesterday on Offline Class of Jasakom - one of a biggest hacker community in Indonesia.
This slide is quite similar with my previous slides of the same topic, but with more and updated content.
Android workshop to prepare for 48hacks (http://www.ntuventures.com/events/48hacks/index.html), organized by NTU Venture.
Covers basic Android application programming, and connectivity to Arduino board via Bluetooth.
Ionic is a great tool for building hybrid mobile apps and AngularJS is a great JavaScript framework that plays very nicely with Ionic. In this talk we'll go over the basics of getting started with AngularJS+Ionic. We'll look at some real code from each of the 2 libraries and see what all is involved in building a hybrid mobile application. We will finish our journey with a real-life Ionic app presentation powered by RESTFul services.
Target Audience: People that want to see where to start with AngularJS and how it fits into Ionic. This talk assumes no prior knowledge with either library. If you've built a PhoneGap mobile app but felt lost when adding MVC-style structure or Bootstrap-esque UI components, this is the talk for you.
Assumed Knowledge: Attendees should be comfortable with "modern JavaScript". A basic understanding of classes and objects and variable scopes will be helpful. Some basic prior exposure to PhoneGap/Cordova and a UI-framework such as Bootstrap will also be helpful.
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls.
BIO
Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.
This presentation will provide a high level overview of the current role that desktop applications play in enterprise environments, and the general risks associated with different deployment models. It will also cover common methodologies, techniques, and tools used to identify vulnerabilities in typical desktop application implementations. Although there will be some technical content. The discussion should be interesting and accessible to both operational and management levels.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Knowledge engineering: from people to machines and back
Mobile Security Assessment: 101
1. Intro to Mobile Security Assessment:
Tools and Techniques
Copyright 2012 WireHarbor Security, Inc.
2. Who am I?
• Founder/President - WireHarbor Security, Inc.
• Previously:
Led Global Application Security for F500 Insurance co.
• Focus on:
Application Security, Mobile Security, Source Code Review
• Partnerships:
4. Objectives - Security Assessment
• Determine the correct path to Exploitation.
• Many Attacks, Weaknesses and Impacts.
5. RULE #1: Mobile Security
Perform sensitive/confidential/dangerous operations OFF-DEVICE...
...also, we still can’t trust user input.
6. Mobile Assessment: Key Difference
• User-access to runtime environment
DEVS: **New perspective allows us to see everything you are doing**
VS...
7. Jailbreak vs. Rooting
• Jailbreak (iOS) - Users can break out of sandbox, but are still
limited by the Apple kernel. (Your iPhone is still an iPhone)
• Rooting (Android) - Implement a new kernel, turn your phone
into ???
I
9. Security Controls
• Reduced Attack Surface
• Code Signing/App Store Approval Process - iOS
Android is more of a free-for-all
• Sandboxing
• NX Memory
• ASLR/PIE (compiler flag)
Rarely used in 3rd
party applications
• Certificate Verification
• Device Encryption
20. Techniques: XSS Injection
• XSS is in there too...
Be careful with WebKit. (UIWebView object)
“Of the 197 vulnerabilities, 142 are related to WebKit...”, ZDNet review of iOS
6
NSString *js = [[NSString alloc] initWithFormat:@”var v=”%@”;”, user];
[mywebView stringByEvauatingJavaScriptFromString:js];
22. Techniques: Event Handler Abuse
• Apps can register their own handlers via plist files.
o openURL:[NSURL URLWithString:@"myapp://?foo=urb&blerg=gah"];
26. Advanced Techniques: Objective-C (iOS) Primer
• Abstraction of Standard C
Based on Smalltalk
Designed to be “Object-oriented easy.”
The good old days:
Buffer Overflows, Format Strings, etc... RETURN!!!
27. Advanced Techniques: iOS Binary Inspection
• Object File display tool - otool (Xcode)
Display file headers (Mach-O and Universal)
Display Crypt segment info
Dump machine code
List Shared Libraries
• ARM Processors
RISC instruction set
Little-endian representation
28. Advanced Techniques: iOS Binary Inspection
• Universal Binaries
Contain multiple versions
o otool –f <file>
May be encrypted
o otool –l <file> | grep LC_ENCRYPTION_INFO
–B1 –A4
32. IDA Pro: What to look for?
• Using the Apple DEV reference
File Writes
Network Connections
Keychain Access
UI Form Fields
33. Advanced Techniques: iOS Runtime Manipulation
• Cycript - Javascript/Obj-C Interpreter
Hook active apps via Mobile Substrate
Interact with binaries in runtime using JS
http://www.cycript.org/
http://iphonedevwiki.net/index.php/Cycript_Tricks
37. • What can we do with this?
Application Tracing/Logging (filesystem, network, etc...)
Turn off Jailbreak detection
Fake GPS data... (think: location-aware security)
The possibilities get scarier as trust grows...
Advanced Techniques: iOS Runtime Manipulation
