�ݺ�ߣshows by User: Synack

�ݺ�ߣshows by User: Synack / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: Synack / Fri, 18 Nov 2016 16:47:29 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: Synack Zeronights 2016 - Automating iOS blackbox security scanning /slideshow/zeronights-2016-automating-ios-blackbox-security-scanning/69261217 zeronights2016-11-161118164730
Mikhail Sosonkin's "Automating iOS blackbox security scanning" presentation from Zero Nights 2016]]>
Mikhail Sosonkin's "Automating iOS blackbox security scanning" presentation from Zero Nights 2016]]> Fri, 18 Nov 2016 16:47:29 GMT /slideshow/zeronights-2016-automating-ios-blackbox-security-scanning/69261217 Synack@slideshare.net(Synack) Zeronights 2016 - Automating iOS blackbox security scanning Synack Mikhail Sosonkin's "Automating iOS blackbox security scanning" presentation from Zero Nights 2016 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/zeronights2016-11-161118164730-thumbnail.jpg?width=120&height=120&fit=bounds" /> Mikhail Sosonkin's "Automating iOS blackbox security scanning" presentation from Zero Nights 2016

Zeronights 2016 - Automating iOS blackbox security scanning from Synack

]]> 2862 3 https://cdn.slidesharecdn.com/ss_thumbnails/zeronights2016-11-161118164730-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 [DefCon 2016] I got 99 Problems, but  Little Snitch ain’t one! /slideshow/defcon-2016-i-got-99-problems-but-little-snitch-aint-one/64913943 defcon2016-160811163649
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail]]>
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail]]> Thu, 11 Aug 2016 16:36:49 GMT /slideshow/defcon-2016-i-got-99-problems-but-little-snitch-aint-one/64913943 Synack@slideshare.net(Synack) [DefCon 2016] I got 99 Problems, but  Little Snitch ain’t one! Synack Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/defcon2016-160811163649-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail

[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one! from Synack

]]> 1429 3 https://cdn.slidesharecdn.com/ss_thumbnails/defcon2016-160811163649-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Synack cirtical infrasructure webinar /slideshow/synack-cirtical-infrasructure-webinar/61502295 synack-cirticalinfrasructurewebinar-160429130346
As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target.]]>
As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target.]]> Fri, 29 Apr 2016 13:03:46 GMT /slideshow/synack-cirtical-infrasructure-webinar/61502295 Synack@slideshare.net(Synack) Synack cirtical infrasructure webinar Synack As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/synack-cirticalinfrasructurewebinar-160429130346-thumbnail.jpg?width=120&height=120&fit=bounds" /> As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target.

Synack cirtical infrasructure webinar from Synack

]]> 869 5 https://cdn.slidesharecdn.com/ss_thumbnails/synack-cirticalinfrasructurewebinar-160429130346-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 iOS Automation Primitives /slideshow/ios-automation-primitives/60931547 owasporlandoapril132016-160414204658
Mikhail talks about iOS Automation Primitives at OWASP.]]>
Mikhail talks about iOS Automation Primitives at OWASP.]]> Thu, 14 Apr 2016 20:46:58 GMT /slideshow/ios-automation-primitives/60931547 Synack@slideshare.net(Synack) iOS Automation Primitives Synack Mikhail talks about iOS Automation Primitives at OWASP. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/owasporlandoapril132016-160414204658-thumbnail.jpg?width=120&height=120&fit=bounds" /> Mikhail talks about iOS Automation Primitives at OWASP.

iOS Automation Primitives from Synack

]]> 971 4 https://cdn.slidesharecdn.com/ss_thumbnails/owasporlandoapril132016-160414204658-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 OS X Malware: Let's Play Doctor /Synack/os-x-malware-lets-play-doctor nullconosxmalware-160318180317
Practical OS X Malware and Detection]]>
Practical OS X Malware and Detection]]> Fri, 18 Mar 2016 18:03:17 GMT /Synack/os-x-malware-lets-play-doctor Synack@slideshare.net(Synack) OS X Malware: Let's Play Doctor Synack Practical OS X Malware and Detection <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/nullconosxmalware-160318180317-thumbnail.jpg?width=120&height=120&fit=bounds" /> Practical OS X Malware and Detection

OS X Malware: Let's Play Doctor from Synack

]]> 1510 5 https://cdn.slidesharecdn.com/ss_thumbnails/nullconosxmalware-160318180317-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 RSA OSX Malware /slideshow/rsa-osx-malware-58985016/58985016 rsaosxmalware-160302193828
Practical OSX Malware Detection and Analysis]]>
Practical OSX Malware Detection and Analysis]]> Wed, 02 Mar 2016 19:38:28 GMT /slideshow/rsa-osx-malware-58985016/58985016 Synack@slideshare.net(Synack) RSA OSX Malware Synack Practical OSX Malware Detection and Analysis <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/rsaosxmalware-160302193828-thumbnail.jpg?width=120&height=120&fit=bounds" /> Practical OSX Malware Detection and Analysis

RSA OSX Malware from Synack

]]> 1206 5 https://cdn.slidesharecdn.com/ss_thumbnails/rsaosxmalware-160302193828-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Gatekeeper Exposed /slideshow/gatekeeper-exposed/57197661 gatekeeperexposed-160118210513
This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015.]]>
This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015.]]> Mon, 18 Jan 2016 21:05:13 GMT /slideshow/gatekeeper-exposed/57197661 Synack@slideshare.net(Synack) Gatekeeper Exposed Synack This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/gatekeeperexposed-160118210513-thumbnail.jpg?width=120&height=120&fit=bounds" /> This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015.

Gatekeeper Exposed from Synack

]]> 5111 13 https://cdn.slidesharecdn.com/ss_thumbnails/gatekeeperexposed-160118210513-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Virus Bulletin 2015: Exposing Gatekeeper /slideshow/virus-bulletin-2015-exposing-gatekeeper/53421000 vb2015-151001131422-lva1-app6892
This presentation from Virus Bulletin 2015 will provide a solid technical overview of Gatekeeper's design and implementation, and will discuss both patched and currently unpatched vulnerabilities or weaknesses, in this core OS X security mechanism.]]>
This presentation from Virus Bulletin 2015 will provide a solid technical overview of Gatekeeper's design and implementation, and will discuss both patched and currently unpatched vulnerabilities or weaknesses, in this core OS X security mechanism.]]> Thu, 01 Oct 2015 13:14:22 GMT /slideshow/virus-bulletin-2015-exposing-gatekeeper/53421000 Synack@slideshare.net(Synack) Virus Bulletin 2015: Exposing Gatekeeper Synack This presentation from Virus Bulletin 2015 will provide a solid technical overview of Gatekeeper's design and implementation, and will discuss both patched and currently unpatched vulnerabilities or weaknesses, in this core OS X security mechanism. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/vb2015-151001131422-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> This presentation from Virus Bulletin 2015 will provide a solid technical overview of Gatekeeper's design and implementation, and will discuss both patched and currently unpatched vulnerabilities or weaknesses, in this core OS X security mechanism.

Virus Bulletin 2015: Exposing Gatekeeper from Synack

]]> 3639 12 https://cdn.slidesharecdn.com/ss_thumbnails/vb2015-151001131422-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DEF CON 23: Stick That In Your (root)Pipe & Smoke It /slideshow/stick-that-in-your-rootpipe-smoke-it/51437655 synackpatrickwardlerootpipetalkdefcon23-150809193831-lva1-app6892
DEF CON 23 You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.]]>
DEF CON 23 You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.]]> Sun, 09 Aug 2015 19:38:30 GMT /slideshow/stick-that-in-your-rootpipe-smoke-it/51437655 Synack@slideshare.net(Synack) DEF CON 23: Stick That In Your (root)Pipe & Smoke It Synack DEF CON 23 You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/synackpatrickwardlerootpipetalkdefcon23-150809193831-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> DEF CON 23 You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.

DEF CON 23: Stick That In Your (root)Pipe & Smoke It from Synack

]]> 4839 18 https://cdn.slidesharecdn.com/ss_thumbnails/synackpatrickwardlerootpipetalkdefcon23-150809193831-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service /slideshow/spread-spectrum-satcom-hacking-attacking-the-globalstar-simplex-data-service/51418754 presentationdefcon-150808191255-lva1-app6892
DEF CON 23 Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I’ll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk. Colby Moore is Synack's Manager of Special Activities. He works on the oddball and difficult problems that no one else knows how to tackle and strives to embrace the attacker mindset during all engagements. He is a former employee of VRL and has identified countless 0day vulnerabilities in embedded systems and major applications. In his spare time you will find him focusing on that sweet spot where hardware and software meet, usually resulting in very interesting consequences.]]>
DEF CON 23 Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I’ll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk. Colby Moore is Synack's Manager of Special Activities. He works on the oddball and difficult problems that no one else knows how to tackle and strives to embrace the attacker mindset during all engagements. He is a former employee of VRL and has identified countless 0day vulnerabilities in embedded systems and major applications. In his spare time you will find him focusing on that sweet spot where hardware and software meet, usually resulting in very interesting consequences.]]> Sat, 08 Aug 2015 19:12:55 GMT /slideshow/spread-spectrum-satcom-hacking-attacking-the-globalstar-simplex-data-service/51418754 Synack@slideshare.net(Synack) DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service Synack DEF CON 23 Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I’ll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk. Colby Moore is Synack's Manager of Special Activities. He works on the oddball and difficult problems that no one else knows how to tackle and strives to embrace the attacker mindset during all engagements. He is a former employee of VRL and has identified countless 0day vulnerabilities in embedded systems and major applications. In his spare time you will find him focusing on that sweet spot where hardware and software meet, usually resulting in very interesting consequences. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/presentationdefcon-150808191255-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> DEF CON 23 Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I’ll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk. Colby Moore is Synack's Manager of Special Activities. He works on the oddball and difficult problems that no one else knows how to tackle and strives to embrace the attacker mindset during all engagements. He is a former employee of VRL and has identified countless 0day vulnerabilities in embedded systems and major applications. In his spare time you will find him focusing on that sweet spot where hardware and software meet, usually resulting in very interesting consequences.

DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service from Synack

]]> 3574 10 https://cdn.slidesharecdn.com/ss_thumbnails/presentationdefcon-150808191255-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah! /slideshow/dll-hijacking-on-os-x-yeah/51418721 dylibhijack-150808191034-lva1-app6891
DEF CON 23 Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked. Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. ]]>
DEF CON 23 Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked. Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. ]]> Sat, 08 Aug 2015 19:10:34 GMT /slideshow/dll-hijacking-on-os-x-yeah/51418721 Synack@slideshare.net(Synack) DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah! Synack DEF CON 23 Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked. Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/dylibhijack-150808191034-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> DEF CON 23 Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked. Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware.

DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah! from Synack

]]> 2113 6 https://cdn.slidesharecdn.com/ss_thumbnails/dylibhijack-150808191034-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DEF CON 23: Internet of Things: Hacking 14 Devices /slideshow/internet-of-things-51400317/51400317 iot11-slides-150807220300-lva1-app6892
DEF CON 23 Internet of Things: Hacking 14 Devices It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices. We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices. Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is! Devices: Dlink DCS-2132L Dropcam Pro Foscam FI9826W Simplicam Withings Baby Monitor Ecobee Hive Honeywell Lyric Nest Thermostat Nest Protect Control4 HC-250 Lowes Iris Revolv SmartThings Samsung Smart Refrigerator (model RF28HMELBSR) Samsung LED Smart TV (model UN32J5205AFXZA) REASON: The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category. While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.]]>
DEF CON 23 Internet of Things: Hacking 14 Devices It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices. We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices. Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is! Devices: Dlink DCS-2132L Dropcam Pro Foscam FI9826W Simplicam Withings Baby Monitor Ecobee Hive Honeywell Lyric Nest Thermostat Nest Protect Control4 HC-250 Lowes Iris Revolv SmartThings Samsung Smart Refrigerator (model RF28HMELBSR) Samsung LED Smart TV (model UN32J5205AFXZA) REASON: The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category. While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.]]> Fri, 07 Aug 2015 22:03:00 GMT /slideshow/internet-of-things-51400317/51400317 Synack@slideshare.net(Synack) DEF CON 23: Internet of Things: Hacking 14 Devices Synack DEF CON 23 Internet of Things: Hacking 14 Devices It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices. We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices. Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is! Devices: Dlink DCS-2132L Dropcam Pro Foscam FI9826W Simplicam Withings Baby Monitor Ecobee Hive Honeywell Lyric Nest Thermostat Nest Protect Control4 HC-250 Lowes Iris Revolv SmartThings Samsung Smart Refrigerator (model RF28HMELBSR) Samsung LED Smart TV (model UN32J5205AFXZA) REASON: The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category. While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/iot11-slides-150807220300-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> DEF CON 23 Internet of Things: Hacking 14 Devices It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices. We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices. Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is! Devices: Dlink DCS-2132L Dropcam Pro Foscam FI9826W Simplicam Withings Baby Monitor Ecobee Hive Honeywell Lyric Nest Thermostat Nest Protect Control4 HC-250 Lowes Iris Revolv SmartThings Samsung Smart Refrigerator (model RF28HMELBSR) Samsung LED Smart TV (model UN32J5205AFXZA) REASON: The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category. While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.

DEF CON 23: Internet of Things: Hacking 14 Devices from Synack

]]> 17776 16 https://cdn.slidesharecdn.com/ss_thumbnails/iot11-slides-150807220300-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Black Hat '15: Writing Bad @$$ Malware for OS X /Synack/writing-bad-malware-for-os-x blackhatosxmalware-150805144342-lva1-app6892
In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair! From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware. However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware. So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time!]]>
In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair! From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware. However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware. So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time!]]> Wed, 05 Aug 2015 14:43:42 GMT /Synack/writing-bad-malware-for-os-x Synack@slideshare.net(Synack) Black Hat '15: Writing Bad @$$ Malware for OS X Synack In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair! From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware. However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware. So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time! <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/blackhatosxmalware-150805144342-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair! From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware. However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware. So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time!

Black Hat '15: Writing Bad @$$ Malware for OS X from Synack

]]> 3912 10 https://cdn.slidesharecdn.com/ss_thumbnails/blackhatosxmalware-150805144342-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service /Synack/spread-spectrum-satcom-hacking-attacking-the-globalstar-simplex-data-service-by-colby-moore-synack colbymoore-satcom-blackhat2015-150805141947-lva1-app6892
Black Hat 2015 Recently, there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I'll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk.]]>
Black Hat 2015 Recently, there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I'll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk.]]> Wed, 05 Aug 2015 14:19:47 GMT /Synack/spread-spectrum-satcom-hacking-attacking-the-globalstar-simplex-data-service-by-colby-moore-synack Synack@slideshare.net(Synack) Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service Synack Black Hat 2015 Recently, there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I'll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/colbymoore-satcom-blackhat2015-150805141947-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> Black Hat 2015 Recently, there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems. In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I'll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk.

Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service from Synack

]]> 3780 11 https://cdn.slidesharecdn.com/ss_thumbnails/colbymoore-satcom-blackhat2015-150805141947-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DLL Hijacking on OS X /slideshow/can-secw/46048427 cansecw-150319125837-conversion-gate01
CanSecWest 2015 presentation from Patrick Wardle. DLL hijacking history and dylib hijacking on OS X are detailed.]]>
CanSecWest 2015 presentation from Patrick Wardle. DLL hijacking history and dylib hijacking on OS X are detailed.]]> Thu, 19 Mar 2015 12:58:37 GMT /slideshow/can-secw/46048427 Synack@slideshare.net(Synack) DLL Hijacking on OS X Synack CanSecWest 2015 presentation from Patrick Wardle. DLL hijacking history and dylib hijacking on OS X are detailed. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/cansecw-150319125837-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> CanSecWest 2015 presentation from Patrick Wardle. DLL hijacking history and dylib hijacking on OS X are detailed.

DLL Hijacking on OS X from Synack

]]> 11893 19 https://cdn.slidesharecdn.com/ss_thumbnails/cansecw-150319125837-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Electromagnetic Hypersensitivity and You /slideshow/wes-winebergbsides2015/46042820 weswinebergbsides2015-150319105102-conversion-gate01
Presentation by Wesley Wineberg at B-Sides Vancouver 2015. It includes an analysis of EMU-2, introduction to hardware security and the ZigBee Smart Energy device.]]>
Presentation by Wesley Wineberg at B-Sides Vancouver 2015. It includes an analysis of EMU-2, introduction to hardware security and the ZigBee Smart Energy device.]]> Thu, 19 Mar 2015 10:51:02 GMT /slideshow/wes-winebergbsides2015/46042820 Synack@slideshare.net(Synack) Electromagnetic Hypersensitivity and You Synack Presentation by Wesley Wineberg at B-Sides Vancouver 2015. It includes an analysis of EMU-2, introduction to hardware security and the ZigBee Smart Energy device. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/weswinebergbsides2015-150319105102-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Presentation by Wesley Wineberg at B-Sides Vancouver 2015. It includes an analysis of EMU-2, introduction to hardware security and the ZigBee Smart Energy device.

Electromagnetic Hypersensitivity and You from Synack

]]> 2982 5 https://cdn.slidesharecdn.com/ss_thumbnails/weswinebergbsides2015-150319105102-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Home Automation Benchmarking Report /slideshow/home-automation-benchmarking-report/45524083 homeautomationbenchmarkingreport-150306103124-conversion-gate01
Synack completed a benchmarking test in a series of home automation devices from cameras to home automation controllers to thermostats. The devices were examined head to head to derive conclusions on the relative state of security across the board. Interested in what we found?]]>
Synack completed a benchmarking test in a series of home automation devices from cameras to home automation controllers to thermostats. The devices were examined head to head to derive conclusions on the relative state of security across the board. Interested in what we found?]]> Fri, 06 Mar 2015 10:31:23 GMT /slideshow/home-automation-benchmarking-report/45524083 Synack@slideshare.net(Synack) Home Automation Benchmarking Report Synack Synack completed a benchmarking test in a series of home automation devices from cameras to home automation controllers to thermostats. The devices were examined head to head to derive conclusions on the relative state of security across the board. Interested in what we found? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/homeautomationbenchmarkingreport-150306103124-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Synack completed a benchmarking test in a series of home automation devices from cameras to home automation controllers to thermostats. The devices were examined head to head to derive conclusions on the relative state of security across the board. Interested in what we found?

Home Automation Benchmarking Report from Synack

]]> 5664 4 https://cdn.slidesharecdn.com/ss_thumbnails/homeautomationbenchmarkingreport-150306103124-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Let's Hack a House /slideshow/issa-talk/44617662 issatalk-150212162340-conversion-gate02
In February 2015, Tony Gambacorta presented to the Information Systems Security Association on IoT security.]]>
In February 2015, Tony Gambacorta presented to the Information Systems Security Association on IoT security.]]> Thu, 12 Feb 2015 16:23:40 GMT /slideshow/issa-talk/44617662 Synack@slideshare.net(Synack) Let's Hack a House Synack In February 2015, Tony Gambacorta presented to the Information Systems Security Association on IoT security. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/issatalk-150212162340-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds" /> In February 2015, Tony Gambacorta presented to the Information Systems Security Association on IoT security.

Let's Hack a House from Synack

]]> 1986 2 https://cdn.slidesharecdn.com/ss_thumbnails/issatalk-150212162340-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Synack at AppSec California with Patrick Wardle /slideshow/synack-at-appsec-california/44003328 appsecca-150128112238-conversion-gate02
Patrick Wardle presents at AppSec California on uncovering risks in iOS apps]]>
Patrick Wardle presents at AppSec California on uncovering risks in iOS apps]]> Wed, 28 Jan 2015 11:22:38 GMT /slideshow/synack-at-appsec-california/44003328 Synack@slideshare.net(Synack) Synack at AppSec California with Patrick Wardle Synack Patrick Wardle presents at AppSec California on uncovering risks in iOS apps <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/appsecca-150128112238-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Patrick Wardle presents at AppSec California on uncovering risks in iOS apps

Synack at AppSec California with Patrick Wardle from Synack

]]> 2666 7 https://cdn.slidesharecdn.com/ss_thumbnails/appsecca-150128112238-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 When Geolocation Goes Wrong /slideshow/app-sec-43961274/43961274 appsec-150127133046-conversion-gate02
Presentation from Colby Moore and Patrick Wardle at AppSec California 2015.]]>
Presentation from Colby Moore and Patrick Wardle at AppSec California 2015.]]> Tue, 27 Jan 2015 13:30:45 GMT /slideshow/app-sec-43961274/43961274 Synack@slideshare.net(Synack) Synack at AppSec California 2015 - Geolocation Vulnerabilities Synack Presentation from Colby Moore and Patrick Wardle at AppSec California 2015. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/appsec-150127133046-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Presentation from Colby Moore and Patrick Wardle at AppSec California 2015.

Synack at AppSec California 2015 - Geolocation Vulnerabilities from Synack

]]> 14122 22 https://cdn.slidesharecdn.com/ss_thumbnails/appsec-150127133046-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-Synack-48x48.jpg?cb=1525291937 Synack is a security startup that has created a unique Crowd Security Intelligence™ platform that delivers the most secure, continuous, scalable, security assessment on the market. www.Synack.com https://cdn.slidesharecdn.com/ss_thumbnails/zeronights2016-11-161118164730-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/zeronights-2016-automating-ios-blackbox-security-scanning/69261217 Zeronights 2016 - Auto... https://cdn.slidesharecdn.com/ss_thumbnails/defcon2016-160811163649-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/defcon-2016-i-got-99-problems-but-little-snitch-aint-one/64913943 [DefCon 2016] I got 99... https://cdn.slidesharecdn.com/ss_thumbnails/synack-cirticalinfrasructurewebinar-160429130346-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/synack-cirtical-infrasructure-webinar/61502295 Synack cirtical infras...