�ݺ�ߣshows by User: martinvigo

�ݺ�ߣshows by User: martinvigo / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: martinvigo / Fri, 21 Oct 2022 00:00:37 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: martinvigo Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs /slideshow/phonerator-an-advanced-valid-phone-number-generator-for-your-osintse-needs-253737083/253737083 phonerator-221021000037-32dd256d
Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.]]>
Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.]]> Fri, 21 Oct 2022 00:00:37 GMT /slideshow/phonerator-an-advanced-valid-phone-number-generator-for-your-osintse-needs-253737083/253737083 martinvigo@slideshare.net(martinvigo) Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs martinvigo Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/phonerator-221021000037-32dd256d-thumbnail.jpg?width=120&height=120&fit=bounds" /> Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.

Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs from Martin Vigo

]]> 105 0 https://cdn.slidesharecdn.com/ss_thumbnails/phonerator-221021000037-32dd256d-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs /slideshow/phonerator-an-advanced-valid-phone-number-generator-for-your-osintse-needs/252576854 phonerator-220817040808-3e93b1ab
Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.]]>
Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.]]> Wed, 17 Aug 2022 04:08:08 GMT /slideshow/phonerator-an-advanced-valid-phone-number-generator-for-your-osintse-needs/252576854 martinvigo@slideshare.net(martinvigo) Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs martinvigo Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/phonerator-220817040808-3e93b1ab-thumbnail.jpg?width=120&height=120&fit=bounds" /> Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool "email2phonenumber" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country. This year, I am introducing "Phonerator", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers. Phonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse "Contact Discovery" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.

Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs from Martin Vigo

]]> 417 0 https://cdn.slidesharecdn.com/ss_thumbnails/phonerator-220817040808-3e93b1ab-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 From email address to phone number, a new OSINT approach /slideshow/from-email-address-to-phone-number-a-new-osint-approach/163534003 fromemailaddresstophonenumber-190813153337
Email addresses are one of our most public piece of PII. We are confortable sharing it with strangers, publishing it on the internet and it is generally our public way of communicating. However, when it comes to phone numbers things change. We are more selective with who we share it with, mostly because receiving unsolicited phone calls is much more invasive. There are also security implications when making your phone number publicly available. SS7 attacks, SIM swapping, phishing and scam calls are just a few of the threats that originate from the target’s phone number. What if it were possible to obtain someone’s phone number by only knowing their email address? Beyond the criminal advantage, it could be very useful to investigators, red teams and OSINT lovers. In this talk, I will discuss techniques which when combined will let you discover someone’s phone number via their email address. I will also demo and release a tool that helps automate the process.]]>
Email addresses are one of our most public piece of PII. We are confortable sharing it with strangers, publishing it on the internet and it is generally our public way of communicating. However, when it comes to phone numbers things change. We are more selective with who we share it with, mostly because receiving unsolicited phone calls is much more invasive. There are also security implications when making your phone number publicly available. SS7 attacks, SIM swapping, phishing and scam calls are just a few of the threats that originate from the target’s phone number. What if it were possible to obtain someone’s phone number by only knowing their email address? Beyond the criminal advantage, it could be very useful to investigators, red teams and OSINT lovers. In this talk, I will discuss techniques which when combined will let you discover someone’s phone number via their email address. I will also demo and release a tool that helps automate the process.]]> Tue, 13 Aug 2019 15:33:37 GMT /slideshow/from-email-address-to-phone-number-a-new-osint-approach/163534003 martinvigo@slideshare.net(martinvigo) From email address to phone number, a new OSINT approach martinvigo Email addresses are one of our most public piece of PII. We are confortable sharing it with strangers, publishing it on the internet and it is generally our public way of communicating. However, when it comes to phone numbers things change. We are more selective with who we share it with, mostly because receiving unsolicited phone calls is much more invasive. There are also security implications when making your phone number publicly available. SS7 attacks, SIM swapping, phishing and scam calls are just a few of the threats that originate from the target’s phone number. What if it were possible to obtain someone’s phone number by only knowing their email address? Beyond the criminal advantage, it could be very useful to investigators, red teams and OSINT lovers. In this talk, I will discuss techniques which when combined will let you discover someone’s phone number via their email address. I will also demo and release a tool that helps automate the process. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/fromemailaddresstophonenumber-190813153337-thumbnail.jpg?width=120&height=120&fit=bounds" /> Email addresses are one of our most public piece of PII. We are confortable sharing it with strangers, publishing it on the internet and it is generally our public way of communicating. However, when it comes to phone numbers things change. We are more selective with who we share it with, mostly because receiving unsolicited phone calls is much more invasive. There are also security implications when making your phone number publicly available. SS7 attacks, SIM swapping, phishing and scam calls are just a few of the threats that originate from the target’s phone number. What if it were possible to obtain someone’s phone number by only knowing their email address? Beyond the criminal advantage, it could be very useful to investigators, red teams and OSINT lovers. In this talk, I will discuss techniques which when combined will let you discover someone’s phone number via their email address. I will also demo and release a tool that helps automate the process.

From email address to phone number, a new OSINT approach from Martin Vigo

]]> 3251 8 https://cdn.slidesharecdn.com/ss_thumbnails/fromemailaddresstophonenumber-190813153337-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Ransombile: yet another reason to ditch sms /slideshow/ransombile-yet-another-reason-to-ditch-sms/115163783 ransombile-yetanotherreasontoditchsms-180918101703
The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and default to insecure settings. Personal assistants on mobile devices are very popular. Siri, OK Google and Cortana are just a few of them. They can perform multiple tasks including calls, sending emails and reading SMS among other sensitive actions. How secure are they? Can we trust our personal assistants to keep our data safe? How about displaying your notifications on the lock screen? On the other hand, with the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone's digital life in less than 2 minutes. Email accounts, financial data, social networks... all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? Do you feel safe when crossing the border when entering USA since they can't force you to reveal the passcode? This presentation is for you.]]>
The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and default to insecure settings. Personal assistants on mobile devices are very popular. Siri, OK Google and Cortana are just a few of them. They can perform multiple tasks including calls, sending emails and reading SMS among other sensitive actions. How secure are they? Can we trust our personal assistants to keep our data safe? How about displaying your notifications on the lock screen? On the other hand, with the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone's digital life in less than 2 minutes. Email accounts, financial data, social networks... all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? Do you feel safe when crossing the border when entering USA since they can't force you to reveal the passcode? This presentation is for you.]]> Tue, 18 Sep 2018 10:17:03 GMT /slideshow/ransombile-yet-another-reason-to-ditch-sms/115163783 martinvigo@slideshare.net(martinvigo) Ransombile: yet another reason to ditch sms martinvigo The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and default to insecure settings. Personal assistants on mobile devices are very popular. Siri, OK Google and Cortana are just a few of them. They can perform multiple tasks including calls, sending emails and reading SMS among other sensitive actions. How secure are they? Can we trust our personal assistants to keep our data safe? How about displaying your notifications on the lock screen? On the other hand, with the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone's digital life in less than 2 minutes. Email accounts, financial data, social networks... all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? Do you feel safe when crossing the border when entering USA since they can't force you to reveal the passcode? This presentation is for you. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/ransombile-yetanotherreasontoditchsms-180918101703-thumbnail.jpg?width=120&height=120&fit=bounds" /> The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and default to insecure settings. Personal assistants on mobile devices are very popular. Siri, OK Google and Cortana are just a few of them. They can perform multiple tasks including calls, sending emails and reading SMS among other sensitive actions. How secure are they? Can we trust our personal assistants to keep our data safe? How about displaying your notifications on the lock screen? On the other hand, with the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone's digital life in less than 2 minutes. Email accounts, financial data, social networks... all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? Do you feel safe when crossing the border when entering USA since they can't force you to reveal the passcode? This presentation is for you.

Ransombile: yet another reason to ditch sms from Martin Vigo

]]> 1019 4 https://cdn.slidesharecdn.com/ss_thumbnails/ransombile-yetanotherreasontoditchsms-180918101703-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Compromising online accounts by cracking voicemail systems /slideshow/compromising-online-accounts-by-cracking-voicemail-systems/109842206 defconpresov2-180814155046
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.]]>
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.]]> Tue, 14 Aug 2018 15:50:46 GMT /slideshow/compromising-online-accounts-by-cracking-voicemail-systems/109842206 martinvigo@slideshare.net(martinvigo) Compromising online accounts by cracking voicemail systems martinvigo Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/defconpresov2-180814155046-thumbnail.jpg?width=120&height=120&fit=bounds" /> Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.

Compromising online accounts by cracking voicemail systems from Martin Vigo

]]> 1321 8 https://cdn.slidesharecdn.com/ss_thumbnails/defconpresov2-180814155046-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Mobile apps security. Beyond XSS, CSRF and SQLi https://es.slideshare.net/slideshow/mobile-apps-security-beyond-xss-csrf-and-sqli/83244115 mobileappssecurity-171203095130
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. Usually developers take into account the well-known vulnerabilities such as SQLi, XSS, CSRF, etc. forgetting about those impacting specifically the mobile platform. We will make an emphasis on all those other issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.]]>
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. Usually developers take into account the well-known vulnerabilities such as SQLi, XSS, CSRF, etc. forgetting about those impacting specifically the mobile platform. We will make an emphasis on all those other issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.]]> Sun, 03 Dec 2017 09:51:30 GMT https://es.slideshare.net/slideshow/mobile-apps-security-beyond-xss-csrf-and-sqli/83244115 martinvigo@slideshare.net(martinvigo) Mobile apps security. Beyond XSS, CSRF and SQLi martinvigo This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. Usually developers take into account the well-known vulnerabilities such as SQLi, XSS, CSRF, etc. forgetting about those impacting specifically the mobile platform. We will make an emphasis on all those other issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mobileappssecurity-171203095130-thumbnail.jpg?width=120&height=120&fit=bounds" /> This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. Usually developers take into account the well-known vulnerabilities such as SQLi, XSS, CSRF, etc. forgetting about those impacting specifically the mobile platform. We will make an emphasis on all those other issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.

from Martin Vigo

]]> 1930 4 https://cdn.slidesharecdn.com/ss_thumbnails/mobileappssecurity-171203095130-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Building secure mobile apps /slideshow/building-secure-mobile-apps/83243806 dreamforce-171203093940
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. We will make an emphasis on all issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.]]>
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. We will make an emphasis on all issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.]]> Sun, 03 Dec 2017 09:39:40 GMT /slideshow/building-secure-mobile-apps/83243806 martinvigo@slideshare.net(martinvigo) Building secure mobile apps martinvigo This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. We will make an emphasis on all issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/dreamforce-171203093940-thumbnail.jpg?width=120&height=120&fit=bounds" /> This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. We will make an emphasis on all issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.

Building secure mobile apps from Martin Vigo

]]> 508 2 https://cdn.slidesharecdn.com/ss_thumbnails/dreamforce-171203093940-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Secure Salesforce: Hardened Apps with the Mobile SDK /slideshow/secure-salesforce-hardened-apps-with-the-mobile-sdk-83243240/83243240 preso-171203091644
As frameworks and languages have evolved, creating a mobile app has never been easier. But can an easy mobile app be secure? Join our mobile security experts to discuss the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss some common mobile vulnerabilities and mistakes, then dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!]]>
As frameworks and languages have evolved, creating a mobile app has never been easier. But can an easy mobile app be secure? Join our mobile security experts to discuss the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss some common mobile vulnerabilities and mistakes, then dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!]]> Sun, 03 Dec 2017 09:16:44 GMT /slideshow/secure-salesforce-hardened-apps-with-the-mobile-sdk-83243240/83243240 martinvigo@slideshare.net(martinvigo) Secure Salesforce: Hardened Apps with the Mobile SDK martinvigo As frameworks and languages have evolved, creating a mobile app has never been easier. But can an easy mobile app be secure? Join our mobile security experts to discuss the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss some common mobile vulnerabilities and mistakes, then dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless! <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/preso-171203091644-thumbnail.jpg?width=120&height=120&fit=bounds" /> As frameworks and languages have evolved, creating a mobile app has never been easier. But can an easy mobile app be secure? Join our mobile security experts to discuss the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss some common mobile vulnerabilities and mistakes, then dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!

Secure Salesforce: Hardened Apps with the Mobile SDK from Martin Vigo

]]> 350 2 https://cdn.slidesharecdn.com/ss_thumbnails/preso-171203091644-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Breaking vaults: Stealing Lastpass protected secrets /slideshow/breaking-vaults-stealing-lastpass-protected-secrets/83243111 shakaconpreso-171203091107
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.]]>
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.]]> Sun, 03 Dec 2017 09:11:07 GMT /slideshow/breaking-vaults-stealing-lastpass-protected-secrets/83243111 martinvigo@slideshare.net(martinvigo) Breaking vaults: Stealing Lastpass protected secrets martinvigo LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/shakaconpreso-171203091107-thumbnail.jpg?width=120&height=120&fit=bounds" /> LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.

Breaking vaults: Stealing Lastpass protected secrets from Martin Vigo

]]> 571 7 https://cdn.slidesharecdn.com/ss_thumbnails/shakaconpreso-171203091107-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Even the LastPass Will be Stolen Deal with It! /slideshow/even-the-lastpass-will-be-stolen-deal-with-it/83242960 eu-15-vigo-even-the-lastpass-will-be-stolen-deal-with-it-171203090510
Password managers have become very popular as a solution to avoid reusing passwords. With that in mind, password managers are a prized target for pentesters and attackers. If a password manager is compromised, the consequences are catastrophic as all the victim's secrets reside in the vault. One breach to get it all. LastPass is arguably one of the most popular password managers in the market. Over 10,000 corporate customers ranging in various sizes including Fortune 500's rely on LastPass to protect all their data. Research has been done on how to attack password managers but it has all focused on leaking specific credentials from the vault. LastPass not only stores credentials, but also bank accounts, ssh keys, personal records, etc. Therefore, we focused our research on finding the silver bullet to gain full access to the vault and steal all the secrets. By reversing LastPass plugins, we found several ways to do so. We will demonstrate how it is possible to steal and decrypt the master password. We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault. In addition, we discovered ways to bypass 2 factor authentication. We wrote a Metasploit module that takes care of all of this. The module is able to search for all LastPass data in the machine comprising all accounts present. It will find and decrypt the master password, it will derive the encryption key for the vault, it will find the 2FA trust token and it will steal the vault so it can be decrypted. All secrets in the vault will be printed out for the pen-tester's satisfaction.]]>
Password managers have become very popular as a solution to avoid reusing passwords. With that in mind, password managers are a prized target for pentesters and attackers. If a password manager is compromised, the consequences are catastrophic as all the victim's secrets reside in the vault. One breach to get it all. LastPass is arguably one of the most popular password managers in the market. Over 10,000 corporate customers ranging in various sizes including Fortune 500's rely on LastPass to protect all their data. Research has been done on how to attack password managers but it has all focused on leaking specific credentials from the vault. LastPass not only stores credentials, but also bank accounts, ssh keys, personal records, etc. Therefore, we focused our research on finding the silver bullet to gain full access to the vault and steal all the secrets. By reversing LastPass plugins, we found several ways to do so. We will demonstrate how it is possible to steal and decrypt the master password. We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault. In addition, we discovered ways to bypass 2 factor authentication. We wrote a Metasploit module that takes care of all of this. The module is able to search for all LastPass data in the machine comprising all accounts present. It will find and decrypt the master password, it will derive the encryption key for the vault, it will find the 2FA trust token and it will steal the vault so it can be decrypted. All secrets in the vault will be printed out for the pen-tester's satisfaction.]]> Sun, 03 Dec 2017 09:05:10 GMT /slideshow/even-the-lastpass-will-be-stolen-deal-with-it/83242960 martinvigo@slideshare.net(martinvigo) Even the LastPass Will be Stolen Deal with It! martinvigo Password managers have become very popular as a solution to avoid reusing passwords. With that in mind, password managers are a prized target for pentesters and attackers. If a password manager is compromised, the consequences are catastrophic as all the victim's secrets reside in the vault. One breach to get it all. LastPass is arguably one of the most popular password managers in the market. Over 10,000 corporate customers ranging in various sizes including Fortune 500's rely on LastPass to protect all their data. Research has been done on how to attack password managers but it has all focused on leaking specific credentials from the vault. LastPass not only stores credentials, but also bank accounts, ssh keys, personal records, etc. Therefore, we focused our research on finding the silver bullet to gain full access to the vault and steal all the secrets. By reversing LastPass plugins, we found several ways to do so. We will demonstrate how it is possible to steal and decrypt the master password. We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault. In addition, we discovered ways to bypass 2 factor authentication. We wrote a Metasploit module that takes care of all of this. The module is able to search for all LastPass data in the machine comprising all accounts present. It will find and decrypt the master password, it will derive the encryption key for the vault, it will find the 2FA trust token and it will steal the vault so it can be decrypted. All secrets in the vault will be printed out for the pen-tester's satisfaction. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/eu-15-vigo-even-the-lastpass-will-be-stolen-deal-with-it-171203090510-thumbnail.jpg?width=120&height=120&fit=bounds" /> Password managers have become very popular as a solution to avoid reusing passwords. With that in mind, password managers are a prized target for pentesters and attackers. If a password manager is compromised, the consequences are catastrophic as all the victim's secrets reside in the vault. One breach to get it all. LastPass is arguably one of the most popular password managers in the market. Over 10,000 corporate customers ranging in various sizes including Fortune 500's rely on LastPass to protect all their data. Research has been done on how to attack password managers but it has all focused on leaking specific credentials from the vault. LastPass not only stores credentials, but also bank accounts, ssh keys, personal records, etc. Therefore, we focused our research on finding the silver bullet to gain full access to the vault and steal all the secrets. By reversing LastPass plugins, we found several ways to do so. We will demonstrate how it is possible to steal and decrypt the master password. We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault. In addition, we discovered ways to bypass 2 factor authentication. We wrote a Metasploit module that takes care of all of this. The module is able to search for all LastPass data in the machine comprising all accounts present. It will find and decrypt the master password, it will derive the encryption key for the vault, it will find the 2FA trust token and it will steal the vault so it can be decrypted. All secrets in the vault will be printed out for the pen-tester's satisfaction.

Even the LastPass Will be Stolen Deal with It! from Martin Vigo

]]> 473 1 https://cdn.slidesharecdn.com/ss_thumbnails/eu-15-vigo-even-the-lastpass-will-be-stolen-deal-with-it-171203090510-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Creating secure apps using the salesforce mobile sdk /slideshow/creating-secure-apps-using-the-salesforce-mobile-sdk/83242833 creatingsecureappsusingthesalesforcemobilesdk-171203090019
Creating a mobile app has never been easier with the wide-range of frameworks and languages available at your fingertips. But is it easy to secure a mobile app? Join our mobile security experts as they walkthrough the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss common vulnerabilities and mistakes, followed by a dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!]]>
Creating a mobile app has never been easier with the wide-range of frameworks and languages available at your fingertips. But is it easy to secure a mobile app? Join our mobile security experts as they walkthrough the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss common vulnerabilities and mistakes, followed by a dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!]]> Sun, 03 Dec 2017 09:00:19 GMT /slideshow/creating-secure-apps-using-the-salesforce-mobile-sdk/83242833 martinvigo@slideshare.net(martinvigo) Creating secure apps using the salesforce mobile sdk martinvigo Creating a mobile app has never been easier with the wide-range of frameworks and languages available at your fingertips. But is it easy to secure a mobile app? Join our mobile security experts as they walkthrough the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss common vulnerabilities and mistakes, followed by a dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless! <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/creatingsecureappsusingthesalesforcemobilesdk-171203090019-thumbnail.jpg?width=120&height=120&fit=bounds" /> Creating a mobile app has never been easier with the wide-range of frameworks and languages available at your fingertips. But is it easy to secure a mobile app? Join our mobile security experts as they walkthrough the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss common vulnerabilities and mistakes, followed by a dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!

Creating secure apps using the salesforce mobile sdk from Martin Vigo

]]> 379 1 https://cdn.slidesharecdn.com/ss_thumbnails/creatingsecureappsusingthesalesforcemobilesdk-171203090019-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Security Vulnerabilities: How to Defend Against Them /martinvigo/security-vulnerabilities-how-to-defend-against-them commonwebvulnerabilities-171203085451
In recent years it became the norm to wake up to news about hackers, cyber attacks, ransom campaigns and NSA. Since 2003 the Open Web Application Security Project (OWASP) is the go-to reference to learn more about security vulnerabilities. OWASP published a list of the Top 10 most common security issues for Web. In this talk, we will review the list to learn the details and discuss how to harden and defend our Web applications from those vulnerabilities. If you care about your product and customer's data, want to become a better developer or are simply interested in the kind of cyber attacks delinquents use to compromise websites, this talk is for you.]]>
In recent years it became the norm to wake up to news about hackers, cyber attacks, ransom campaigns and NSA. Since 2003 the Open Web Application Security Project (OWASP) is the go-to reference to learn more about security vulnerabilities. OWASP published a list of the Top 10 most common security issues for Web. In this talk, we will review the list to learn the details and discuss how to harden and defend our Web applications from those vulnerabilities. If you care about your product and customer's data, want to become a better developer or are simply interested in the kind of cyber attacks delinquents use to compromise websites, this talk is for you.]]> Sun, 03 Dec 2017 08:54:51 GMT /martinvigo/security-vulnerabilities-how-to-defend-against-them martinvigo@slideshare.net(martinvigo) Security Vulnerabilities: How to Defend Against Them martinvigo In recent years it became the norm to wake up to news about hackers, cyber attacks, ransom campaigns and NSA. Since 2003 the Open Web Application Security Project (OWASP) is the go-to reference to learn more about security vulnerabilities. OWASP published a list of the Top 10 most common security issues for Web. In this talk, we will review the list to learn the details and discuss how to harden and defend our Web applications from those vulnerabilities. If you care about your product and customer's data, want to become a better developer or are simply interested in the kind of cyber attacks delinquents use to compromise websites, this talk is for you. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/commonwebvulnerabilities-171203085451-thumbnail.jpg?width=120&height=120&fit=bounds" /> In recent years it became the norm to wake up to news about hackers, cyber attacks, ransom campaigns and NSA. Since 2003 the Open Web Application Security Project (OWASP) is the go-to reference to learn more about security vulnerabilities. OWASP published a list of the Top 10 most common security issues for Web. In this talk, we will review the list to learn the details and discuss how to harden and defend our Web applications from those vulnerabilities. If you care about your product and customer's data, want to become a better developer or are simply interested in the kind of cyber attacks delinquents use to compromise websites, this talk is for you.

Security Vulnerabilities: How to Defend Against Them from Martin Vigo

]]> 448 6 https://cdn.slidesharecdn.com/ss_thumbnails/commonwebvulnerabilities-171203085451-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol /slideshow/doityourself-spy-program-abusing-apples-call-relay-protocol-83242071/83242071 doityourselfspyprogramabusingapplescallrelayprotocol-171203082928
Apple introduced a new set of features in iOS 8 and Yosemite under the name "Continuity". These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named "Call Relay". Essentially, it allows one to make and receive phone calls via iDevices and route them through the iPhone. This is not your typical VOIP service but a P2P connection based on a proprietary protocol. Apple's security white-paper is short and vague on this particular topic. Only four paragraphs are dedicated to explain how Call Relay works and the only security relevant information is as follows: "The audio will be seamlessly transmitted from your iPhone using a secure peer-to-peer connection between the two devices." I reverse engineered the protocol to understand how it works. The goal was to see if Apple's design was secure and find vulnerabilities focusing on ways to eavesdrop phone calls. In this presentation, I will start by explaining all the details of this protocol and the process of reverse engineering it. Once the protocol is understood by the audience, I will discuss the thread surface and the different attack vectors possible. I will focus on what worked and demonstrate with demos. We will see how it is possible to abuse the protocol to spy on victims by leaving their mic open. We can also troll victims by dropping or preventing them from picking up phone calls. Last, I will explain how an attacker can abuse multi-party calls to impersonate other callers. Once we understand the vulnerabilities, we will discuss how it can be weaponized to build an amateur (insert 3 letters here)-spy program. This presentation covers CVE-2016-4635, CVE-2016-4721, CVE-2016-4722 and CVE-2016-7577]]>
Apple introduced a new set of features in iOS 8 and Yosemite under the name "Continuity". These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named "Call Relay". Essentially, it allows one to make and receive phone calls via iDevices and route them through the iPhone. This is not your typical VOIP service but a P2P connection based on a proprietary protocol. Apple's security white-paper is short and vague on this particular topic. Only four paragraphs are dedicated to explain how Call Relay works and the only security relevant information is as follows: "The audio will be seamlessly transmitted from your iPhone using a secure peer-to-peer connection between the two devices." I reverse engineered the protocol to understand how it works. The goal was to see if Apple's design was secure and find vulnerabilities focusing on ways to eavesdrop phone calls. In this presentation, I will start by explaining all the details of this protocol and the process of reverse engineering it. Once the protocol is understood by the audience, I will discuss the thread surface and the different attack vectors possible. I will focus on what worked and demonstrate with demos. We will see how it is possible to abuse the protocol to spy on victims by leaving their mic open. We can also troll victims by dropping or preventing them from picking up phone calls. Last, I will explain how an attacker can abuse multi-party calls to impersonate other callers. Once we understand the vulnerabilities, we will discuss how it can be weaponized to build an amateur (insert 3 letters here)-spy program. This presentation covers CVE-2016-4635, CVE-2016-4721, CVE-2016-4722 and CVE-2016-7577]]> Sun, 03 Dec 2017 08:29:28 GMT /slideshow/doityourself-spy-program-abusing-apples-call-relay-protocol-83242071/83242071 martinvigo@slideshare.net(martinvigo) Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol martinvigo Apple introduced a new set of features in iOS 8 and Yosemite under the name "Continuity". These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named "Call Relay". Essentially, it allows one to make and receive phone calls via iDevices and route them through the iPhone. This is not your typical VOIP service but a P2P connection based on a proprietary protocol. Apple's security white-paper is short and vague on this particular topic. Only four paragraphs are dedicated to explain how Call Relay works and the only security relevant information is as follows: "The audio will be seamlessly transmitted from your iPhone using a secure peer-to-peer connection between the two devices." I reverse engineered the protocol to understand how it works. The goal was to see if Apple's design was secure and find vulnerabilities focusing on ways to eavesdrop phone calls. In this presentation, I will start by explaining all the details of this protocol and the process of reverse engineering it. Once the protocol is understood by the audience, I will discuss the thread surface and the different attack vectors possible. I will focus on what worked and demonstrate with demos. We will see how it is possible to abuse the protocol to spy on victims by leaving their mic open. We can also troll victims by dropping or preventing them from picking up phone calls. Last, I will explain how an attacker can abuse multi-party calls to impersonate other callers. Once we understand the vulnerabilities, we will discuss how it can be weaponized to build an amateur (insert 3 letters here)-spy program. This presentation covers CVE-2016-4635, CVE-2016-4721, CVE-2016-4722 and CVE-2016-7577 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/doityourselfspyprogramabusingapplescallrelayprotocol-171203082928-thumbnail.jpg?width=120&height=120&fit=bounds" /> Apple introduced a new set of features in iOS 8 and Yosemite under the name "Continuity". These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named "Call Relay". Essentially, it allows one to make and receive phone calls via iDevices and route them through the iPhone. This is not your typical VOIP service but a P2P connection based on a proprietary protocol. Apple's security white-paper is short and vague on this particular topic. Only four paragraphs are dedicated to explain how Call Relay works and the only security relevant information is as follows: "The audio will be seamlessly transmitted from your iPhone using a secure peer-to-peer connection between the two devices." I reverse engineered the protocol to understand how it works. The goal was to see if Apple's design was secure and find vulnerabilities focusing on ways to eavesdrop phone calls. In this presentation, I will start by explaining all the details of this protocol and the process of reverse engineering it. Once the protocol is understood by the audience, I will discuss the thread surface and the different attack vectors possible. I will focus on what worked and demonstrate with demos. We will see how it is possible to abuse the protocol to spy on victims by leaving their mic open. We can also troll victims by dropping or preventing them from picking up phone calls. Last, I will explain how an attacker can abuse multi-party calls to impersonate other callers. Once we understand the vulnerabilities, we will discuss how it can be weaponized to build an amateur (insert 3 letters here)-spy program. This presentation covers CVE-2016-4635, CVE-2016-4721, CVE-2016-4722 and CVE-2016-7577

Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol from Martin Vigo

]]> 380 1 https://cdn.slidesharecdn.com/ss_thumbnails/doityourselfspyprogramabusingapplescallrelayprotocol-171203082928-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol https://es.slideshare.net/slideshow/doityourself-spy-program-abusing-apples-call-relay-protocol-83241750/83241750 presoekoparty-171203081812
Apple presentó un nuevo conjunto de características de iOS 8 y Yosemite bajo el nombre de "Continuity". Estas características permiten a los iPhones trabajar con otros Macs y iDevices: tales como Macs y iPads de nuevas formas. Instant hotspot y Airdrop son algunos de los nuevos servicios que ofrece Continuity. Entre estos nuevos servicios es uno llamado "Call Relay". En esencia, permite hacer y recibir llamadas telefónicas a través de iDevices y encaminarlos a través del iPhone. Esto no es tu típico servicio de VoIP, sino una conexión P2P basado en un protocolo propietario. El paper de seguridad de Apple es breve y vago en este topic en particular. Sólo cuatro fotografias están dedicadass a explicar cómo funciona Call Relay y la unica información relevante es la siguiente: "El audio se transmite a la perfección de su iPhone a través de una conexión segura de igual a igual entre los dos dispositivos." Hice la ingeniería inversa del protocolo para entender cómo funciona. El objetivo era ver si el diseño de Apple era seguro y encontrar vulnerabilidades enfocandome en formas de escuchar a escondidas las llamadas telefónicas. En esta presentación, voy a empezar explicando todos los detalles del protocolo y el proceso de ingeniería inversa del mismo. Una vez comprendido por el público el protocolo, se comentarán los diferentes vectores de ataque posibles. Me centraré en lo que funcionó y demostrare con demostraciones en vivo. Veremos cómo es posible trollear víctimas dropeando o previniendo que tomen las llamadas. Voy a explicar y demostrar un ataque en el que, al atacar el protocolo, es posible espiar a las víctimas. También voy a discutir y demostrar cómo un atacante puede abusar de multiconferencia para hacerse pasar por otras personas que llaman. Una vez que entendamos las vulnerabilidades, vamos a discutir cómo puede ser weaponizado para construir un (inserte 3 letras aqui) programa amateur ]]>
Apple presentó un nuevo conjunto de características de iOS 8 y Yosemite bajo el nombre de "Continuity". Estas características permiten a los iPhones trabajar con otros Macs y iDevices: tales como Macs y iPads de nuevas formas. Instant hotspot y Airdrop son algunos de los nuevos servicios que ofrece Continuity. Entre estos nuevos servicios es uno llamado "Call Relay". En esencia, permite hacer y recibir llamadas telefónicas a través de iDevices y encaminarlos a través del iPhone. Esto no es tu típico servicio de VoIP, sino una conexión P2P basado en un protocolo propietario. El paper de seguridad de Apple es breve y vago en este topic en particular. Sólo cuatro fotografias están dedicadass a explicar cómo funciona Call Relay y la unica información relevante es la siguiente: "El audio se transmite a la perfección de su iPhone a través de una conexión segura de igual a igual entre los dos dispositivos." Hice la ingeniería inversa del protocolo para entender cómo funciona. El objetivo era ver si el diseño de Apple era seguro y encontrar vulnerabilidades enfocandome en formas de escuchar a escondidas las llamadas telefónicas. En esta presentación, voy a empezar explicando todos los detalles del protocolo y el proceso de ingeniería inversa del mismo. Una vez comprendido por el público el protocolo, se comentarán los diferentes vectores de ataque posibles. Me centraré en lo que funcionó y demostrare con demostraciones en vivo. Veremos cómo es posible trollear víctimas dropeando o previniendo que tomen las llamadas. Voy a explicar y demostrar un ataque en el que, al atacar el protocolo, es posible espiar a las víctimas. También voy a discutir y demostrar cómo un atacante puede abusar de multiconferencia para hacerse pasar por otras personas que llaman. Una vez que entendamos las vulnerabilidades, vamos a discutir cómo puede ser weaponizado para construir un (inserte 3 letras aqui) programa amateur ]]> Sun, 03 Dec 2017 08:18:12 GMT https://es.slideshare.net/slideshow/doityourself-spy-program-abusing-apples-call-relay-protocol-83241750/83241750 martinvigo@slideshare.net(martinvigo) Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol martinvigo Apple presentó un nuevo conjunto de características de iOS 8 y Yosemite bajo el nombre de "Continuity". Estas características permiten a los iPhones trabajar con otros Macs y iDevices: tales como Macs y iPads de nuevas formas. Instant hotspot y Airdrop son algunos de los nuevos servicios que ofrece Continuity. Entre estos nuevos servicios es uno llamado "Call Relay". En esencia, permite hacer y recibir llamadas telefónicas a través de iDevices y encaminarlos a través del iPhone. Esto no es tu típico servicio de VoIP, sino una conexión P2P basado en un protocolo propietario. El paper de seguridad de Apple es breve y vago en este topic en particular. Sólo cuatro fotografias están dedicadass a explicar cómo funciona Call Relay y la unica información relevante es la siguiente: "El audio se transmite a la perfección de su iPhone a través de una conexión segura de igual a igual entre los dos dispositivos." Hice la ingeniería inversa del protocolo para entender cómo funciona. El objetivo era ver si el diseño de Apple era seguro y encontrar vulnerabilidades enfocandome en formas de escuchar a escondidas las llamadas telefónicas. En esta presentación, voy a empezar explicando todos los detalles del protocolo y el proceso de ingeniería inversa del mismo. Una vez comprendido por el público el protocolo, se comentarán los diferentes vectores de ataque posibles. Me centraré en lo que funcionó y demostrare con demostraciones en vivo. Veremos cómo es posible trollear víctimas dropeando o previniendo que tomen las llamadas. Voy a explicar y demostrar un ataque en el que, al atacar el protocolo, es posible espiar a las víctimas. También voy a discutir y demostrar cómo un atacante puede abusar de multiconferencia para hacerse pasar por otras personas que llaman. Una vez que entendamos las vulnerabilidades, vamos a discutir cómo puede ser weaponizado para construir un (inserte 3 letras aqui) programa amateur <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/presoekoparty-171203081812-thumbnail.jpg?width=120&height=120&fit=bounds" /> Apple presentó un nuevo conjunto de características de iOS 8 y Yosemite bajo el nombre de "Continuity". Estas características permiten a los iPhones trabajar con otros Macs y iDevices: tales como Macs y iPads de nuevas formas. Instant hotspot y Airdrop son algunos de los nuevos servicios que ofrece Continuity. Entre estos nuevos servicios es uno llamado "Call Relay". En esencia, permite hacer y recibir llamadas telefónicas a través de iDevices y encaminarlos a través del iPhone. Esto no es tu típico servicio de VoIP, sino una conexión P2P basado en un protocolo propietario. El paper de seguridad de Apple es breve y vago en este topic en particular. Sólo cuatro fotografias están dedicadass a explicar cómo funciona Call Relay y la unica información relevante es la siguiente: "El audio se transmite a la perfección de su iPhone a través de una conexión segura de igual a igual entre los dos dispositivos." Hice la ingeniería inversa del protocolo para entender cómo funciona. El objetivo era ver si el diseño de Apple era seguro y encontrar vulnerabilidades enfocandome en formas de escuchar a escondidas las llamadas telefónicas. En esta presentación, voy a empezar explicando todos los detalles del protocolo y el proceso de ingeniería inversa del mismo. Una vez comprendido por el público el protocolo, se comentarán los diferentes vectores de ataque posibles. Me centraré en lo que funcionó y demostrare con demostraciones en vivo. Veremos cómo es posible trollear víctimas dropeando o previniendo que tomen las llamadas. Voy a explicar y demostrar un ataque en el que, al atacar el protocolo, es posible espiar a las víctimas. También voy a discutir y demostrar cómo un atacante puede abusar de multiconferencia para hacerse pasar por otras personas que llaman. Una vez que entendamos las vulnerabilidades, vamos a discutir cómo puede ser weaponizado para construir un (inserte 3 letras aqui) programa amateur

from Martin Vigo

]]> 347 41 https://cdn.slidesharecdn.com/ss_thumbnails/presoekoparty-171203081812-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-martinvigo-48x48.jpg?cb=1666310222 I am a Red Teamer and researcher with a background in Product Security and Software Engineering. Previously, I focused on Mobile security, Identity and Authentication, code reviews, pentesting and in general keeping “the cloud” secure. I also educated developers on security essentials and best practices. Currently, I have shifted to pure offensive security work, putting on the black hat to emulate the techniques and procedures of the bad guys to help catch them. I am also the Founder of Triskel Security, a budding security consultant company offering information security solutions. www.martinvigo.com https://cdn.slidesharecdn.com/ss_thumbnails/phonerator-221021000037-32dd256d-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/phonerator-an-advanced-valid-phone-number-generator-for-your-osintse-needs-253737083/253737083 Phonerator, an advance... https://cdn.slidesharecdn.com/ss_thumbnails/phonerator-220817040808-3e93b1ab-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/phonerator-an-advanced-valid-phone-number-generator-for-your-osintse-needs/252576854 Phonerator, an advance... https://cdn.slidesharecdn.com/ss_thumbnails/fromemailaddresstophonenumber-190813153337-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/from-email-address-to-phone-number-a-new-osint-approach/163534003 From email address to ...