SydMobNet March 2016: Matthew Robbins - Android M Security Policies

•Download as PPTX, PDF•

1 like•413 views

A great presentation on Android M Security Policies, delivered at the March 2016 meetup of the Sydney Mobile .Net (Xamarin) Developers Group

Mobile

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Hi, I’m Matt ➔Making stuff with Xamarin since ‘13 ➔Like hanging out on big cliffs ➔The mobile guy at ➔Passionate about improving our trades tooling! ◆ Ask me about MFractor later :)$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Background ➔Why is this important? ◆ Post Assange, Post Snowden ◆ Users expect security ◆ Users expect privacy ◆ It’s trendy!$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Security in Android M ➔Implements 3 mechanisms ◆ ‘usesClearTextTraffic’ within manifest ◆ NetworkSecurityPolicy ◆ StrictMode ➔These are only available in API 23 and higher$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com UsesClearTextTraffic ➔Manifest option to flag support of clear text traffic ➔Exposed via NetworkSecurityPolicy ➔What it looks like:$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Network Security Policy ➔Singleton class containing apps traffic policy ➔Does not enforce policy! ◆ Merely exposes it. ➔Expects application components to adhere to it. ◆ But is opt-in!$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com ➔That honour usesClearTextTraffic ◆ DownloadManager ◆ MediaPlayer ◆ SocketHandler ◆ Java.* or Android.* HTTP, FTP, WebSockets, XMPP, IMAP, SMTP network components ◆ Some third party libraries ● OkHttp ● ModernHttpClient ➔That dishonour usesClearTextTraffic: ◆ Android.WebKit.WebView Components$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Honours usesClearTextTraffic$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Dishonours usesClearTextTraffic$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Honours usesClearTextTraffic$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Enforcing Secure Traffic ➔ Check for apps clear text configuration: ➔Use StrictMode!$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com StrictMode ➔ Exposes ability to monitor for clear-text traffic ➔Detect and log: ➔Detect and crash:$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Detecting Insecure Traffic ➔ So, how do they do it? ◆ StrictMode.DetectClearText() registers firewall rule ● Within the apps user-space. ◆ Firewall watches for outgoing TLS packets ◆ Flags non-conforming packets ◆ Notifies app process of violation. ◆ Logs or crashes$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com StrictMode - TLS Header$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com StrictMode Implementation ➔Uses ‘iptables’ to register firewall rules ➔Logs outgoing packets that violate rules. ➔StrictController.cpp:$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com StrictMode - Limitations ➔Only detects TLS wrapped traffic. ➔Unknown behaviour for TCP or UDP connections. ◆ Gut feeling is they will cause a violation ➔Should only be used in debug builds.$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Demo Time$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Implications ➔ For app developers: ◆ Be aware of new security policies. ● Don’t necessarily need to use it. ◆ Be aware of non-cleartext compliant libraries: ● Nugets ● Xamarin Components ● Etc etc etc ◆ If in doubt, turn on StrictMode ➔For component developers: ◆ Play nice and make libraries cleartext compliant:$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Summary ➔Cleartext traffic is under the microscope ◆ Google -> Network Security Policy ◆ Apple -> App Transport Security ➔Be aware of new policies ◆ Android N will only enforce them more ➔Try to comply with the policies ◆ Using compliant libraries like ModernHttpClient ◆ Checking the NetworkSecurityPolicy ➔Be aware 3rd party libraries may not conform$

$@matthewrdev | matthew.ch.robbins@gmail.com | 0431 197 349 | mfractor.com Resources ➔Demo Source Code ➔NetworkSecurityPolicy API Reference ➔Network Security Policy for Android apps$

This document outlines a project to implement SNMP (Simple Network Management Protocol) on the Android platform. The objectives are to monitor system parameters, improve application performance, and enhance quality of service for users. It describes implementing SNMPv1 to allow Android devices to function as SNMP managers and agents. This allows the devices to send and respond to SNMP requests and traps. The project is evaluated over seven weeks, with tasks including research, requirements gathering, development, testing, and documentation. It concludes that Android network management will be important for future technologies like IoT and sensor networks.

Stealth technology

ayush sharma

This document provides an overview of stealth technology used in aircraft. It discusses the history of stealth beginning with camouflage tactics in WWI. Key aspects covered include how radar works, methods used in stealth like shape design and radar absorbing materials, and examples of stealth aircraft like the F-117, B-2, and F-22. Advantages of stealth include invisibility to radar and performing spy missions covertly, while disadvantages include reduced payload and high costs. The document concludes that stealth technology is an important future of military aviation.

2015.04.24 Updated > Android Security Development - Part 1: App Development

Cheng-Yi Yu

This document discusses various aspects of securing Android app development, including: - Setting debuggable and backup permissions to false to prevent unauthorized access. - Clearing the clipboard when leaving an app to avoid content being copied elsewhere. - Only requesting necessary permissions and removing unneeded ones over time. - Encrypting databases using SQLCipher or the SQLite Encryption Extension. - Verifying SSL certificates and encrypting network traffic using HTTPS. - Performing cryptography in C/C++ via the Android NDK for increased security. - Generating secure access tokens, passwords, and keys using techniques like hardware IDs and scrambling. - Validating user input through secure hashing algorithms.

Compiled Xaml Performance in Xamarin.Forms

Matthew Robbins

Xamarin Under The Hood - Dan Ardelean

ITCamp

Hacking from the Inside

Claranet UK

The document discusses two common internal network attacks - LLMNR spoofing and SMB relaying. LLMNR spoofing takes advantage of the unauthenticated nature of LLMNR to respond to name resolution requests as the target machine, allowing collection of password hashes. SMB relaying modifies and relays SMB packets to establish an authenticated connection and execute commands. The document provides demonstrations of these attacks and recommendations for mitigations like disabling vulnerable protocols, network segregation, and password security best practices.

A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms

IRJET Journal

This document summarizes a survey report on DDOS attacking tools, detection mechanisms, and prevention methods. It begins by introducing DDOS attacks and their increasing prevalence. It then describes several common DDOS attacking tools like Trinoo and Shaft in detail, including their mechanisms and a comparison. It discusses two main detection mechanisms - Snort, an open-source intrusion detection system, and time series analysis. Finally, it outlines a DDOS prevention protocol called DLSR that detects attacks and identifies attackers in three phases: detection, identification, and defense.

This document discusses reverse engineering 4G hotspots and cellular routers to find security vulnerabilities. It begins with an introduction to the speaker and overview of what will be discussed. It then provides examples of analyzing the ZTE MF910 and Netgear Nighthawk M1 routers, exploring their hardware, software architecture, attack surfaces, and discovering issues like hard-coded passwords and exposed services. The document concludes that more scrutiny is needed on consumer cellular networking gear given the growing number of devices and shared codebases across vendors.

AktaionPPTv5_JZedits

Rod Soto

This document discusses using machine learning to detect ransomware through analyzing microbehaviors rather than static signatures. It introduces the concept of using machine learning for cybersecurity and labeling data to help algorithms learn. The document then discusses modeling ransomware behaviors like file system modifications and callbacks. It outlines a plan to take labeled exploit and benign traffic data, extract microbehaviors, use machine learning to detect anomalies, and generate indicators of compromise.

26.1.7 lab snort and firewall rules

Freddy Buenaño

The document provides instructions for a lab on Snort and firewall rules. It describes: 1) Setting up the virtual environment and configuring networking on the CyberOps Workstation VM. 2) Explaining the differences between firewall and IDS rules while noting their similarities, such as both having matching and action components. 3) Having students run commands to start a malware server, use Snort to monitor traffic, and download a file from the server to trigger an alert, observing the alert in the Snort log.

Jackpot! sbancare un atm con ploutus.d

Antonio Parata

The document discusses the Ploutus.D ATM malware. It describes how Ploutus.D infects ATMs to force the ejection of cash. It has evolved over time to add remote access capabilities. The document outlines the malware's initialization process, activation steps using encryption, and methods for remotely connecting to infected ATMs. It also covers the software obfuscation techniques used by Ploutus.D to evade detection.

"Giving the bad guys no sleep"

Christiaan Beek

Automotive Cybersecurity: Test Like a Hacker

ForAllSecure

Learn the techniques used by award-winning hacking teams (as well as in some real-world attacks) to identify and exploit vulnerabilities in OEM components and other automotive software. This presentation covers fundamental principles, as well as how to easily incorporate these techniques into unit or functional test stages - bringing an extra layer of protection to connected automobiles. We'll cover both how to best fit this type of testing into your pipeline to maximize speed and coverage, as well as discuss how to fit this offensive cyber security approach alongside your existing vulnerability scanning programs. Whether you're a vehicle manufacturer, integrator, or OEM - we'll discuss how to leverage hacking-based security techniques to improve protection across the supply chain and keep vehicles and drivers safer. What we'll cover: - Successful exploits of components and vehicles - what these attacks had in common - Layering offensive techniques atop existing security programs - what to do and what to avoid - How to test integrated systems with multiple components from different OEMs working in tandem - Integrating offensive testing into different stages in software development and component integration Originally presented at https://www.automotive-iq.com/events-automotive-cybersecurity

OS Security Evolution & Latest Attack Vectors By Jacob Torrey

Priyanka Aash

Once you go cloud you never go down - by Enter - festival ICT 2015

festival ICT 2016

Come si fa ad essere sempre online? Come si gestiscono i picchi di traffico previsti e imprevisti di un sito, e-commerce, blog o portale di informazione? Dalla vecchia infrastruttura server ad una soluzione cloud: nel nostro intervento vi mostreremo come creare infrastrutture a supporto di applicazioni web su un cloud OpenStack (Enter Cloud Suite) e vedremo quali sono i vantaggi in termini di sicurezza, di costi di gestione e di performance. Capiremo come gestire istanze cloud in un sistema europeo multiregion, come impostare snapshot, backup, storage, health check e load balancer e come gestire scalabilità e automazioni. Il talk è particolarmente indicato per sistemisti, DevOps e full stack developer che vogliono sviluppare soluzioni stabili, flessibili e sicure.

Once you go cloud you never go down

DrupalDay

theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf

Gabriel Mathenge

bettercap.pdf

shehbaz15

Bettercap is a tool for performing man-in-the-middle (MITM) attacks against networks. It can manipulate HTTP, HTTPS, and TCP traffic in real-time, sniff for credentials, and more. Bettercap uses techniques like ARP spoofing and ICMP redirect spoofing to position itself as the man-in-the-middle. It includes built-in sniffer and proxy modules to extract credentials and modify traffic on the fly. Some key features include HTTP/HTTPS proxying with SSL stripping and HSTS bypass, a modular architecture for customizing traffic manipulation, and support for Linux, macOS, and OpenBSD.

Bsides NYC 2018 - Hunting for Lateral Movement

Mauricio Velazco

This document discusses techniques for lateral movement that adversaries use to access and control remote systems on a network. It outlines various methods like exploiting vulnerabilities, abusing legitimate Windows features like Windows services, scheduled tasks, WMI, WinRM and DCOM. The document also discusses how blue teams can detect these techniques by monitoring authentication events, system events, object access logs, WMI activity and Windows remote management logs. It describes using tools like Oriana and frequency analysis to hunt for lateral movement indicators in Windows event logs collected via Windows Event Forwarding.

Infecting the Embedded Supply Chain

Priyanka Aash

With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a variety reverse engineering, fuzzing, exploit development and protocol analysis techniques that we used to analyze and exploit the security of a common embedded debugger.

Cybercrime in the Deep Web (BHEU 2015)

Marco Balduzzi

All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers). We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear. In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.

Cybercrime In The Deep Web

Trend Micro

20150909_network_security_lecture

University of Twente

How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security

Ahmad Yar

Monitoring ICS Communications

Digital Bond

Monkey fest australia 2020