Blog
Metricon 2011 Summary
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it. I think the content is still interesting, so, sorry for the late entry :)]
I’ve just returned after a 31hr transit from our annual US trip. Vegas, training, Blackhat & Defcon were great, it was good to see friends we only get to see a few times a year, and make new ones. But on the same trip, the event I most enjoyed was Metricon. It’s a workshop held at the Usenix security conference in San Francisco, run by a group of volunteers from the security metrics mailing list and originally sparked by Andrew Jacquith’s seminal book Security Metrics.
Decrypting iPhone Apps
This blog post steps through how to convert encrypted iPhone application bundles into plaintext application bundles that are easier to analyse.
Requirements:
1) Jailbroken iPhone with OpenSSH, gdb plus other utilities (com.ericasadun.utilities etc. etc.)
2) An iPhone app
3) On your machine:
otool (comes with iPhone SDK) Hex editor (0xED, HexWorkshop etc.) Ida – Version 5.2 through 5.6 supports remote debugging of iPhone applications (iphone_server). For this article, I will use the app name as “blah”.
Be Inspired
Talented Innovative Quality driven Forward thinking Trusted advisors And …simply good fun! These are all phrases associated with SensePost. Do you think you have what it takes to become part of our expanding GLOBAL team?
We are looking for more security assessment consultants to join us in the UK and South Africa. Security assessments are what we live and breathe – whether it’s foot-printing and obtaining enterprise domain admin rights on production networks, training hundreds at conferences around the world, to reverse-engineering mobile applications and producing cutting-edge security applications.
Press Release – Jane Frankland joins SensePost
The SensePost marketing division, a highly skilled team of ruthless spin-doctors, is proud to announce that they have written … a press release. Indeed, this team of fawners, flunkeys, lackeys and puffers has been slaving since early 2009 to come up with the pristine example of literary art you will read below. If you’re intimidated by what I’ve just said, harbour a fanatical dislike for marketing folks or simply don’t read so good, then here’s the short version:
Black Hat Abu Dhabi && Cadet Online Edition
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training and three tracks of Briefings over four days from December 12 to 15 December 2011.
We’re pleased to announce that SensePost will be back again this year with our exciting new Wifi hacking course – Hacking By Numbers, Unplugged Edition, launched for the 1st time in Las Vegas this year. This course is fresh and exciting and was an amazing success at Black Hat earlier this year. You can register directly on the Black Hat site, or contact us if you want more information.
Runtime analysis of Windows Phone 7 Applications
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform execution/data flow analysis and code debugging for desktop and server operating systems. Although a few dynamic analysis tools such as DroidBox are available for Android, I currently know of no similar public tools for the Windows Phone 7 platform. The main challenge for Windows Phone 7 is the lack of a programable debugging interface in both the Emulator and phone devices. The Visual Studio 2010 debugger for Phone applications does not have an “Attach to process” feature and can only be used to debug applications for which the source code is available. Although the Kernel Independent Transport Layer (KITL) can be enabled on some Windows Phone devices at boot time which could be very useful for Kernel and unmanged code debugging, it can’t be used directly for code tracing of phone applications which are executed by the .NET compact framework.
Hacking Online Auctions – UnCon && ITWeb talk
I gave an updated version of my ‘Hacking Online Auctions’ talk at UnCon in London last week. The talk gave a brief intro to general auction theory, and how the models can be applied online, but the main focus was on ‘penny auction’ websites. What are those all about then? Well, during my Masters last year I took a course on Internet Economics, and one of the modules involved auction theory. It was a really interesting module, and I did a bit of my own research on the side, whereby I stumbled across various penny auction sites. The sites (who pretend to be akin to eBay or the likes) go a little something like this:
Systems Applications Proxy Pwnage
[2011/9/6 Edited to add Slideshare embed]
I am currently in London at the first ever 44con conference. It’s been a fantastic experience so far – excellent talks & friendly people.
Yesterday, I presented a paper titled “Systems Applications Proxy Pwnage” . The talk precis sums it up nicely:
It has been common knowledge for a number of years that SAP GUI communicates using an unencrypted and compressed protocol by default, and numerous papers have been published by security professionals and researchers dealing with decompressing this traffic.
SensePost @ 44Con – Join us!
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the Global Financial Centre, London, there isn’t a shortage of industries who require secure applications and rely on secure infrastructure and applications to operate.
With this in mind, 44Con is the first combined information security conference and training event held in Central London. The con will provide business and technical tracks, aimed at government, public sector, financial, security professionals and Chief Security Officers.
Metricon6 Presentation
Dominic is currently in the air somewhere over the Atlantic, returning from a long trip that included BlackHat, DefCon and lastly Metricon6, where he spoke on a threat model approach that he has picked up and fleshed out. He has promised a full(er) write-up on his glorious return, however in the meantime his slides are below. An updated copy of the CTM tool is on the CTM page, as is the demonstration dashboard (a nifty spreadsheet-from-the-deep that interactively provides various views on your threat model).