Approaching the unknown - Windows Phone application security assessment guide

•

0 gostou•564 visualizações

Windows Phone should be gone by now. But somehow it survived, hanging around few percent of mobile OS market share. Maybe good camera which is in those phones does it. Sometimes even an application dedicated to WP platform shows up on pentest. How to do it? What tools to use? What to check? This talk will give you an overview of WP application security assessment, including some tips & tricks as well. We will cover topics like: - application internal structure - data storage - traffic interception - testing on emulator vs testing on rooted phone - code analysis of WP application - overview of security mechanisms available on WP There even will be a real phone with Windows Phone on it to see.

Internet

Approaching the unknown –
Windows Phone application
security assessment guide
Mateusz Olejarka
Hacktivity, 21.10.2016

• Senior IT Security Specialist, SecuRing
• Web & mobile application security
• Ex developer
• Bug hunter
Who am i

http://www.gartner.com/newsroom/id/3323017
Worldwide
Smartphone Sales to
End Users by
Operating System in
1Q of 2016
Reason
2.4 million of Windows
Phone powered devices
sold in Q1 – less than 1%
of total devices sold

• Application
• Test environment
• Security assessment
• Summary
• Q&A
Agenda

dotPeek
https://www.jetbrains.com/decompiler/

• Do whatever it takes to get version for emulator 
• Just unpack and analyze
Emulator
https://wptools.codeplex.com/

• Nice tool called Windows Phone Internals
• Prerequsites to root the phone:
• Windows Phone Recovery Tool
• Nokia or Qualcomm Drivers
• FFU image (Full Flash Update)
• Flash loader file dedicated for given phone model
• SBL3 partition (for Mass Storage Mode capability)
Root and mass storage mode

Root and mass storage mode
http://www.wpinternals.net/

• Assemblies
• Data/PROGRAMS/{guid}/Install
• Isolated storage
• Data/Users/DefApps/APPDATA/Local/Packages/{guid}/
Where are the interesing parts?

• Start Burp proxy listener
• Set in IE proxy to that listener
• Start emulator, it should copy those settings
Traffic interception, emulator

• Setup WiFi hotspot on Windows
• Connect device to it
• Start Burp
Traffic interception, device

Traffic interception, device
• Setup WiFi hotspot on Windows
• Connect device to it
• Start Burp
• Setup proxy on the phone

• Sometimes app has a custom HTTPS client, which happily avoid proxy
• Then i usually used pytinydns.py to the rescue
• But what about changing the host file on the device when in mass
storage mode?
But sometimes

• Communication
• Data storage & encryption
• Use of WebBrowser
• Code obfuscation
• URI handling
What to check

• Check on the wire
• In the source code look for
• System.Net.WebClient usage
• System.Net.WebRequest usage
• TIP: look for http/https string
Communication

• App settings stored in a file:
• IsolatedStorageSettings.ApplicationSettings usage
• File storage:
• IsolatedStorageFile usage
• DPAPI:
• ProtectedData.Protect calls
• ProtectedData.Unprotect calls
• One flaw – all apps use the same key
Data storage & encryption

• Search for Microsoft.Phone.Controls.WebBrowser
• It have some interesting functions:
Use of WebBrowser

• Similarities with other platforms
• Fewer ready to go tools
• Some things are easier
Summary

• Complete 1.0 version of my notes and public release
• Fill the gaps
• Redaction ;)
• NFC Payments
• Windows Phone Malware !?
Future work

Thanks :)
Drop me msg if you wish to get my notes
mateusz.olejarka@securing.pl
@molejarka

Mais conteúdo relacionado

Mais procurados

After my successful presentation "Testing iOS Apps without Jailbreak in 2018" it's time to change the side. This talk will cover the most important milestones in reaching secure iOS/macOS apps. I'm going to show you how to develop modern&secure iOS/macOS apps using new security features presented on WWDC2018. H4ckers will be satisfied as well since I'm going to talk about these steps from pentester's perspective. What's more - this presentation will include vulnerabilities that I found during my professional work and my vulnz found in real Apple's apps! (That I haven't disclosed yet!)

Building&Hacking modern iOS apps

SecuRing

Front End Development for Back End Java Developers - West Midlands Java User ...

Matt Raible

Owasp top 10 web application security hazards - Part 1

Abhinav Sejpal

OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com

SV Ruby on Rails Meetup

The paper is about abusing and exploiting Firefox add-on Security model and explains how JavaScript functions, XPCOM and XPConnect interfaces, technologies like CORS and WebSocket, Session storing and full privilege execution can be abused by a hacker for malicious purposes. The widely popular browser add-ons can be targeted by hackers to implement new malicious attack vectors resulting in confidential data theft and full system compromise. This paper is supported by proof of concept add-ons which abuse and exploits the add-on coding in Firefox 17, the release which Mozilla boasts to have a more secure architecture against malicious plugins and add-ons. The proof of concept includes the implementation of a Local keylogger, a Remote keylogger, stealing Linux password files, spawning a Reverse Shell, stealing the authenticated Firefox session data, and Remote DDoS attack. All of these attack vectors are fully undetectable against anti-virus solutions and can bypass protection mechanisms.

Abusing, Exploiting and Pwning with Firefox Add-ons

Ajin Abraham

The web has become a part of our lives. We bank online, we shop online, we talk online, we even pay our taxes online. It's made our lives very convenient, but all that data makes a tempting target for hackers. Learn about some recent attacks on popular web frameworks and dig in to why they were effective. Learn how these advanced attacks can be detected, and how they can be stopped by applications which learn to protect themselves.

GoSec 2015 - Protecting the web from within

IMMUNIO

MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...

Quek Lilian

Rails comes with many powerful security protections out of the box, but no code is perfect. This talk will highlight a new approach to web app security, one focusing on a higher level of abstraction than current techniques. We will take a look at current security processes and tools and some common vulnerabilities still found in many Rails apps. Then we will investigate novel ways to protect against these vulnerabilities.

RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities

IMMUNIO

Starwest 2008

Caleb Sima

Securing your WordPress website - New Port Richey WP Meetup

Oyster Bay Marauders LLC

Java is everywhere. According to Oracle it’s on 3 billion devices and counting. We also know that Java is one of the most popular vehicles for delivering malware. But that’s just the plugin right? Well maybe not. Java on the server can be just at risk as the client. In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is. With the continuing increase in cybercrime it’s time you knew how to defend your code. With examples and code this talk will help you become more effective in reducing security issues in Java.

Anatomy of Java Vulnerabilities - NLJug 2018

Steve Poole

Presented by Vivek Thuravupala, Software Engineer @ Postman in joint meetup in Walmart on 28th April, BLR. Abstract: We'll talk about the exploding usage of APIs and why security shouldn't be an afterthought when it comes to designing and building APIs. We'll also run through some concrete examples illustrating common pitfalls encountered while design/building. About the speaker: Vivek builds stuff for the web, and he's been swimming around in various tech ponds since he was a kid. At Postman, he keeps an eye on a bunch of the user-facing products.

Designing & Building Secure Web APIs

CodeOps Technologies LLP

(java2days) The Anatomy of Java Vulnerabilities

Steve Poole

Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack. Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported. In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron. --- Yosuke Hasegawa Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others. OWASP Kansai Chapter Leader, OWASP Japan Board member.

[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...

CODE BLUE

What should I do when my website got hack?

Sumedt Jitpukdebodin

Security Tech Talk

Mallikarjun Reddy

Cross-Site Request Forgery (CSRF in short) is a kind of a web application vulnerability which allows malicious website to send unauthorized requests to a vulnerable website using active session of its authorized users In simple words, it’s when an “evil” website posts a new status in your twitter account on your visit while the login session is active on twitter. For security reasons the same origin policy in browsers restricts access for browser-side programming languages such as Javascript to access a remote content. As the browsers configurations may be modified, the best way to protect web application against CSRF is to secure web application itself.

CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011

Samvel Gevorgyan

"Web Application Security is a vast topic and time is not enough to cover all kind of malicious attacks and techniques for avoiding them, so now we will focus on top 10 high level vulnerabilities. Web developers work in different ways using their custom libraries and intruder prevention systems and now we will see what they should do and should not do based on best practices." - Samvel Gevorgyan [ Presentation on Scribd ] http://www.scribd.com/doc/47157267

BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN

Samvel Gevorgyan

Widespread security flaws in web application development 2015

mahchiev

In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is.

The Anatomy of Java Vulnerabilities

Steve Poole

Mais procurados (20)

Building&Hacking modern iOS apps

Front End Development for Back End Java Developers - West Midlands Java User ...

Owasp top 10 web application security hazards - Part 1

OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com

Abusing, Exploiting and Pwning with Firefox Add-ons

GoSec 2015 - Protecting the web from within

MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...

RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities

Starwest 2008

Securing your WordPress website - New Port Richey WP Meetup

Anatomy of Java Vulnerabilities - NLJug 2018

Designing & Building Secure Web APIs

(java2days) The Anatomy of Java Vulnerabilities

[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...

What should I do when my website got hack?

Security Tech Talk

CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011

BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN

Widespread security flaws in web application development 2015

The Anatomy of Java Vulnerabilities

Semelhante a Approaching the unknown - Windows Phone application security assessment guide

Pentesting Mobile Applications (Prashant Verma)

ClubHack

Pentesting iPhone applications

Satish b

DEF CON 24 - Dinesh and Shetty - practical android application exploitation

Felipe Prado

Android Security and Peneteration Testing

Surabaya Blackhat

Mobile code mining for discovery and exploits nullcongoa2013

Blueinfy Solutions

Windows Phone 8 Security and Testing WP8 Apps

Jorge Orchilles

Analysis and research of system security based on android

Ravishankar Kumar

Attacking and Defending Mobile Applications

Jerod Brennen

9 Writing Secure Android Applications

Sam Bowne

Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered. Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP).

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Ajin Abraham

iOS Application Pentesting

n|u - The Open Security Community

[Wroclaw #1] Android Security Workshop

OWASP

Mobile App Security - Best Practices

RedBlackTree

Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported. Tizen IVI (in-vehicle infotainment) Tizen Mobile Tizen TV, and Tizen Wearable Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained. The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen. For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc. Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Ajin Abraham

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015. • Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy • Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack • Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices • BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization • The Most Important Buying Considerations in 2015

2015 Endpoint and Mobile Security Buyers Guide

Lumension

Android pen test basics

OWASPKerala

Telemetry Onboarding

Roberto Agostino Vitillo

Hacking and Securing iOS Apps : Part 1

Subhransu Behera

Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen. What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.

Hacker Halted 2014 - Reverse Engineering the Android OS

EC-Council

CSW2017 Geshev+Miller logic bug hunting in chrome on android

CanSecWest

Semelhante a Approaching the unknown - Windows Phone application security assessment guide (20)

Pentesting Mobile Applications (Prashant Verma)

Pentesting iPhone applications

DEF CON 24 - Dinesh and Shetty - practical android application exploitation

Android Security and Peneteration Testing

Mobile code mining for discovery and exploits nullcongoa2013

Windows Phone 8 Security and Testing WP8 Apps

Analysis and research of system security based on android

Attacking and Defending Mobile Applications

9 Writing Secure Android Applications

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

iOS Application Pentesting

[Wroclaw #1] Android Security Workshop

Mobile App Security - Best Practices

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

2015 Endpoint and Mobile Security Buyers Guide

Android pen test basics

Telemetry Onboarding

Hacking and Securing iOS Apps : Part 1

Hacker Halted 2014 - Reverse Engineering the Android OS

CSW2017 Geshev+Miller logic bug hunting in chrome on android

Mais de SecuRing

Recent years show a significant increase in attacks against libraries, tools, and infrastructure used in application development, as well as directly against developers and software companies. From fake libraries and malicious changes to popular libraries or programming languages to vulnerabilities in CI/CD infrastructure components. During the presentation, you will discover a handful of interesting, fresh examples and attack techniques and, perhaps most importantly, learn how to work safely as a programmer. You will find out about typosquatting, dependency confusion, protestware and discover stories of attacks on PHP, Codecov, Homebrew, npm, Ruby Gems, or GitHub.

Developer in a digital crosshair, 2023 edition - 4Developers

SecuRing

Attacks on third-party libraries and tools that are often used while developing software have become dramatically frequent. Among these attacks, one can find dependency confusion, issues in popular dev tools (Codecov, Homebrew, npm...), typosquatting, incidents (PHP, GitHub...), or malicious changes in popular dependencies (UAParser.js, coa, node-ipc...). I will share a lot of gripping real-life examples of such attacks, their causes and effects, and help you stay secure while developing software.

Developer in a digital crosshair, 2022 edition - Oh My H@ck!

SecuRing

The frequency of attacks on third-party libraries and tools used in software development has dramatically increased in recent years. Typosquatting, dependency confusion, malicious changes in popular dependencies (UAParser.js, coa, node-ipc...), issues in popular dev tools (Codecov, Homebrew, npm...) or incidents (PHP, GitHub...). In this presentation, I will go over many fascinating, recent examples of these attacks, their causes and effects, and recommend to you how to stay secure when developing software.

Developer in a digital crosshair, 2022 edition - No cON Name

SecuRing

In addition to being a common option in cloud environments, serverless computing is also a suggested method for creating plenty of things! Did you ever consider its mechanics? Is serverless truly server-less? How does the execution environment function? In this event-driven compute service, is persistency even conceivable? I will not lie – Remote Code Executions and Command Injections are uncommon, but what if one occurs in your function? Additionally, it may be brought in by an attacker through dependency injection. I will demonstrate how to use it to obtain persistency and exfiltrate more data than the function role gives. Let us figure out: - How serverless infrastructure functions. - Why persistency is possible in this semi-volatile environment. - How to use pseudo shell over HTTP for serverless environment research. - An exploitation demo – how can we make use of an RCE vulnerability to obtain a persistency. - Possible mitigations. Let us hijack the data real-time from the AWS Lambdas and GCP Cloud Functions! Presented at: Confidence 2022, AlligatorCon 2022, Secops Polska Meetup #32, DevSecCon Poland 2022, AWS Community Day Warsaw 2022.

Is persistency on serverless even possible?!

SecuRing

“$ sudo ls ~/Desktop: Operation not permitted”. Apple’s Transparency, Consent, and Control (TCC) framework limits access to private information like documents, a camera, a microphone, emails, and more in order to preserve your privacy. Since authorisation is required to grant such access, the mechanism key design priority was clear user consent. At Black Hat USA 2021, I co-presented considerable research on abusing the TCC mechanisms, however, this time, we won’t be directly exploiting the TCC. Given that iCloud has tons of macOS users’ secrets, why keep attacking the TCC? The default configuration makes Mac synchronize a lot of data. Don’t you have your iMessages/Photos/Calendars/Reminders/Notes accessible from iCloud? That’s good because you take care of your privacy… but most users don’t. :) The brand-new research on abusing Apple’s iCloud to gain access to users’ sensitive data will be shared during the presentation. All that from a malicious applications’ perspective without any additional permissions.

What happens on your Mac, stays on Apple’s iCloud?!

SecuRing

Do you have Macs in your company's infrastructure? Nowadays, I bet that in most cases the answer would be YES. Macs stopped being computers only used in startups. We can observe them even in huge legacy environments in banks and other corporations. The problem is that they are usually not symmetrically secured, compared to the rest of Windows stations. Macs are not immune, they can be insecurely configured and now...even Apple admits that malware is present on Macs. In this presentation I will: 1. Introduce you to macOS security mechanisms 2. Perform step-by-step macOS infection based on my 0-day (live demo) 3. Show you post-exploitation techniques 4. Attack installed apps and collect data from them 5. Give recommendations on how to harden your Mac and macOS infrastructure

0-Day Up Your Sleeve - Attacking macOS Environments

SecuRing

This presentation takes you through recent attacks aimed at software developers and software companies. First it starts with attacks on libraries you install or have installed (typosquatting, pushing malicious library updates due to maintainer's credential takeover, protestware), even your private ones (dependency confusion). Second it shows attack on tools which are used in software development (package managers). Third, there are examples of attacks onto developer's infrastructure (PHP programming language git sever, GitHub OAuth incident with Heroku and Travis-CI).

Developer in a digital crosshair, 2022 edition

SecuRing

20+ Ways To Bypass Your Macos Privacy Mechanisms

SecuRing

How secure are webinar platforms?

SecuRing

"TotallyNotAVirus.app" would like to access the camera and spy on you. To protect your privacy, Apple introduced Transparency, Consent, and Control (TCC) framework that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent. In this talk, we will share multiple techniques that allowed us to bypass this prompt, and as a malicious application, get access to protected resources without any additional privileges or user's consent. Together, we submitted over 40 vulnerabilities just to Apple through the past year, which allowed us to bypass some parts or the entire TCC. We also found numerous vulnerabilities in third-party apps (including Firefox, Signal, and others), which allowed us to avoid the OS restrictions by leveraging the targeted apps' privileges. In the first part of the talk, we will give you an overview of the TCC framework, its building blocks, and how it limits application access to private data. We will explore the various databases it uses and discuss the difference between user consent and user intent. Next, we will go through various techniques and specific vulnerabilities that we used to bypass TCC. We will cover how we can use techniques like process injection, mounting, application behavior, or simple file searches to find vulnerabilities and gain access to the protected resources. The audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. We believe there is a need to raise awareness on why OS protections are not 100% effective, and in the end, users have to be careful with installing software on their machines. Moreover - as we're going to publish several exploits - red teams will also benefit from the talk.

20+ Ways to Bypass Your macOS Privacy Mechanisms

SecuRing

Author: Paweł Rzepa In this talk I'm going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You'll see: - my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences, - examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment - serverless attacks and security nuances in Azure and GCP - recipes to prevent those attacks

Serverless security: attack & defense

SecuRing

XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple's components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere - Anti Viruses, Messengers, Privacy tools, Firewalls, and more. This presentation: 1.Explain how XPC/NSXPC work 2.Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t) 3.Abuse an interesting feature on Catalina allowing to inject an unsigned dylib 4.Show you how to fix that vulnz finally!

Abusing & Securing XPC in macOS apps

SecuRing

The presentation focuses on the whole process of security testing and present it by analogies to the web applications which are quite well-known. It covers the whole SDLC and show the similarities and differences in the arsenal of vulnerabilities, security tools and standards between the smart contracts and web applications on each step. Even though there exist a lot of great security projects for smart contracts, we do not have single, widely accepted security standard (such as ASVS in web apps world). That is why we introduce SCSVS (Smart Contract Security Verification Standard), a open-source 13-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.

WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards

SecuRing

WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards

SecuRing

Author: Jakub Kaluzny Let's talk about large-scale security programmes and maintaining security with tens of project teams - agile or waterfall, in-house or outsourced. I will discuss how to effectively track security requirements, organise threat modelling sessions, log output from those and translate it into penetration testing scope and test cases. We will dive deep into evil brainstorming, come up with abuser stories for each user story and define what makes the SDLC process secure or not. This talk is based on my work with different organisations in multiple countries and observations what works well in regards to security at scale and what does not.

Let's get evil - threat modeling at scale

SecuRing

Last year at AppSec EU I had a presentation about the Ethereum smart contracts and did a technical showcase of some of their potential vulnerabilities and security flaws. I also presented my proposition on how to handle the responsible disclosure process in the smart contracts world. This year I want to focus on the whole process of security testing and present it by analogies to the web applications which are quite well-known. Smart contracts are described as Web3 decentralized apps and I believe that my talk will not only bring new light on this subject but will also help to understand and organize the way of testing. I am going to cover the whole SDLC and show the similarities and differences between the smart contracts and web applications on each step. The presented overview is especially important nowadays when the biggest companies are building their own blockchain platforms and cryptocurrencies – i.e. Libra introduced by Facebook (which by the way also supports smart contracts). I am also going to show the differences in the arsenal of vulnerabilities, security tools and standards by the analogy to web apps arsenal. I think that, even though there exist a lot of great security projects for smart contracts, we do not have a single, widely accepted security standard (such as ASVS in web apps world). I would like to discuss potential work that needs to be done in that area and show my preliminary work on that matter. After this presentation audience will know what are the similarities and differences between smart contracts and web apps in the SDLC, an arsenal of tools and standards, but also will have a fresh overview of possible options and current trends.

Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards

SecuRing

Po ostatniej prezentacji dotyczącej pentestów bez jailbreaka, autor zdecydował stworzyć prezentację defensywną. Znajdują się w niej informacje o najczęściej występujących problemach w nowoczesnych aplikacjach iOS oraz wskazówki jak sobie z nimi radzić. W prezentacji przedstawiona jest równie nowa otwartoźródłowa biblioteka iOS Security Suite dostępna pod adresem https://github.com/securing/IOSSecuritySuite

Budowanie i hakowanie nowoczesnych aplikacji iOS

SecuRing

When it comes to thick-clients, java applets, embedded devices or mobile apps - often, the idea is to forget about HTTP/S stack, plaintext POST parameters, and instead, implement a custom communication protocol. - Sending files for printing? Caesar cipher does not support full UTF-8, so use AES in ECB mode. - Malware attacking online banking? Even over HTTPS, double-encrypt POST parameters. If your clients are rich, use asymetric encryption, for better protection. - Planning SOAP WS? Use WCF Binary XML and put it in a START-TLS tunnel wrapped over a TCP connection. Welcome to the world of application/x-inception-data content types, <meta charset=obscure> encoding and custom cryptography. Ideas that usually implement methods of 'security by obscurity'. Once the outer layer of obfuscation is off, very often the server backend reveals simple access control issues, SQL query shells or code execution vulnerabilities. I will discuss real-world examples from enterprise solutions tests which require a bit more effort to allow tampering with data send from the client: - intercepting the traffic, bypassing NAC - decapsulating encryption and encoding layers - hooking into function calls, modifying packages - reverse-engineer proprietary protocols and encryption.

We need t go deeper - Testing inception apps.

SecuRing

After my offensive presentation "Testing iOS Apps without Jailbreak in 2018" it is time to focus also on building not just breaking. This talk will cover the most important milestones in reaching secure iOS/macOS apps. I'm going to show you how to develop modern & secure iOS/macOS apps using new security features presented at the latest Apple's Worldwide Developers Conference. Hackers will be satisfied as well, since I'm going to cover also pen tester's perspective. What's more - I will share with you details of multiple vulnerabilities (*including not disclosed previously*) that I found during security assessments and my research of Apple's applications.

Building & Hacking Modern iOS Apps

SecuRing

In my presentation I will show you a couple of applications that use artificial intelligence in order to improve our security and how easily it is to use other AI to break it. You may like it or not, but natural language processing, deep learning, computer vision are being developed very rapidly and already have significant impact on your life, working behind the scenes of multiple services you use every day. However, as a great man once said "with great power comes great responsibility", same with the AI - the risk of abuse appears. I will show you how to beat AI using rogue AI, how a crowd-sourced human intelligence can beat AI, or finally how a small, unnoticed by human change in the input data (constructed by AI of course) can severly impact the output of AI processing. I will focus on applications that improve our security not only in the cyber world (like CAPTCHA), but also in real life world (e.g. car safety systems). Last, but not least, I will tell you how to prevent such abuses and why it is so important to understand how above-mentioned tools work.

Artificial Intelligence – a buzzword, new era of IT or new threats?

SecuRing

Mais de SecuRing (20)

Developer in a digital crosshair, 2023 edition - 4Developers

Developer in a digital crosshair, 2022 edition - Oh My H@ck!

Developer in a digital crosshair, 2022 edition - No cON Name

Is persistency on serverless even possible?!

What happens on your Mac, stays on Apple’s iCloud?!

0-Day Up Your Sleeve - Attacking macOS Environments

Developer in a digital crosshair, 2022 edition

20+ Ways To Bypass Your Macos Privacy Mechanisms

How secure are webinar platforms?

20+ Ways to Bypass Your macOS Privacy Mechanisms

Serverless security: attack & defense

Abusing & Securing XPC in macOS apps

WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards

Let's get evil - threat modeling at scale

Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards

Budowanie i hakowanie nowoczesnych aplikacji iOS

We need t go deeper - Testing inception apps.

Building & Hacking Modern iOS Apps

Artificial Intelligence – a buzzword, new era of IT or new threats?

Último

"Boost Your Digital Presence: Partner with a Leading SEO Agency"

growthgrids

Microsoft Azure Arc Customer Deck Microsoft

AanSulistiyo

valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls In valsad Book All India 5 Star Hotels 👄 Escorts Service Available Whatsapp Chaya ☎️ : [+91-6378878445] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P452024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service

Delhi Call girls

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

Matthew Sinclair

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf

Matthew Sinclair

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...

APNIC

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 8005736733 Nargish Khan Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...

SUHANI PANDEY

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Class Independent Escorts service Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...

SUHANI PANDEY

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking Escorts Service Available Whatsapp SABANA ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking

dharasingh5698

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...

kajalverma014

Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...

roncy bisnoi

( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Ready To Lift You "Call Girls Pune VIP Service.. 9352988975 Booking Open Now We Are Providing Safe & Secure High Class girl women sucking men Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/ women seeking men in royal call girl High class luxury and premium call girl agency. ✔️High class luxury and premium escorts agency We Provide Well Educated, Royal Class Female, High-class Escorts agency offering a top high class escort service in the royal Escorts ✔️ Get High Profile queens , Well Educated , Good Looking , Full Cooperative Model Services. you can see me at my comfortable Hotels or I can visit you in hotel Our Service Available IN All Services 3/5/7 Star Hotels, In call /Out call Service 24/7.. ✔️ All Meetings We Provide Hottest Female With Me Are Safe And Consensual With Most Limits Respected Complete Satisfaction Guaranteed...Service Available In:- 24/7 3 * 5 *7 *Star Hotel Service In. In Call Out call service Avilable also. ✔️ I guarantee you to have an unforgettable experience with me A curvy body, long hair and silky smooth skin. She is an independent royal Escorts/Women Seeking Men model will give you more pleasure & Full satisfaction. ✔️ I am very sensual and flirtatious with charming personality! I love to laugh and my bright smile is ever Present. ,Hotel & Home Services CALL PLZZ ✔️Available Near All #s07 3* 4* 5* 7* Hotels Of I Want Only Hotel Name , Guest Name , Room No. Only For Confirmation.✔️ Arundhati... agency...⭐⭐⭐⭐⭐ VIP...Service ✣ ✤ ✥ ✦ TIME WASTERS AND BARGAINERS ARE PLEASE EXCUSE, WE RESPECT YOUR SAFETY AND PRIVACY AND EXPECT TH WHATSAPP CALL ME" 9352988975

( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...

nilamkumrai

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...

tanu pandey

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

tanu pandey

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Call Mr Chirag Ji +91-7877925207 NORTH/SOUTH INDIANS HIGH CLASS MODELS/COLLEGE GIRLS/ HOUSEWIVES/BODY TO BODY MASSAGE, SANDWICH MASSAGE, SHOWER BATHING, BLOW JOB, LICKING, FRONT AND BACK SHOT, RUBBING, KISSING SMOOCHING ETC ETC... UNLIMITED FUN Call 24/7. Your assistance for your service... ☛ ✔✔ secure✔✔ 100% safe ✔✔ Vip Callgirl Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ A02524SW ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife • Collage Going Girls. • Travelling Escorts. • Ramp-models • Foreigner And Many More.. ★OUR BEST SERVICES: - FOR BOOKING ★ A-Level (5 star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...

Neha Pandey

Call Girl Pune Indira Call Now: 8250077686 Pune Escorts Booking Contact Details WhatsApp Chat: +91-8250077686 Pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertainin. Plus they look fabulously elegant; making an impressionable. Independent Escorts Pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Dating Escorts Service Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...

SUHANI PANDEY

Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida, • IN CALL AND OUT CALL SERVICE IN DELHI NCR • 3* 5* 7* HOTELS SERVICE IN DELHI NCR • 24 HOURS AVAILABLE IN DELHI NCR • INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS • REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE • SHORT TIME AND FULL TIME SERVICE AVAILABLE • HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS • DAILY NEW ESCORTS STAFF AVAILABLE • MINIMUM TO MAXIMUM RANGE AVAILABLE. Call Girls in Delhi & Independent Escort Service – CALL GIRLS SERVICE DELHI NCR Vip call girls in Delhi Call Girls in Delhi, Call Girl Service 24×7 open Call Girls in Delhi Best Delhi Escorts in Delhi Low Rate Call Girls In Saket Delhi X~CALL GIRLS IN Ramesh Nagar Metro best Delhi call girls and Delhi escort service. CALL GIRLS SERVICE IN ALL DELHI … (Delhi) Call Girls in (Chanakyapuri) Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks. Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR. Delhi All Hotel Services available 3* 4* 5* Call Call Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi Delhi All Hotel Services available my agency SERVICES [✓✓✓] Housewife College Girl VIP Escort Independent Girl Aunty Without a Condom sucking )? Sexy Aunty.DSL (Dick Sucking Lips)? DT (Dining at the Toes English Spanking) Doggie (Sex style from no behind)?? OutCall- All Over Delhi Noida Gurgaon 24/7 FOR APPOINTMENT Call/Whatsop / 9953056974

Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha Thakur Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...

SUHANI PANDEY

Approaching the unknown - Windows Phone application security assessment guide

1. Approaching the unknown – Windows Phone application security assessment guide Mateusz Olejarka Hacktivity, 21.10.2016

2. • Senior IT Security Specialist, SecuRing • Web & mobile application security • Ex developer • Bug hunter Who am i

3. http://www.gartner.com/newsroom/id/3323017 Worldwide Smartphone Sales to End Users by Operating System in 1Q of 2016 Reason 2.4 million of Windows Phone powered devices sold in Q1 – less than 1% of total devices sold

4. • Application • Test environment • Security assessment • Summary • Q&A Agenda

5. APPLICATION

6. File Structure

7. dotPeek https://www.jetbrains.com/decompiler/

8. dotPeek

9. AppManifest.xaml

10. WMAppManifest.xml

11. „Main” class

12. app.xaml

13. Sample .xaml file

14. TEST ENVIRONMENT

15. • Do whatever it takes to get version for emulator  • Just unpack and analyze Emulator https://wptools.codeplex.com/

16. • Nice tool called Windows Phone Internals • Prerequsites to root the phone: • Windows Phone Recovery Tool • Nokia or Qualcomm Drivers • FFU image (Full Flash Update) • Flash loader file dedicated for given phone model • SBL3 partition (for Mass Storage Mode capability) Root and mass storage mode

17. Root and mass storage mode http://www.wpinternals.net/

18. Root and mass storage mode

19. • Assemblies • Data/PROGRAMS/{guid}/Install • Isolated storage • Data/Users/DefApps/APPDATA/Local/Packages/{guid}/ Where are the interesing parts?

20. • Start Burp proxy listener • Set in IE proxy to that listener • Start emulator, it should copy those settings Traffic interception, emulator

21. • Setup WiFi hotspot on Windows • Connect device to it • Start Burp Traffic interception, device

22. Traffic interception, device • Setup WiFi hotspot on Windows • Connect device to it • Start Burp • Setup proxy on the phone

23. Traffic interception, install CA

24. Traffic intercepted

25. Traffic intercepted

26. • Sometimes app has a custom HTTPS client, which happily avoid proxy • Then i usually used pytinydns.py to the rescue • But what about changing the host file on the device when in mass storage mode? But sometimes

27. SECURITY ASSESSMENT

28. • Communication • Data storage & encryption • Use of WebBrowser • Code obfuscation • URI handling What to check

29. • Check on the wire • In the source code look for • System.Net.WebClient usage • System.Net.WebRequest usage • TIP: look for http/https string Communication

30. Example: Certificate pinning flaw

31. • App settings stored in a file: • IsolatedStorageSettings.ApplicationSettings usage • File storage: • IsolatedStorageFile usage • DPAPI: • ProtectedData.Protect calls • ProtectedData.Unprotect calls • One flaw – all apps use the same key Data storage & encryption

32. Sample __AppSettings file

33. Example: Hardcoded hard to guess key

34. Example: Hardcoded hard to guess key

35. Example: Hardcoded hard to guess key

36. • Search for Microsoft.Phone.Controls.WebBrowser • It have some interesting functions: Use of WebBrowser

37. Code obfuscation

38. Code obfuscation

39. URI handling

40. SUMMARY

41. • Similarities with other platforms • Fewer ready to go tools • Some things are easier Summary

42. • Complete 1.0 version of my notes and public release • Fill the gaps • Redaction ;) • NFC Payments • Windows Phone Malware !? Future work

43.

44. Thanks :) Drop me msg if you wish to get my notes mateusz.olejarka@securing.pl @molejarka

Approaching the unknown - Windows Phone application security assessment guide

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Approaching the unknown - Windows Phone application security assessment guide

Semelhante a Approaching the unknown - Windows Phone application security assessment guide (20)

Mais de SecuRing

Mais de SecuRing (20)

Último

Último (20)

Approaching the unknown - Windows Phone application security assessment guide