Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Prem Kumar is a senior security consultant who specializes in web, mobile, and network penetration testing. He has previously presented at security conferences and found vulnerabilities in applications from companies like Facebook, Apple, and Yahoo. The agenda for his talk covers topics like iOS architecture, application structures, types of iOS applications and distribution methods, iOS penetration testing techniques, jailbreaking, and setting up an iOS testing platform. He will demonstrate runtime analysis and penetration testing on real iOS applications.
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
I Want More Ninja – iOS Security TestingJason Haddix
The document provides instructions for setting up an iOS application testing lab, including recommended hardware, software, and tools for both MacBooks and PCs. It discusses jailbreaking iOS devices to gain root access, installing useful packages and utilities, and exploring application directories and data stores to find vulnerabilities like insecure data storage or client-side injection issues.
This document discusses hacking and securing iOS applications. It begins by covering iOS security concepts and loopholes, then discusses how those loopholes can affect apps and allow easy theft of app data. The remainder of the document provides guidance on how to protect apps by securing local storage locations, runtime analysis, and transport security. Key recommendations include encrypting sensitive data, using data protection APIs, restricting access to private data, and properly validating SSL certificates.
The document discusses jailbreaking iOS devices. It explains that jailbreaking removes security restrictions to allow installation of unauthorized third-party apps. It describes various jailbreaking tools and techniques, including exploiting vulnerabilities in the bootrom, iBoot, and kernel to bypass signature checks and install Cydia for managing third-party apps. Specific jailbreaking methods covered include the web-based Star jailbreak and the PC-based greenpois0n jailbreak.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
The document discusses developing secure iOS applications. It covers common security issues like binary and runtime security, transport layer security, and data security. It provides principles for secure design like not trusting the client/runtime and not storing sensitive data on devices. It also describes techniques to address specific issues like debug checks, jailbreak detection, and preventing unintended data leakage.
iOS is derived from Mac OS X and is used in iPhone, iPad, and iPod devices. Applications can be browser-based, native, or hybrid. iOS apps are programmed using Objective-C and the CocoaTouch framework in Xcode. Apps are tested on simulators and actual devices. iOS provides security through mechanisms like secure boot chain, application isolation, data encryption using hardware crypto and keys, keychain, file encryption, and network security using SSL, TLS, VPN, and WiFi protection. Mobile apps also need penetration testing. Tools like jailbreaking, iTunes, Wireshark, Burp Suite, iExplorer, and SQLite Browser can be used to analyze data in transit and storage for security evaluations.
Prem Kumar is a senior security consultant who specializes in web, mobile, and network penetration testing. He has previously presented at security conferences and found vulnerabilities in applications from companies like Facebook, Apple, and Yahoo. The agenda for his talk covers topics like iOS architecture, application structures, types of iOS applications and distribution methods, iOS penetration testing techniques, jailbreaking, and setting up an iOS testing platform. He will demonstrate runtime analysis and penetration testing on real iOS applications.
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
I Want More Ninja – iOS Security TestingJason Haddix
The document provides instructions for setting up an iOS application testing lab, including recommended hardware, software, and tools for both MacBooks and PCs. It discusses jailbreaking iOS devices to gain root access, installing useful packages and utilities, and exploring application directories and data stores to find vulnerabilities like insecure data storage or client-side injection issues.
This document discusses hacking and securing iOS applications. It begins by covering iOS security concepts and loopholes, then discusses how those loopholes can affect apps and allow easy theft of app data. The remainder of the document provides guidance on how to protect apps by securing local storage locations, runtime analysis, and transport security. Key recommendations include encrypting sensitive data, using data protection APIs, restricting access to private data, and properly validating SSL certificates.
The document discusses jailbreaking iOS devices. It explains that jailbreaking removes security restrictions to allow installation of unauthorized third-party apps. It describes various jailbreaking tools and techniques, including exploiting vulnerabilities in the bootrom, iBoot, and kernel to bypass signature checks and install Cydia for managing third-party apps. Specific jailbreaking methods covered include the web-based Star jailbreak and the PC-based greenpois0n jailbreak.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
The document discusses developing secure iOS applications. It covers common security issues like binary and runtime security, transport layer security, and data security. It provides principles for secure design like not trusting the client/runtime and not storing sensitive data on devices. It also describes techniques to address specific issues like debug checks, jailbreak detection, and preventing unintended data leakage.
iOS is derived from Mac OS X and is used in iPhone, iPad, and iPod devices. Applications can be browser-based, native, or hybrid. iOS apps are programmed using Objective-C and the CocoaTouch framework in Xcode. Apps are tested on simulators and actual devices. iOS provides security through mechanisms like secure boot chain, application isolation, data encryption using hardware crypto and keys, keychain, file encryption, and network security using SSL, TLS, VPN, and WiFi protection. Mobile apps also need penetration testing. Tools like jailbreaking, iTunes, Wireshark, Burp Suite, iExplorer, and SQLite Browser can be used to analyze data in transit and storage for security evaluations.
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
This document provides an introduction to iOS application penetration testing. It discusses setting up an iOS penetration testing environment, including jailbreaking a test device and installing necessary software tools. It also provides an overview of iOS and Objective-C, covering key security features of iOS like sandboxing, ASLR, code signing, and data encryption. Topics to be covered include assessing data security, binary analysis, runtime manipulation, and evaluating authentication, session management, and transport security.
This document provides an overview and outline for a presentation on advanced iOS hacking and forensic techniques. It introduces the presenters Ömer Coşkun and Mark de Groot and their backgrounds in security. The motivation for the talk is discussed, including analyzing iOS security mechanisms, automating mobile penetration tests, and the increasing focus on mobile device surveillance and security as applications handle more sensitive data. An overview of the iOS security architecture is provided, along with details on application sandboxing, file system encryption, and application reverse engineering techniques. The document outlines topics on iOS application static and dynamic analysis, hunting for private keys, penetration testing iOS apps, intercepting application communications, using Burp Suite to automate testing, and developing iOS rootkits.
This document discusses iOS application penetration testing from the perspective of a penetration tester. It begins with an overview of iOS applications and the iOS monoculture, covering code signing, sandboxing, and encryption. It then discusses various techniques a penetration tester may use, including checking compile options, exploiting URL schemes, analyzing insecure data storage in databases, property lists, keyboard caches, image caches, and error logs. It also covers runtime analysis using tools like Clutch, Class-Dump-Z, and Cycript to decrypt binaries, dump classes, and interact with running apps. Examples are provided of potential attacks against apps that involve bypassing locks, extracting hardcoded keys, or injecting malicious code. Defense techniques are also briefly explained.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
The document discusses penetration testing of iOS applications. It provides an overview of the key aspects of testing including:
- Setting up the testing environment with tools like Xcode, Instruments, Burp Suite, and SQLite Manager.
- Performing whitebox testing through source code analysis, identifying HTTP/WS calls, file system interactions, and manual code review.
- Proxying the iOS simulator to intercept and analyze network traffic.
- Exploring various data storage mechanisms like plists, SQLite databases, and the keychain for sensitive data.
This document provides a crash course on runtime hacking of iOS applications. It discusses setting up the necessary environment, mapping out an application by decrypting and dumping binaries to obtain class information. It then demonstrates how to retrieve sensitive variables like credentials by directly accessing them at runtime using Cycript. Finally, it shows how functions can be manipulated to bypass security checks or modify application behavior persistently through injection.
iOS Application Penetration Testing for BeginnersRyanISI
This document provides an overview of iOS application penetration testing for beginners. It covers setting up a pen testing environment, understanding the iOS filesystem and Objective-C runtime, techniques for runtime analysis and manipulation, insecure data storage, side channel data leakage, analyzing URL schemes and network traffic, and secure coding guidelines. The agenda includes jailbreaking a device, installing useful tools like Cycript and class-dump, understanding the application sandbox and filesystem structure, runtime concepts in Objective-C, manipulating running applications using Cycript, insecure storage techniques like plist and NSUserDefaults, side channels like logs, snapshots and pasteboard, URL schemes, and analyzing network traffic using a proxy like Burp.
Pentesting iOS Apps - Runtime Analysis and ManipulationAndreas Kurtz
Apple iOS Apps are primarily developed in Objective-C, an object-oriented extension and strict superset of the C programming language. Objective-C supports the concepts of reflection, also known as introspection. This describes the ability to examine and modify the structure and behavior (specifically the values, meta-data, properties and functions) of an object at runtime.
This talk discusses the background, techniques, problems and solutions to Objective-C runtime analysis and manipulation. It will be discussed how running applications can be extended with additional debugging and runtime tracing capabilities, and how this can be used to modify instance variables and to execute or replace arbitrary object methods of an App.
Moreover, a new framework to assist dynamic analysis and security assessments of iOS Apps will be introduced and demonstrated.
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
The document provides an introduction to iOS application penetration testing. It discusses setting up a testing environment including jailbreaking a device and installing tools. It covers assessing data security issues like insecurely stored data and background snapshots. Topics to be covered include binary analysis, runtime manipulation, transport security, and other testing like authentication and sessions.
This document provides an agenda for a training on iOS application penetration testing. It covers topics such as setting up an iOS pen testing environment, understanding the iOS filesystem and Objective-C runtime, runtime analysis and manipulation, insecure data storage, analyzing network traffic, jailbreak detection, secure coding guidelines, and automated testing. Tools discussed include class-dump-z, cycript, clutch, and gdb for analyzing iOS applications.
This document provides an overview of pentesting iOS apps. It discusses setting up an environment for analysis, including installing tools. It then covers static analysis techniques like inspecting app binaries and local data storage. Dynamic analysis techniques are also covered, like monitoring API calls, the filesystem, and network traffic. The document provides tips on bypassing protections like certificate pinning and resources for further learning.
This document provides an overview of iOS jailbreaking. It explains that jailbreaking removes limitations imposed by Apple to allow root access and installation of unauthorized apps. Reasons for jailbreaking include customization, adding features, and making development easier. The document discusses the jailbreaking process, which involves exploiting checkpoints in the device startup process. It also covers jailbreak tools, repositories for unauthorized apps like Cydia, common jailbreak terms, and legal issues.
This document discusses tools and frameworks for developing iPhone and iPod touch applications. It introduces the iPhone/iPod touch hardware features and describes different types of applications that can be created, including native, web, external platform, and jailbroken apps. It also outlines the steps to set up development environments on Windows and Mac systems. Finally, it provides examples of using the iUI framework to build simple web apps with iPhone interfaces.
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.
In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.
Yow connected developing secure i os applicationsmgianarakis
This document provides an overview of how to design secure iOS applications. It discusses the iOS application attack surface and common security issues, including binary and runtime security issues. It outlines secure iOS application design principles such as not trusting the client/runtime environment and not storing sensitive data on devices. It then discusses specific techniques for implementing binary and runtime security, such as adding anti-debugging controls, jailbreak detection, and address space validation. It also covers securing memory and the importance of transport layer security.
The document discusses security best practices for mobile development. It covers fundamental security principles like vulnerabilities, threats, consequences, and mitigations. It also summarizes key similarities and differences between iOS and Android security models. Both platforms use device management, encryption, application signing and sandboxing. However, iOS has a more locked down approach while Android permissions allow more flexibility but with security tradeoffs. The document advocates defense-in-depth strategies like encryption, jailbreak/root detection, and hiding sensitive data from device snapshots.
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
This document discusses securing mobile applications. It begins with an overview of threats to mobile platforms and how they have created opportunities for hackers. It then discusses understanding the risks with a mobile threat model showing different attack vectors. The key threats identified are insecure data storage, insufficient transport layer security, and client side injection. It provides examples of these threats and how they are commonly exploited. Finally, it discusses defending mobile applications with design principles and approaches like assuming the client is compromised, connecting to untrusted networks, and an untrusted operating system. It emphasizes the basics of secure development, testing, and ongoing monitoring and review.
This document discusses security and privacy considerations for iOS application development. It describes how jailbreaking an iOS device removes restrictions like sandboxing and allows access to the entire filesystem. It also explains how private APIs, encrypted binaries, and app review processes can be bypassed to extract information from iOS apps and modify their behavior. While modification is difficult, metadata can be easily extracted from iOS and Android apps. The document encourages developers to understand platform internals and take a reasonable approach to security rather than a paranoid one.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
PCI-DSS y PA-DSS son estándares de seguridad para la industria de pagos que buscan proteger los datos de tarjetas. OWASP puede ayudar al cumplimiento de estos estándares a través de guías, herramientas y recursos para el desarrollo seguro de aplicaciones, pruebas de vulnerabilidades, y formación en seguridad. Aunque OWASP no garantiza el cumplimiento total, facilita el proceso al mejorar la calidad del software y los conocimientos sobre seguridad.
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
ShinoBOT is a penetration testing tool that simulates a remote access tool (RAT) to measure an organization's defenses against advanced persistent threats. It connects to the ShinoC2 command and control server every 10 seconds to receive and execute jobs. ShinoC2 allows penetration testers to create jobs that are then assigned to compromised systems running ShinoBOT. The tools aim to help security teams understand what would happen if a real APT successfully installed a RAT on their network by testing incident response and log monitoring capabilities. Upcoming features for ShinoBOT include taking webcam snapshots, encrypting its communications and hiding using a kernel driver to simulate more advanced adversary techniques.
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
This document provides an introduction to iOS application penetration testing. It discusses setting up an iOS penetration testing environment, including jailbreaking a test device and installing necessary software tools. It also provides an overview of iOS and Objective-C, covering key security features of iOS like sandboxing, ASLR, code signing, and data encryption. Topics to be covered include assessing data security, binary analysis, runtime manipulation, and evaluating authentication, session management, and transport security.
This document provides an overview and outline for a presentation on advanced iOS hacking and forensic techniques. It introduces the presenters Ömer Coşkun and Mark de Groot and their backgrounds in security. The motivation for the talk is discussed, including analyzing iOS security mechanisms, automating mobile penetration tests, and the increasing focus on mobile device surveillance and security as applications handle more sensitive data. An overview of the iOS security architecture is provided, along with details on application sandboxing, file system encryption, and application reverse engineering techniques. The document outlines topics on iOS application static and dynamic analysis, hunting for private keys, penetration testing iOS apps, intercepting application communications, using Burp Suite to automate testing, and developing iOS rootkits.
This document discusses iOS application penetration testing from the perspective of a penetration tester. It begins with an overview of iOS applications and the iOS monoculture, covering code signing, sandboxing, and encryption. It then discusses various techniques a penetration tester may use, including checking compile options, exploiting URL schemes, analyzing insecure data storage in databases, property lists, keyboard caches, image caches, and error logs. It also covers runtime analysis using tools like Clutch, Class-Dump-Z, and Cycript to decrypt binaries, dump classes, and interact with running apps. Examples are provided of potential attacks against apps that involve bypassing locks, extracting hardcoded keys, or injecting malicious code. Defense techniques are also briefly explained.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
The document discusses penetration testing of iOS applications. It provides an overview of the key aspects of testing including:
- Setting up the testing environment with tools like Xcode, Instruments, Burp Suite, and SQLite Manager.
- Performing whitebox testing through source code analysis, identifying HTTP/WS calls, file system interactions, and manual code review.
- Proxying the iOS simulator to intercept and analyze network traffic.
- Exploring various data storage mechanisms like plists, SQLite databases, and the keychain for sensitive data.
This document provides a crash course on runtime hacking of iOS applications. It discusses setting up the necessary environment, mapping out an application by decrypting and dumping binaries to obtain class information. It then demonstrates how to retrieve sensitive variables like credentials by directly accessing them at runtime using Cycript. Finally, it shows how functions can be manipulated to bypass security checks or modify application behavior persistently through injection.
iOS Application Penetration Testing for BeginnersRyanISI
This document provides an overview of iOS application penetration testing for beginners. It covers setting up a pen testing environment, understanding the iOS filesystem and Objective-C runtime, techniques for runtime analysis and manipulation, insecure data storage, side channel data leakage, analyzing URL schemes and network traffic, and secure coding guidelines. The agenda includes jailbreaking a device, installing useful tools like Cycript and class-dump, understanding the application sandbox and filesystem structure, runtime concepts in Objective-C, manipulating running applications using Cycript, insecure storage techniques like plist and NSUserDefaults, side channels like logs, snapshots and pasteboard, URL schemes, and analyzing network traffic using a proxy like Burp.
Pentesting iOS Apps - Runtime Analysis and ManipulationAndreas Kurtz
Apple iOS Apps are primarily developed in Objective-C, an object-oriented extension and strict superset of the C programming language. Objective-C supports the concepts of reflection, also known as introspection. This describes the ability to examine and modify the structure and behavior (specifically the values, meta-data, properties and functions) of an object at runtime.
This talk discusses the background, techniques, problems and solutions to Objective-C runtime analysis and manipulation. It will be discussed how running applications can be extended with additional debugging and runtime tracing capabilities, and how this can be used to modify instance variables and to execute or replace arbitrary object methods of an App.
Moreover, a new framework to assist dynamic analysis and security assessments of iOS Apps will be introduced and demonstrated.
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
The document provides an introduction to iOS application penetration testing. It discusses setting up a testing environment including jailbreaking a device and installing tools. It covers assessing data security issues like insecurely stored data and background snapshots. Topics to be covered include binary analysis, runtime manipulation, transport security, and other testing like authentication and sessions.
This document provides an agenda for a training on iOS application penetration testing. It covers topics such as setting up an iOS pen testing environment, understanding the iOS filesystem and Objective-C runtime, runtime analysis and manipulation, insecure data storage, analyzing network traffic, jailbreak detection, secure coding guidelines, and automated testing. Tools discussed include class-dump-z, cycript, clutch, and gdb for analyzing iOS applications.
This document provides an overview of pentesting iOS apps. It discusses setting up an environment for analysis, including installing tools. It then covers static analysis techniques like inspecting app binaries and local data storage. Dynamic analysis techniques are also covered, like monitoring API calls, the filesystem, and network traffic. The document provides tips on bypassing protections like certificate pinning and resources for further learning.
This document provides an overview of iOS jailbreaking. It explains that jailbreaking removes limitations imposed by Apple to allow root access and installation of unauthorized apps. Reasons for jailbreaking include customization, adding features, and making development easier. The document discusses the jailbreaking process, which involves exploiting checkpoints in the device startup process. It also covers jailbreak tools, repositories for unauthorized apps like Cydia, common jailbreak terms, and legal issues.
This document discusses tools and frameworks for developing iPhone and iPod touch applications. It introduces the iPhone/iPod touch hardware features and describes different types of applications that can be created, including native, web, external platform, and jailbroken apps. It also outlines the steps to set up development environments on Windows and Mac systems. Finally, it provides examples of using the iUI framework to build simple web apps with iPhone interfaces.
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.
In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.
Yow connected developing secure i os applicationsmgianarakis
This document provides an overview of how to design secure iOS applications. It discusses the iOS application attack surface and common security issues, including binary and runtime security issues. It outlines secure iOS application design principles such as not trusting the client/runtime environment and not storing sensitive data on devices. It then discusses specific techniques for implementing binary and runtime security, such as adding anti-debugging controls, jailbreak detection, and address space validation. It also covers securing memory and the importance of transport layer security.
The document discusses security best practices for mobile development. It covers fundamental security principles like vulnerabilities, threats, consequences, and mitigations. It also summarizes key similarities and differences between iOS and Android security models. Both platforms use device management, encryption, application signing and sandboxing. However, iOS has a more locked down approach while Android permissions allow more flexibility but with security tradeoffs. The document advocates defense-in-depth strategies like encryption, jailbreak/root detection, and hiding sensitive data from device snapshots.
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
This document discusses securing mobile applications. It begins with an overview of threats to mobile platforms and how they have created opportunities for hackers. It then discusses understanding the risks with a mobile threat model showing different attack vectors. The key threats identified are insecure data storage, insufficient transport layer security, and client side injection. It provides examples of these threats and how they are commonly exploited. Finally, it discusses defending mobile applications with design principles and approaches like assuming the client is compromised, connecting to untrusted networks, and an untrusted operating system. It emphasizes the basics of secure development, testing, and ongoing monitoring and review.
This document discusses security and privacy considerations for iOS application development. It describes how jailbreaking an iOS device removes restrictions like sandboxing and allows access to the entire filesystem. It also explains how private APIs, encrypted binaries, and app review processes can be bypassed to extract information from iOS apps and modify their behavior. While modification is difficult, metadata can be easily extracted from iOS and Android apps. The document encourages developers to understand platform internals and take a reasonable approach to security rather than a paranoid one.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
PCI-DSS y PA-DSS son estándares de seguridad para la industria de pagos que buscan proteger los datos de tarjetas. OWASP puede ayudar al cumplimiento de estos estándares a través de guías, herramientas y recursos para el desarrollo seguro de aplicaciones, pruebas de vulnerabilidades, y formación en seguridad. Aunque OWASP no garantiza el cumplimiento total, facilita el proceso al mejorar la calidad del software y los conocimientos sobre seguridad.
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
ShinoBOT is a penetration testing tool that simulates a remote access tool (RAT) to measure an organization's defenses against advanced persistent threats. It connects to the ShinoC2 command and control server every 10 seconds to receive and execute jobs. ShinoC2 allows penetration testers to create jobs that are then assigned to compromised systems running ShinoBOT. The tools aim to help security teams understand what would happen if a real APT successfully installed a RAT on their network by testing incident response and log monitoring capabilities. Upcoming features for ShinoBOT include taking webcam snapshots, encrypting its communications and hiding using a kernel driver to simulate more advanced adversary techniques.
Oracle provides lifetime support for its application development tools and Oracle Application Grid products. Support begins with a standard 5 years of Premier Support, followed by an optional 3 years of Extended Support, and then indefinite Sustaining Support as long as the products are licensed. Some key products covered include JDeveloper, Oracle Coherence, Oracle WebLogic Server, Oracle GlassFish Server, and Oracle Containers for J2EE.
Marco Grassi gives a presentation on reverse engineering, penetration testing, and hardening Android apps. The presentation covers techniques for reverse engineering APKs, dealing with obfuscation, tamper detection, securing network communications, attacks on IPC, and more advanced topics like runtime manipulation. Real-world examples are provided to demonstrate vulnerabilities found in apps and how they can be exploited.
iPhone forensics involves bypassing an iPhone's passcode restrictions, reading its encrypted file system, and recovering deleted files. This is done by creating a forensic toolkit on the device without damaging evidence, establishing communication between the device and computer, and patching the iPhone's chain of trust from the BootRom to kernel. References provide more information on the iPhone's data protection and tools for forensic investigation.
C0c0n 2011 mobile security presentation v1.2Santosh Satam
Mobile phone security has been a hot topic for debate in recent times. The top mobile manufacturers seem to claim that their mobiles and applications are secure, but recent news on mobile hacking and malware suggest otherwise.
One of the key challenges in mobile security is the diverse platforms and multitude of operating systems (both open and proprietary) in the market. This makes it almost impossible to devise a generic catch-all strategy for mobile application security. Every platform whether it is iOS, Android, Blackberry, Windows Mobile, Symbian etc. is unique and requires a specialized treatment.
In this talk, we will demystify mobile and related application security. We will understand the architectures of various mobile operating systems and the native security support provided by the manufacturers and operating system vendors. Then we will look at how hackers have come up with different techniques and tools to break mobile security, and what mobile companies are doing to mitigate these attacks.
Finally, we will look at secure practices for mobile deployment in the Enterprise using policy files and other technology solutions, We will also outline best practices for business users and road warriors, on how to ensure your company data is protected while still continuing to enjoy the flexibility provided by mobile phones.
The document discusses padding oracle attacks, which allow decrypting and encrypting data without the encryption key. Padding oracle attacks exploit vulnerabilities in cryptosystems that use padding and are vulnerable if the application provides different error responses for valid and invalid ciphertexts. The attack works by making queries to the "oracle" to determine if padding is valid or not and using this information to gradually decrypt ciphertext blocks to obtain the plaintext. The document provides examples of padding oracle attacks on .NET applications and recommends implementing integrity checks to prevent such attacks.
The document discusses web application security. It covers background topics like HTTP and HTTPS. It then discusses gathering information about the application, platform, and domain. Manual testing is covered, including vulnerabilities like XSS, SQL injection, and CSRF. The use of tools like scanners is also mentioned. Remediation and documentation are also briefly discussed.
بحث يناقش القراصنة أو الهاكرز من حيث التعريف والتاريخ والنشأة والأقسام . ثم يعرض ابرز المخترقين الأفراد على مر التاريخ وأبرز الهاكرز المجموعات أيضاً . عرض بوربوينت عن الهكر والإختراق ونشأته
The document provides information about reverse engineering iOS apps. It discusses analyzing apps both externally using traffic sniffing and SSL proxying tools like Charles, and internally by disassembling, decompiling, and debugging the app binary and resource files. The internal analysis involves using tools like otool, class-dump, Hopper, and IDA to disassemble and decompile the binary and analyze the Mach-O structure, Objective-C metadata, and control flow. It also discusses analyzing techniques like decrypting encrypted binaries and models, extracting image and interface files, and working with the app at runtime using Cycript. The document notes additional protection techniques apps may use like SSL pinning, method obfuscation, string obfuscation, and
This document summarizes a presentation about penetration testing with Metasploit. It introduces penetration testing and why organizations use it. It then discusses the basics of Metasploit, including interfaces like MSFconsole. Key concepts in Metasploit like exploits, payloads, and Meterpreter are explained. The presentation demonstrates Metasploit against different operating systems like Windows XP, Windows 7, and Ubuntu. It shows how to find and use appropriate exploits and payloads to gain remote access and post-exploitation activities.
Web application attacks can take many forms, including cross-site scripting (XSS), SQL injection, parameter tampering, command injection, session management issues, cookie poisoning, directory traversal, cross-site request forgery, and buffer overflows. XSS is a vulnerability that allows malicious JavaScript code to be injected and run in a user's browser, potentially accessing data. SQL injection involves inserting SQL commands into a database query to gain unauthorized access. Parameter tampering modifies URL parameters to change expected behavior.
Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles
This document discusses security testing of Windows Phone 8 applications. It provides an overview of the Windows Phone 8 platform and architecture, including the use of the NT kernel and sandboxing of applications. Methods for testing applications are covered, including dynamic analysis using a proxy to view network traffic and static analysis by decompiling application files. Vulnerabilities that may be tested for are also outlined, such as lack of encryption or validation of certificates. The document concludes that while application testing depends on access to application files, server and client side testing is similar to other mobile platforms.
The document provides an overview of evaluating iOS applications from a security perspective. It discusses analyzing iOS apps through blackbox testing, examining how data is stored and protected, investigating the use of protocol handlers and UIWebViews that could lead to vulnerabilities, and reviewing other important aspects like transport security, keychain usage, and injection attacks. The goal is to help penetration testers understand how to evaluate apps and identify potential security issues.
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
This document discusses mobile code mining for discovery and exploits. It introduces the speaker, Hemil Shah, and provides an overview of mobile infrastructure, apps, and changes in the mobile environment compared to web. It then discusses several mobile attacks including insecure storage, insecure network communication, UI impersonation, activity monitoring, and system modification. It also covers decompiling Android apps and analyzing app code for security issues.
This document discusses threat modeling and guidelines for securing mobile applications. It covers conducting threat modeling as a pencil-and-paper exercise to identify security risks and prioritize mitigations. Guidelines are provided for both native mobile apps and mobile web apps, including storing sensitive data securely, authenticating to mobile services, securing communications, and preventing information leakage. Platform-specific guidelines are also outlined for iOS and Android.