SlideShare a Scribd company logo

NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

Manage Mobile Security Incidents like A Boss

Technology
1 of 29
Download to read offline
@NTXISSA #NTXISSACSC3 Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015
@NTXISSA #NTXISSACSC3 Legal Notice From My Lawyer The opinions expressed in this presentation represent my own and not my employers. 2
@NTXISSA #NTXISSACSC3 Bio •Sr. Vulnerability Manager at Kimberly Clark. •Built and manages KCC's first vulnerability management program. •Previously I worked at Yahoo! where I built and led global e- Crime investigations and incident response teams. I received Yahoo! Hackovation and Yahoo! Excellence awards for his innovative work in successful operations against fake customer care centers. •Adjunct faculty at the Texas A&M University and teach computer science courses. •Completed Master of Science in Computer science and hold degrees in Mathematics and Electronics engineer. Currently working towards MBA at UT Dallas. 3
@NTXISSA #NTXISSACSC3 Agenda •Mobile Industry In Numbers •Mobile Security In Numbers •Mobile Security vs PC Security •Mobile Vulnerability Triage •Android •iOS •Conclusion 4
@NTXISSA #NTXISSACSC3 Mobile Industry In Numbers • Google store has 1.6 million applications, and Apple store has 1.5 million applications. • There are 102 billions mobile app download worldwide and 9 billions of them are paid apps. • This generated 26 billions U.S. dollars.. NTX ISSA Cyber Security Conference – October 2-3, 2015 5
@NTXISSA #NTXISSACSC3 Security Problems •Companies try to have mobile presence desperately and ask their IT departments or hire third parties to create mobile applications for their products, services and web sites. • Companies would like to get their apps out as soon as possible like they wanted to have their websites without checking their security in 90s. 6
@NTXISSA #NTXISSACSC3 Mobile Security in Numbers •# of software aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185% in less than a year. 7 0 50 100 150 200 250 300 2007 2008 2009 2010 2011 2012 2013 2014 2015 IOS Vulnerabilities 0 5 10 15 20 25 30 35 40 2009 2010 2011 2012 2013 2014 2015 Android Vulnerabilities
@NTXISSA #NTXISSACSC3 Mobile vs Traditional OS Vulnerability Type 8 0 50 100 150 200 250 300 350 400 iOS Vulnerabilities By Type 0 50 100 150 200 250 Windows 7 Vulnerabilities By Type
@NTXISSA #NTXISSACSC3 9
@NTXISSA #NTXISSACSC3 The Challenges For Incident Responders •Vulnerability X works only in Android version Y and hardware is Samsung Model Z •This could mean security teams needs to buy all those hardware. •Another issue is lack of mobile security knowledge. Often security teams try to handle mobile security incidents as traditional web security incidents. •These cause longer hours of work and potentially don’t help company to fix the issue. 10
@NTXISSA #NTXISSACSC3 Mobile vs PC Security 11 Mobile PC DFIR Lots of thing to figure out Not capable tools Well Established Vulnerability Management Harder. Old vulnerabilities require new testing mechanism. Management of devices  Distributed  No custom image Good tools for testing vulnerabilities. Good patch management tools, process, methodologies Network Intrusion Harder LTE 4G 3G Established e-Crime Apps store lots of sensitive info including birth date, banking credentials etc… CC is also stored Similar to mobile Physical Security Easy to steal Established
@NTXISSA #NTXISSACSC3 Mobile Vulnerability Triage •Listening traffic •Web vulnerabilities, networking vulnerabilities •SSL Vulnerabilities •SSL Validation •Hostname Mismatch 12
@NTXISSA #NTXISSACSC3 Mobile Vulnerability Triage Android •Potential Solutions 1)Cloud Solutions -Testroid -For pentest of apk files 2)VM -Not flexible -Networking issue to dump traffic (need to use VPN otherwise no bridge mode for some corporate network ) 13
@NTXISSA #NTXISSACSC3 Mobile Vulnerability Triage 3)Android SDK •No need to install image/api/device images •Very flexible •Full emulator which actually runs on real firmware image. Other than hardware vulnerability we can find reproduce any vulnerability in our code 14
@NTXISSA #NTXISSACSC3 Creating Emulator and Virtual Devices • AVD Manager • The AVD Manager provides a graphical user interface in which you can create and manage Android Virtual Devices (AVDs), which are required by the Android Emulator. • You can launch the AVD Manager in one of the following ways: • In Eclipse: select Window > Android Virtual Device Manager, or click the AVD Manager icon in the toolbar. • In Android Studio: select Tools > Android > AVD Manager, or click the AVD Manager icon in the toolbar. • In other IDEs: Navigate to your SDK's tools/ directory and execute android avd. • Emulator The Android SDK includes a mobile device emulator — a virtual mobile device that runs on your computer. The emulator lets you develop and test Android applications without using a physical device. 15
@NTXISSA #NTXISSACSC3 Creating VD 16
@NTXISSA #NTXISSACSC3 VD List 17
@NTXISSA #NTXISSACSC3 Emulator 18
@NTXISSA #NTXISSACSC3 Networking Scheme 19 10.0.2.1 Router/gateway address 10.0.2.2 Special alias to your host loopback interface (i.e., 127.0.0.1 on your development machine) 10.0.2.3 First DNS server 10.0.2.4 / 10.0.2.5 / 10.0.2.6 Optional second, third and fourth DNS server (if any) 10.0.2.15 The emulated device's own network/ethernet interface 127.0.0.1 The emulated device's own loopback interface
@NTXISSA #NTXISSACSC3 Sniffing Traffic • Sniff Traffic 1st way: • $emulator -tcpdump pcapFile.pcap -avd myAvd • Hints: There are other commands related with emulator: http://developer.android.com/tools/devices/emulator.html 2nd way: • $telnet localhost portnumber • $network capture start pcapFile.pcap • $network capture stop • Hints: There are other commands related telnet: • http://developer.android.com/tools/devices/emulator.html 20
@NTXISSA #NTXISSACSC3 Sniffing Traffic iOS Devices • Connect iOS device into your Mac. • Find out iOS device’s UDID: •Open iTunes •Find your device and find serial number •Click it, then you will see your UDID • Go to your terminal and type ifconfig -l • Type rvictl –s UDID to start device • rvictl -s f2f587fcf78ff82dccff88fff7ab6db9e9b0bf94 • Starting device f2f587fcf78ff82dccff88fff7ab6db9e9b0bf94 • [SUCCEEDED] • Type ifconfig –l You will see new interface i.e. rvi0 • Go to wireshark or do tcpdump to dump the traffic • sudo tcpdump –i rvi0 –w dump.dump 21
@NTXISSA #NTXISSACSC3 Validating SSL Vulnerabilities •Download burpsuite and configure like this: •Click proxy tab and then click intercept tab. Make sure intercept is off. •Go to options tab (still under proxy tab). Under proxy listener add your network device (by default it is only listening on localhost) 22
@NTXISSA #NTXISSACSC3 Malicious Certificate • By default burpsuite is act man in the middle for https connections. That means it sends its own cert to your mobile device and have deal with original https site by itself. Look below: • • Iphone-Encrypted with BurpsuiteCA---BurpSuite- EncryptedWithBankingSiteCA---BankingSite • This means your app should recognize this is not a valid cert for the site it originally request i.e. banking site and drop the connection. At a minimum, you should receive a warning from the app, but ideally you see no traffic as well. Many apps will just fail silently or complain of connection issues, which isn't ideal, but not "insecure" per se • If you see any traffic in Burp suite that means your app has a validation problem. 23
@NTXISSA #NTXISSACSC3 Second vulnerability: HostName Mismatch • Is the certificate's hostname verified by your application? •For this you will need to acquire a valid certificate, from a CA that is trusted by your device. Comodo is a good source for a free 90 days certificate. •Install the valid certificate in your BurpProxy and configure it to offer this cert, rather than the default • You can confirm step two is working, by going in to your native browser on the device and trying to go to a HTTPS site. You should receive a certificate hostname warning and when you view the certificate details, you should see that the cert you received is the one you installed in BurpSuite, not the one issued by the PortSwigger CA. 24
@NTXISSA #NTXISSACSC3 Mobile Device Configuration 25
@NTXISSA #NTXISSACSC3 Burp Suite Configuration 26
@NTXISSA #NTXISSACSC3 Conclusion •Mobile industry is a fast growing 26 billion dollars industry. •Companies are rushing their mobile solutions without proper security reviews •This makes mobile apps attractive to hackers •Most of the time incident responders don’t have good process around triaging the vulnerabilities and know the difference between PC and Mobile vulnerabilities •By using free tools an incident responder can triage mobile vulnerabilities •We need to think creative! 27
@NTXISSA #NTXISSACSC3 Questions • ismail@realinfosec.com • Linkedin: linkedin.com/in/guneydas • Twitter:realinfosec 28
@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – October 2-3, 2015 29 Thank you

Recommended

Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
Subho Halder
 
SmartTV Security
SmartTV SecuritySmartTV Security
SmartTV Security
Ulisses Albuquerque
 
Better Do What They Told Ya
Better Do What They Told YaBetter Do What They Told Ya
Better Do What They Told Ya
urma
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
Mobile security
Mobile securityMobile security
Mobile security
Stefaan
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
Justin Hoang
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
hackstuff
 
Embedded Development - to Fit the Unique Needs of Enterprises Around the Globe
Embedded Development - to Fit the Unique Needs of Enterprises Around the GlobeEmbedded Development - to Fit the Unique Needs of Enterprises Around the Globe
Embedded Development - to Fit the Unique Needs of Enterprises Around the Globe
Tizbi, Inc.
 

Recommended

Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
Subho Halder
 
SmartTV Security
SmartTV SecuritySmartTV Security
SmartTV Security
Ulisses Albuquerque
 
Better Do What They Told Ya
Better Do What They Told YaBetter Do What They Told Ya
Better Do What They Told Ya
urma
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
Mobile security
Mobile securityMobile security
Mobile security
Stefaan
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
Justin Hoang
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
hackstuff
 
Embedded Development - to Fit the Unique Needs of Enterprises Around the Globe
Embedded Development - to Fit the Unique Needs of Enterprises Around the GlobeEmbedded Development - to Fit the Unique Needs of Enterprises Around the Globe
Embedded Development - to Fit the Unique Needs of Enterprises Around the Globe
Tizbi, Inc.
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
Adrian Sanabria
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
Tom Eston
 
End Point Security - K7
End Point Security - K7End Point Security - K7
End Point Security - K7
Prime Infoserv
 
Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015
Dejan Pogačnik
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
Ivanti
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
SyedImranAliKazmi1
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Subho Halder
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 
The Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationThe Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric Authentication
Veridium
 
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
Craig Newell
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & Rewards
Veridium
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
n|u - The Open Security Community
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
Rohit Kapoor
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
Petr Dvorak
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
Tunde Ogunkoya
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
SecuRing
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014Ashlie Steele
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Codemotion Tel Aviv
 

More Related Content

What's hot

Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
Adrian Sanabria
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
Tom Eston
 
End Point Security - K7
End Point Security - K7End Point Security - K7
End Point Security - K7
Prime Infoserv
 
Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015
Dejan Pogačnik
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
Ivanti
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
SyedImranAliKazmi1
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Subho Halder
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 
The Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationThe Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric Authentication
Veridium
 
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
Craig Newell
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & Rewards
Veridium
 

What's hot (13)

Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
End Point Security - K7
End Point Security - K7End Point Security - K7
End Point Security - K7
 
Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
The Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationThe Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric Authentication
 
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
VMworld 2012 - EUC 1823: What Makes a Mobile Workspace Better?
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & Rewards
 

Similar to NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas

The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
n|u - The Open Security Community
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
Rohit Kapoor
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
Petr Dvorak
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
Tunde Ogunkoya
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
SecuRing
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014Ashlie Steele
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Codemotion Tel Aviv
 
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
Felipe Prado
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
Chong-Kuan Chen
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security Challenges
Symantec
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
ShapeBlue
 
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Jason Conger
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
Adrian Sanabria
 
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Priyanka Aash
 
Outsmarting the Smart City
Outsmarting the Smart CityOutsmarting the Smart City
Outsmarting the Smart City
Priyanka Aash
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 

Similar to NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas (20)

The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
 
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security Challenges
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
 
Outsmarting the Smart City
Outsmarting the Smart CityOutsmarting the Smart City
Outsmarting the Smart City
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 

More from North Texas Chapter of the ISSA

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
North Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 

NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas

  • 1. @NTXISSA #NTXISSACSC3 Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015
  • 2. @NTXISSA #NTXISSACSC3 Legal Notice From My Lawyer The opinions expressed in this presentation represent my own and not my employers. 2
  • 3. @NTXISSA #NTXISSACSC3 Bio •Sr. Vulnerability Manager at Kimberly Clark. •Built and manages KCC's first vulnerability management program. •Previously I worked at Yahoo! where I built and led global e- Crime investigations and incident response teams. I received Yahoo! Hackovation and Yahoo! Excellence awards for his innovative work in successful operations against fake customer care centers. •Adjunct faculty at the Texas A&M University and teach computer science courses. •Completed Master of Science in Computer science and hold degrees in Mathematics and Electronics engineer. Currently working towards MBA at UT Dallas. 3
  • 4. @NTXISSA #NTXISSACSC3 Agenda •Mobile Industry In Numbers •Mobile Security In Numbers •Mobile Security vs PC Security •Mobile Vulnerability Triage •Android •iOS •Conclusion 4
  • 5. @NTXISSA #NTXISSACSC3 Mobile Industry In Numbers • Google store has 1.6 million applications, and Apple store has 1.5 million applications. • There are 102 billions mobile app download worldwide and 9 billions of them are paid apps. • This generated 26 billions U.S. dollars.. NTX ISSA Cyber Security Conference – October 2-3, 2015 5
  • 6. @NTXISSA #NTXISSACSC3 Security Problems •Companies try to have mobile presence desperately and ask their IT departments or hire third parties to create mobile applications for their products, services and web sites. • Companies would like to get their apps out as soon as possible like they wanted to have their websites without checking their security in 90s. 6
  • 7. @NTXISSA #NTXISSACSC3 Mobile Security in Numbers •# of software aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185% in less than a year. 7 0 50 100 150 200 250 300 2007 2008 2009 2010 2011 2012 2013 2014 2015 IOS Vulnerabilities 0 5 10 15 20 25 30 35 40 2009 2010 2011 2012 2013 2014 2015 Android Vulnerabilities
  • 8. @NTXISSA #NTXISSACSC3 Mobile vs Traditional OS Vulnerability Type 8 0 50 100 150 200 250 300 350 400 iOS Vulnerabilities By Type 0 50 100 150 200 250 Windows 7 Vulnerabilities By Type
  • 10. @NTXISSA #NTXISSACSC3 The Challenges For Incident Responders •Vulnerability X works only in Android version Y and hardware is Samsung Model Z •This could mean security teams needs to buy all those hardware. •Another issue is lack of mobile security knowledge. Often security teams try to handle mobile security incidents as traditional web security incidents. •These cause longer hours of work and potentially don’t help company to fix the issue. 10
  • 11. @NTXISSA #NTXISSACSC3 Mobile vs PC Security 11 Mobile PC DFIR Lots of thing to figure out Not capable tools Well Established Vulnerability Management Harder. Old vulnerabilities require new testing mechanism. Management of devices  Distributed  No custom image Good tools for testing vulnerabilities. Good patch management tools, process, methodologies Network Intrusion Harder LTE 4G 3G Established e-Crime Apps store lots of sensitive info including birth date, banking credentials etc… CC is also stored Similar to mobile Physical Security Easy to steal Established
  • 12. @NTXISSA #NTXISSACSC3 Mobile Vulnerability Triage •Listening traffic •Web vulnerabilities, networking vulnerabilities •SSL Vulnerabilities •SSL Validation •Hostname Mismatch 12
  • 13. @NTXISSA #NTXISSACSC3 Mobile Vulnerability Triage Android •Potential Solutions 1)Cloud Solutions -Testroid -For pentest of apk files 2)VM -Not flexible -Networking issue to dump traffic (need to use VPN otherwise no bridge mode for some corporate network ) 13
  • 14. @NTXISSA #NTXISSACSC3 Mobile Vulnerability Triage 3)Android SDK •No need to install image/api/device images •Very flexible •Full emulator which actually runs on real firmware image. Other than hardware vulnerability we can find reproduce any vulnerability in our code 14
  • 15. @NTXISSA #NTXISSACSC3 Creating Emulator and Virtual Devices • AVD Manager • The AVD Manager provides a graphical user interface in which you can create and manage Android Virtual Devices (AVDs), which are required by the Android Emulator. • You can launch the AVD Manager in one of the following ways: • In Eclipse: select Window > Android Virtual Device Manager, or click the AVD Manager icon in the toolbar. • In Android Studio: select Tools > Android > AVD Manager, or click the AVD Manager icon in the toolbar. • In other IDEs: Navigate to your SDK's tools/ directory and execute android avd. • Emulator The Android SDK includes a mobile device emulator — a virtual mobile device that runs on your computer. The emulator lets you develop and test Android applications without using a physical device. 15
  • 19. @NTXISSA #NTXISSACSC3 Networking Scheme 19 10.0.2.1 Router/gateway address 10.0.2.2 Special alias to your host loopback interface (i.e., 127.0.0.1 on your development machine) 10.0.2.3 First DNS server 10.0.2.4 / 10.0.2.5 / 10.0.2.6 Optional second, third and fourth DNS server (if any) 10.0.2.15 The emulated device's own network/ethernet interface 127.0.0.1 The emulated device's own loopback interface
  • 20. @NTXISSA #NTXISSACSC3 Sniffing Traffic • Sniff Traffic 1st way: • $emulator -tcpdump pcapFile.pcap -avd myAvd • Hints: There are other commands related with emulator: http://developer.android.com/tools/devices/emulator.html 2nd way: • $telnet localhost portnumber • $network capture start pcapFile.pcap • $network capture stop • Hints: There are other commands related telnet: • http://developer.android.com/tools/devices/emulator.html 20
  • 21. @NTXISSA #NTXISSACSC3 Sniffing Traffic iOS Devices • Connect iOS device into your Mac. • Find out iOS device’s UDID: •Open iTunes •Find your device and find serial number •Click it, then you will see your UDID • Go to your terminal and type ifconfig -l • Type rvictl –s UDID to start device • rvictl -s f2f587fcf78ff82dccff88fff7ab6db9e9b0bf94 • Starting device f2f587fcf78ff82dccff88fff7ab6db9e9b0bf94 • [SUCCEEDED] • Type ifconfig –l You will see new interface i.e. rvi0 • Go to wireshark or do tcpdump to dump the traffic • sudo tcpdump –i rvi0 –w dump.dump 21
  • 22. @NTXISSA #NTXISSACSC3 Validating SSL Vulnerabilities •Download burpsuite and configure like this: •Click proxy tab and then click intercept tab. Make sure intercept is off. •Go to options tab (still under proxy tab). Under proxy listener add your network device (by default it is only listening on localhost) 22
  • 23. @NTXISSA #NTXISSACSC3 Malicious Certificate • By default burpsuite is act man in the middle for https connections. That means it sends its own cert to your mobile device and have deal with original https site by itself. Look below: • • Iphone-Encrypted with BurpsuiteCA---BurpSuite- EncryptedWithBankingSiteCA---BankingSite • This means your app should recognize this is not a valid cert for the site it originally request i.e. banking site and drop the connection. At a minimum, you should receive a warning from the app, but ideally you see no traffic as well. Many apps will just fail silently or complain of connection issues, which isn't ideal, but not "insecure" per se • If you see any traffic in Burp suite that means your app has a validation problem. 23
  • 24. @NTXISSA #NTXISSACSC3 Second vulnerability: HostName Mismatch • Is the certificate's hostname verified by your application? •For this you will need to acquire a valid certificate, from a CA that is trusted by your device. Comodo is a good source for a free 90 days certificate. •Install the valid certificate in your BurpProxy and configure it to offer this cert, rather than the default • You can confirm step two is working, by going in to your native browser on the device and trying to go to a HTTPS site. You should receive a certificate hostname warning and when you view the certificate details, you should see that the cert you received is the one you installed in BurpSuite, not the one issued by the PortSwigger CA. 24
  • 27. @NTXISSA #NTXISSACSC3 Conclusion •Mobile industry is a fast growing 26 billion dollars industry. •Companies are rushing their mobile solutions without proper security reviews •This makes mobile apps attractive to hackers •Most of the time incident responders don’t have good process around triaging the vulnerabilities and know the difference between PC and Mobile vulnerabilities •By using free tools an incident responder can triage mobile vulnerabilities •We need to think creative! 27
  • 28. @NTXISSA #NTXISSACSC3 Questions • ismail@realinfosec.com • Linkedin: linkedin.com/in/guneydas • Twitter:realinfosec 28
  • 29. @NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – October 2-3, 2015 29 Thank you