Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Coddington CEO 240-258-2100 ::

Published byConner Rea Modified over 10 years ago

Similar presentations

Presentation on theme: "Peter Coddington CEO 240-258-2100 ::"— Presentation transcript:

1 Peter Coddington CEO 240-258-2100 :: pcoddington@parabal.com

2 PaRaBaL was founded in 2009 and is located in the Research Park of University of Maryland, Baltimore County. UMBC has a strong computer curriculum. Full Apple – iPhone – iPad Exploitation Training Lab. PaRaBaL offers one of kind one week training. PaRaBaL is driven to create and build iPhone and iPad security and applications for the Intelligence and DOD agencies in the US. PaRaBaL is an SBA-certified HUBzone company. PaRaBaL is the first company to be awarded an iPhone security training contract – see press release on our web site. PaRaBaL is facility cleared with cleared personnel to assist the government with mobile security and applications to deliver information to mobile platforms. About PaRaBaL

3 PaRaBaL started in the iPhone space teaching iPhone security to the Intelligence Community. Understanding the Architecture & File System Reverse Engineering Understanding/Attacking iPhone/iPad Apps & Secure Coding Practices Using the iPhone/iPad as an attack platform & iPhone/iPad forensics The PaRaBaL training lab is 100% Apple products including iPhone, iPads & iMacs along with emulators for the respective devices. Only full Apple lab with supporting software for ethical hacking on the East Coast. Assembled a cadre of experts in the area of iPhone/iPad security and iOS understanding. iOS Security and Exploitation Training

4 We show how to alter databases in the iPhone to retain deleted and altered texts, address entries and other databases, and apply the alterations to non-jailbroken iPhones PaRaBaL Security Lab Example: File System – SQLite Databases

5 Plist files are XML files that house app setting, session information, keychain data. Plist can be altered to increase performance, and alter app functionality. PaRaBaL Security Lab Example: File System – Plist files

6 This app is designed to show how content from the address book can be sent to a designated server when a user taps “Upload Score” (i.e., if they’re playing a game and record a high score) PaRaBaL Security Lab Example: Address Book Exploitation

7 PaRaBaL Security Lab Example: Address Book Exploitation

8 After showing this exploit for almost a year which allows apps to submit this functionality and receive approval. This year apps offering this “functionality” are being exposed. PaRaBaL Security Lab Example: Address Book Exploitation

9 This xcode-based app is designed to spoof the user’s location. It is able to constantly change the location of the device to a different area. PaRaBaL Security Lab Example: Geo-location Spoof App

10 We examine an app using IDA Pro for unused sections of binary code where we inject a payload to exploit the traffic of the iPhone. PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection

11 This include intro to ARM assembly, and assembly instruction conversion to binary. PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection

12 With the increased processing power of an iPhone, we use Ruby, mobile terminal, and Metasploit to execute network exploitation on the road. PaRaBaL Security Lab Example: iPhone as a Mobile Attack Device

13 PaRaBaL Secure App Development for DoD Companies & organizations are moving to a broad range of mobile devices in the workforce. As iOS devices become more prominent in the workforce so do security concerns for iOS based applications. PaRaBaL’s extensive background in exploitation and security makes our development team the ideal choice for secure development of internal apps.

14 PaRaBaL iPad & iPhone Security Consulting Offer consulting services that entail designing a holistic mobile security solution and plan for your organization: Four step process to get the organization completely secure in regards to iOS devices that are in use within the workplace. Teach how to protect mobile iOS devices from vulnerabilities that have been exploited by people with malicious intent. Teach in-depth secure coding practices as well as ethical hacking exercises within the iOS platform. Create and develop new and customized apps for iOS devices catered specifically towards the customer’s needs. Offer training to employees on how to use their iOS devices without compromising company data and interests.

15 PaRaBaL Peter Coddington 240-258-2100 pcoddington@parabal.com www.parabal.com 5523 Research Park Dr. Suite 325 Catonsville, MD 21228

Download ppt "Peter Coddington CEO 240-258-2100 ::"

Similar presentations

The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
Training solution for Mobile Workforce. People expect to consume content when and where they want to. Training for Mobile Workforce.

Training solution for Mobile Workforce. People expect to consume content when and where they want to. Training for Mobile Workforce.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.

Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
269200 Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.

AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.
Apple iOS Development Tom Atkins, Senior Programmer/Analyst webmaster, New York State Department of State.

Apple iOS Development Tom Atkins, Senior Programmer/Analyst webmaster, New York State Department of State.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
An introduction to DNS Arrow Partnering for value and growth.

An introduction to DNS Arrow Partnering for value and growth.
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,

Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
Management Information Systems

Management Information Systems
CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

CSC 386 – Computer Security Scott Heggen. Agenda Security Management.
Blackboard for K-12 Let’s Build a Better Educational Experience 1.

Blackboard for K-12 Let’s Build a Better Educational Experience 1.
1 Mobile Document Capture using Apple iPhone and IBM Content Navigator October, 2012.

1 Mobile Document Capture using Apple iPhone and IBM Content Navigator October, 2012.

Similar presentations

Ads by Google