Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Advertisements

PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
Objectives Overview Define an operating system
DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.
System Security Scanning and Discovery Chapter 14.
Computer Viruses.
Vulnerability Analysis Borrowed from the CLICS group.
1 Web Server Administration Chapter 3 Installing the Server.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Installing software on personal computer
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
A+ Certification Guide Chapter 10 Mobile Devices.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Genesys Meeting Center End-User Technical Troubleshooting Guide (v1
CHAPTER 4 Marketing Information and Research: Analyzing the Business Environment Off-line and Online M A R K E T I N G.
Hands-On Microsoft Windows Server 2003 Administration Chapter 2 Managing Windows Server 2003 Hardware and Software.
How computers work Learning objective 2: Explain the four basic functions of a computer.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
Fundamentals Pages 1 to 19 in your workbook. A Tour of VTScada WEB – Script based, using its own programming language VTS – Visual Tag System. Added a.
Explain the purpose of an operating system
Chapter 3 Installing and Learning Software. 2Practical PC 5 th Edition Chapter 3 Getting Started In this Chapter, you will learn: − What is in an application.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Jeny Carrasco and Jai Nayar English 393 Process Manual Assignment 12/08/04 McAfee 7.1 Process Manual.
Module 2 – User Safety Privacy Attacks on end users Browser vulnerabilities.
Computer Literacy for IC 3 Unit 1: Computing Fundamentals © 2010 Pearson Education, Inc. | Publishing as Prentice Hall.1 Chapter 4: Identifying Software.
Topic 5a Operating System Fundamentals. What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O,
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Retina Network Security Scanner
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Wireless and Mobile Security
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
Chapter 9 Operating Systems Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet.
Folio3 IPhone Training Session 2 Testing App on device Presenter: Imam Raza.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
John Samuels October, Why Now?  Vista Problems  New Features  >4GB Memory Support  Experience.
Troubleshooting Windows Vista Lesson 11. Skills Matrix Technology SkillObjective DomainObjective # Troubleshooting Installation and Startup Issues Troubleshoot.
By: Chuqing He. Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
BY: SALMAN 1.
Chapter 7. Identifying Assets and Activities to Be Protected
ILife App.
BY: SALMAN.
Common Methods Used to Commit Computer Crimes
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 2: System Structures
Fix yahoo error code 1032 Call Toll-free Number
Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009
 Introduction  Roku Error Code 014  Roku Error Code 001  Roku Error Code 009  Roku Error Code 003  Need Any Help?
Apple TV Error. Check Here.
RR RR Problems Along With Solutions For iPhone And iPad Toll Free ( )
Netflix Not Working On iPhone? Here’s best guide for you.
Intro to Ethical Hacking
AppExchange Security Certification
Connecting Remotely Winter 2014.
Network hardening Chapter 14.
Operating Systems 1: News
Presentation transcript:

Technical Methodology (bottom-up) Lesson 8

6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the assessment Step 5: Analysis Step 6: Documentation

Site Survey Need to ascertain a number of different things in order to better scope the technical portion of the assessment. Consider also adding wireless to the questionnaire. Take a look at Exhibit 1 pg. 90, use as appropriate

Develop a Test Plan You, as a security professional, will probably be (or at least should be) more “up-to-date” on security vulnerabilities. New ones occur all the time and it is hard for folks who do not have security as their prime function to stay up on all of the latest problems. This will be one of the most valuable aspects of the assessment. But, what if they have a system you don’t know much about? How do you find out about what holes exist? Fortunately, lots of sites exist that will help.

Severity Level: =============== High Technical Details & Description: ================================ An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone5&6|iPad2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the apple iphone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile ios web- application. The vulnerability is located in the iPad 2 & iPhone 5 & 6 hardware configuration with iOS v8.2 - v9.2 when processing an update which results in a interface loop by the application slides. Local attacker can trick the iOS device into a mode were a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivate of the pass code lock screen. By loading the loop with remote app interaction we was able to stable bypass the auth of an iphone after the reactivation via shutdown button. The settings of the device was permanently requesting the pass code lock on interaction. Normally the pass code lock is being activated during the shutdown button interaction. In case of the loop the request shuts the display down but does not activate the pass code lock like demonstrated in the attached poc security video. In case of exploitation the attack could be performed time-based by a manipulated iOS application or by physical device access and interaction with restricted system user account. In earlier cases of exploitation these type of loops were able to be used as jailbreak against iOS. The vulnerability can be exploited in non-jailbroken unlocked apple iphone mobiles. The security risk of the local pass code bypass issue is estimated as high with a cvss (common vulnerability scoring system) count of 6.0. Exploitation of the local bug requires pending on the attack scenario local device access or a manipulated app installed to the device without user interaction. Successful exploitation of the security vulnerability results in unauthorized device access via pass code lock bypass.

Proof of Concept (PoC): ======================= The new attack case of scenario can be exploited by local attackers with physical bank branch office service access and valid local banking card. For security demonstration or to reproduce the issue follow the provided information & steps below to continue. Manual steps to reproduce the vulnerability First fill up about some % of the free memory in the iOS device with random data 2. Now, you open the app-store choose to update all applications (update all push button) 3. Switch fast via home button to the slide index and perform iOS update at the same time Note: The interaction to switch needs to be performed very fast to successfully exploit. In the first load of the update you can still use the home button. Press it go back to index 4. Now, press the home button again to review the open runnings slides 5. Switch to the left menu after the last slide which is new and perform to open siri in the same moment. Now the slide hangs and runs all time in a loop 6. Turn of via power button the ipad or iphone Reactivate via power button and like you can see the session still runs in the loop and can be requested without any pass code Note: Normally the pass code becomes available after the power off button interaction to stand-by mode 8. Successful reproduce of the local security vulnerability! Video Demonstration: In a video we demonstrate how to bypass with a unlimited loop in the interface the pass code lock settings of the iOS v9 iPad2. The issue is not limited to the device and can be exploited with iPhone as well. The power button on top activates with the stand-by mode the pass code lock for the iOS device. In case of the loop we tricked the device into a mode were we was able to bypass the pass code. URL: Solution - Fix & Patch: ======================= The loop issue needs to be patched in the main interface by the dev team. The issue can be prevented by a locate of the stack with a restriction.

Additional Web Sites

Building the Toolkit Zero-Information-Based Tools Basic information about the company and the network Goal is to “map out” the network Includes tools to examine a target’s Internet presence. Network Enumeration Tools Trying to determine hosts actually connected Operating System Fingerprint Tools Attempt to determine the type of OS(s) used Application Discovery Tools Try to find what applications systems may be running Vulnerability Scanning Tools “one stop shopping”, tools may list specific holes Specialty Tools Designed to look for specific problems (e.g. wardialing, web scanners, password crackers, …)

NVA tools Final Two Application tools: check for things like cookie manipulation, URL modification (web apps) Host Testing tools: Stop running tools over the network, run them on individual hosts Exhibit 57, pg 148 from Peltier text

Conduct the Assessment Now is the time to run all of those tools you collected in the previous step (note, in reality you may discover something with one tool that will require you to find another tool to test some aspect of the network’s security) Two types of tests: Active which will impact network service (although it may be minor) Passive which will not impact service DoS tests – often not conducted since client will not want network service halted You must also be careful as some active tools may cause a DoS or may actually crash some systems. TEST YOUR TOOLS BEFORE YOU USE THEM!!!

Analysis and Documentation Analysis Time to take a look at the results of your tool use. Don’t wait until the end, start analyzing as soon as the tool has completed its test. Results from one tool may prompt other tests Keep all of the raw data. Document every step of the way, this will become part of the final detailed report. You want to know exactly what your tools do and you need to be able to tell the client exactly what test you ran when. You don’t want to be blamed for system problems that you had nothing to do with.

Report Chapter 7 of text has sample report Probably will have 2 or three reports Executive summary (may be part of Final or separate report) Final Report – includes recommendations. Technical (detailed) report, will include as appendices the raw data files (often on CD)

Summary What is the importance and significance of this material? How does this topic fit into the subject of “Security Risk Analysis”?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.