Advanced ANDROID & ios Hands-on Exploitation
|
|
- Penelope Jordan
- 7 years ago
- Views:
Transcription
1 Advanced ANDROID & ios Hands-on Exploitation By NotSoSecure Ltd. Abstract: This fast-paced training will get you familiar with the various Android as well as ios exploitation techniques, and bypassing most of the existing security models in both of the platforms. We will cover topics such as writing our own malwares, auditing complicated and protected applications, automated static and dynamic analysis, Dex Exploitation, OWASP Mobile Top 10 and a lot more. We will also cover ARM Platform Exploitation, on which most of the smartphone run these days. In ARM, we will cover exploitation techniques such as Stack Based Buffer Overflows, Gadget Chaining, ROP and Bypassing protections. Finally for ios, we will be looking into the application security auditing, creating a pentest environment, present sandboxing model, code signing, Inspecting binaries, Use-after-free and much more. We will also be looking into Android rooting and ios jailbreaking exploits, and recreate the scenario from the scratch. Students will also be provided with custom exploitation labs, which will be preconfigured and loaded with all the tools and scripts which will be covered during the training. COURSE STRUCTURE Day I (Android and ARM Exploitation): Module 1: Android Basics Introduction to Android Android Architecture Digging into Android kernel
2 Android Security Model Android Security Architecture Android Permission model Application Sandboxing Bypassing Android Permissions HelloWorld : Android Android Application Components Android Debug Bridge Creating a Simple Android Application Introduction to ARM Exploitation Introduction to ARM Instruction set and Registers Debugging with GDB Stack Overflows on ARM Format String vulnerabilities Ret2ZP Attack and ROP Shellcoding on ARM Exploit Mitigations and Bypasses ARM Based rootkits Module 2: Setting up the Environment Setting up Android Emulator Setting up a Mobile Pentest Environment App Kung-fu Application Analysis Reverse Engineering Traffic Interception (Active and Passive) of Android Applications OWASP Top 10 for Android Sniffing Application and phone's network data Unsecure file storage Having fun with databases
3 Exploiting Logic and Code flaws in applications Exploiting Content Providers SQL Injection in Android Application Local File Inclusion/Directory Traversal Drive by Exploitation Tapjacking HTML 5 Attacks Phishing Attacks on Android Module 3: Exploitation with AFE Introduction to Android Framework for Exploitation Finding application vulnerabilities using AFE Creating a malware + botnet (HTTP and SMS based) Crypt an existing malware/botnet to bypass Android Anti-malwares Extending the framework with custom plugins Cracking Android Applications Hands-on on Vulnerable Social Networking Application Creating and Exploiting custom ROMs Exploiting USB connections with Android Dex Labs Introduction to Dalvik File Format In-depth to Smali Manipulating smali files and cracking Applications Cracking Application Licenses Dex file manipulation Obfuscating applications with dex obfuscator Day 2 (Advanced Android and ARM Exploitation) Module 4: Android Forensics & Malware Analysis Extracting text messages, voice mails, call logs, contacts and messages Recovering information stored in SD Card
4 Reversing and Analyzing Android malwares using Apktool, dex2jar and JD-GUI Introduction to IDA Pro Analyzing malwares and exploits using IDA Further Exploitation: Creating custom Bootloaders Android Root Exploits Recreating the exploit Fuzzing Android components Webkit Exploitation Use After Free vulnerability and exploitation Writing a reliable exploit for Android More ROP Exploitation Finding ROP gadgets and building ROP Chains Using GDB for Android debugging Information Leaks in Android Being secure Android in the Enterprise Writing Secure Code Pentest before you publish Writing Python Scripts for automating android pentests Source Code Auditing for Applications Day 3 (ios Exploitation) Module 5: ios Background Understanding ios Architecture ios Security Features ios Application Overview ios Security Model Code Signing Sandboxing Exploit Mitigation Encryption
5 Setting up the Environment Setting up XCode Setting up iphone/simulator Module 6: ios Hello-World ios Application components Introduction to Objective C Writing a simple Hello World application in your own idevice/simulator ios App Analysis Reverse Engineering ios Apps Decrypting Appstore Binaries Locating PIE (Position Independent Executable) Inspecting Binary Manipulating Runtime Module 7: Auditing Insecure API Evaluating the Transport Security Abusing Protocol Handlers Insecure Data Storage Attacking ios keychain App Assessments Setting up pentesting environment for assessment Passive app assessment Active app assessment Application analysis App Kungfu Exploiting XSS in Apps (UIWebViews) Attacking XML processor SQL Injection Filesystem Interaction
6 Geolocation Logging Background-ing Memory Corruption Issues: Format strings Object use-after free ROP for ios Exploit Mitigations in ios Module 8: ios Forensics Analysis of Backed up data in itunes Extracting SMS, Call Logs, etc., from an ios backup Imaging the whole device Being Secure ios App compliance checklist Writing Secure Codes Pentest your App before you publish Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages (Java and C, and Python for scripting) will be an added advantage to grasp things quickly. Hardware Requirements Minimum 2GB RAM and 20 GB free Hard Disk space Android (preferably Rooted) >= 2.3 iphone/ipad/ipod (optional, as we will be providing individual ios based devices for each participant during the training) Software Requirements Windows XP SP2/3, Windows 7/8 or *Nix
7 Mac OSX (compulsory for ios Exploitation or a OSX VM) Administrative privileges on your laptop Virtualization Software Custom VM labs will be provided for exploitation SSH Client
Advanced ANDROID & ios Hands-on Exploitation
Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages
More informationSYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules
Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationMobile Application Security and Penetration Testing Syllabus
Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationLearn the fundamentals of Software Development and Hacking of the iphone Operating System.
Course: Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: Learn the fundamentals of Software Development and Hacking of the iphone Operating System. provides an Instructor-led
More informationHacking Classes 75% 75% Hands-on Learning in Our Modern Hack Lab. Written by BlackHat Trainers: Available Globally
75% 75% Hands-on Learning in Our Modern Hack Lab Updated Regularly to Include Trending Techniques Written by BlackHat Trainers: Available Globally Hacking Classes Hacking Classes FOUNDATION TRACK FOUNDATION
More informationPentesting Mobile Applications
WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer
More informationSecuring ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH
Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationPentesting iphone Applications. Satishb3 http://www.securitylearn.net
Pentesting iphone Applications Satishb3 http://www.securitylearn.net Agenda iphone App Basics App development App distribution Pentesting iphone Apps Methodology Areas of focus Major Mobile Threats Who
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More informationBuilding a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved
Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing
More informationPentesting Android Apps. Sneha Rajguru (@Sneharajguru)
Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at
More informationCompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001
CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required
More informationBeginners Guide to Android Reverse Engineering
(W)ORK-SH/OP: Beginners Guide to Android Reverse Engineering (W)ORK-SH/OP: sam@ccc.de Hall[14], Day 3 11:00h Agenda Purpose Recommended or needed tools (De)construction of Android apps Obtaining APKs Decompiling
More informationAppUse - Android Pentest Platform Unified
AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed
More informationAndroid & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications
Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications
More informationBlackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/2011. https://www.isecpartners.
Blackbox Android Breaking Enterprise Class Applications and Secure Containers Marc Blanchou Mathew Solnik 10/13/2011 https://www.isecpartners.com Agenda Background Enterprise Class Applications Threats
More informationAutomation in ios Application Assessments
Automation in ios Application Assessments SiRA Team: Justin Engler Seth Law Josh Dubik David Vo Contact: 1.sira.tool@gmail.com Twitter: @siratool 1 Legal Notice Third-party sources are quoted as appropriate.
More informationMobile Application Security Testing ASSESSMENT & CODE REVIEW
Mobile Application Security Testing ASSESSMENT & CODE REVIEW Sept. 31 st 2014 Presenters ITAC 2014 Bishop Fox Francis Brown Partner Joe DeMesy Security Associate 2 Introductions FRANCIS BROWN Hi, I m Fran
More informationABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications
Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile
More informationModern Binary Exploitation Course Syllabus
Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday
More informationSecure your ios applications and uncover hidden vulnerabilities by conducting penetration tests
Fr ee Learning ios Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an ios application and operating system, and will teach you to conduct static and dynamic
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationSecurity Intelligence Services. Cybersecurity training. www.kaspersky.com
Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative
More informationMobile Application Security: Who, How and Why
Mobile Application Security: Who, How and Why Presented by: Mike Park Managing Security Consultant Trustwave SpiderLabs Who Am I Mike Park Managing Consultant, Application Security Services, Trustwave
More informationThe OWASP Foundation http://www.owasp.org
Android reverse engineering: understanding third-party applications OWASP EU Tour 2013 June 5, 2013. Bucharest (Romania) Vicente Aguilera Díaz OWASP Spain Chapter Leader Co-founder of Internet Security
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationWeb application testing
CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration
More informationASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
More informationAndroid (in)security. Having fun with Android. Sarantis Makoudis
Android (in)security Having fun with Android Sarantis Makoudis About Me BSc in Digital Systems, University of Piraeus, 2010 MSc in Information Security, Royal Holloway, University of London,2012 Penetration
More informationLearning Course Curriculum
Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early
More informationTushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps
Tony Trummer Staff Engineer, Information Security at LinkedIn Penetration tester and mobile security enthusiast #3 in Android Security Acknowledgements Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration
More informationPlease Complete Speaker Feedback Surveys. SecurityTube.net
Please Complete Speaker Feedback Surveys Advanced ios Applica:on Pentes:ng Vivek Ramachandran Founder, SecurityTube.net vivek@securitytube.net Vivek Ramachandran B.Tech, ECE IIT Guwaha: Media Coverage
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationASL IT Security Advanced Web Exploitation Kung Fu V2.0
ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union
More informationPentesting iphone & ipad Apps Hack In Paris 2011 June 17
Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Who are we? Flora Bottaccio Security Analyst at ADVTOOLS Sebastien Andrivet Director, co-founder of ADVTOOLS ADVTOOLS Swiss company founded in 2002
More informationReminders. Lab opens from today. Many students want to use the extra I/O pins on
Reminders Lab opens from today Wednesday 4:00-5:30pm, Friday 1:00-2:30pm Location: MK228 Each student checks out one sensor mote for your Lab 1 The TA will be there to help your lab work Many students
More informationOWASP Mobile Top Ten 2014 Meet the New Addition
OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further
More informationHacking your Droid ADITYA GUPTA
Hacking your Droid ADITYA GUPTA adityagupta1991 [at] gmail [dot] com facebook[dot]com/aditya1391 Twitter : @adi1391 INTRODUCTION After the recent developments in the smart phones, they are no longer used
More informationProfessional Penetration Testing Techniques and Vulnerability Assessment ...
Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment
More informationCompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001
CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required
More informationMobile Security Framework
Automated Mobile Application Security Testing with Mobile Security Framework Ajin Abraham About Me! Security Consultant @ Yodlee! Security Engineering @ IMMUNIO! Next Gen Runtime Application Self Protection
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationTECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationMobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application
Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Since the introduction of the iphone, Apple has sold more than 315 million
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationRed Hat Linux Internals
Red Hat Linux Internals Learn how the Linux kernel functions and start developing modules. Red Hat Linux internals teaches you all the fundamental requirements necessary to understand and start developing
More information"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION
"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION CHECK POINT ALERTED EZCAST THAT ITS SMART TV DONGLE, WHICH IS USED BY APPROXIMATELY 5 MILLION USERS, IS EXPOSED TO SEVERE REMOTE CODE EXECUTION VULNERABILITIES
More informationLegal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html.
ADOBE AIR Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Installing and updating desktop applications...........................................................................
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationPenetration Testing for iphone Applications Part 1
Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More information2016 TÜBİTAK BİLGEM Cyber Security Institute
2016 Revision 5.0 2016 TÜBİTAK BİLGEM Cyber Security Institute 1 ... 3 1. Information Security Awareness for End Users... 4 2. Information Security Awareness for Managers... 5 3. Social Engineering: Attack
More informationReversing Android Malware
Reversing Android Malware The Honeynet Project 10 th Annual Workshop ESIEA PARIS.FR 2011-03-21 MAHMUD AB RAHMAN (MyCERT, CyberSecurity Malaysia) Copyright 2011 CyberSecurity Malaysia MYSELF Mahmud Ab Rahman
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationMobile security, forensics & malware analysis with Santoku Linux. * Copyright 2013 viaforensics, LLC. Proprietary Information.
Mobile security, forensics & malware analysis with Santoku Linux PRESENTER - ANDREW HOOG CEO/Co-founder of viaforensics Andrew is a published author, computer scientist, and mobile security & forensics
More informationhttps://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationHow Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant
How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic
More informationComprehensive Security for Internet-of-Things Devices With ARM TrustZone
Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Howard Williams mentor.com/embedded Internet-of-Things Trends The world is more connected IoT devices are smarter and more complex
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationBypassing SSL Pinning on Android via Reverse Engineering
Bypassing SSL Pinning on Android via Reverse Engineering Denis Andzakovic Security-Assessment.com 15 May 2014 Table of Contents Bypassing SSL Pinning on Android via Reverse Engineering... 1 Introduction...
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationTools and Techniques to automate the discovery of Zero Day Vulnerabilities. A.K.A Fuzzing 101
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY
More informationSecurity Testing Guidelines for mobile Apps
The OWASP Foundation http://www.owasp.org Security Testing Guidelines for mobile Apps Florian Stahl Johannes Ströher AppSec Research EU 2013 Who we are Florian Stahl Johannes Ströher Lead Consultant for
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationPentesting ios Apps Runtime Analysis and Manipulation. Andreas Kurtz
Pentesting ios Apps Runtime Analysis and Manipulation Andreas Kurtz About PhD candidate at the Security Research Group, Department of Computer Science, University of Erlangen-Nuremberg Security of mobile
More informationAndroid Packer. facing the challenges, building solutions. Rowland YU. Senior Threat Researcher Virus Bulletin 2014
Android Packer facing the challenges, building solutions Rowland YU Senior Threat Researcher Virus Bulletin 2014 1 What is Android Packer? Android packers are able to encrypt an original classes.dex file,
More informationAndroid Security - Common attack vectors
Institute of Computer Science 4 Communication and Distributed Systems Rheinische Friedrich-Wilhelms-Universität Bonn, Germany Lab Course: Selected Topics in Communication Management Android Security -
More informationAutomating Security Testing. Mark Fallon Senior Release Manager Oracle
Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage
More informationSecuring your Mobile Applications. Karson Chan Security Consultant
Securing your Mobile Applications Karson Chan Security Consultant NTT Com Security Threat can come from anywhere that s why we are everywhere 1,000+ Staff Our knowledge is your security 8,000+ Customers
More informationDesigning and Coding Secure Systems
Designing and Coding Secure Systems Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class covers secure coding and some design issues from a language neutral approach you can
More informationTowards Automated Botnet Detection and Mitigation
Towards Automated Botnet Detection and Mitigation Stopping the Root Cause of Spam Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation Tools & techniques for botnet detection nepenthes
More informationAdvanced Administration for Citrix NetScaler 9.0 Platinum Edition
Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced
More informationWeb attacks and security: SQL injection and cross-site scripting (XSS)
Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationINFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More informationFive standard procedures for building the android system. Figure1. Procedures for building android embedded systems
Standard Operating Procedures for Android Embedded Systems Anupama M. Kulkarni, Shang-Yang Chang, Ying-Dar Lin National Chiao Tung University, Hsinchu, Taiwan November 2012 Android is considered to be
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationPractical Attacks against Mobile Device Management Solutions
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly
More informationImplementing the Application Control Engine Service Module
Course: Implementing the Application Control Engine Service Module Duration: 4 Day Hands-On Lab & Lecture Course Price: $ 2,995.00 Learning Credits: 30 Hitachi HiPass: 4 Description: Implementing the Application
More informationWindows Kernel Internals for Security Researchers
Windows Kernel Internals for Security Researchers Overview This course takes a deep dive into the internals of the Windows kernel from a security perspective. Attendees learn about behind the scenes working
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationEnd User Devices Security Guidance: Apple OS X 10.10
GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best
More informationProject X Mass interception of encrypted connections
Project X Mass interception of encrypted connections What? SSL/TLS interception TOR interception ...a thorny path Common Issues Public Key Pinning avoids rogue CA to sign certs Common Issues Google and
More informationMembers of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems
Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More information