Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Coddington CEO 240-258-2100 ::

Similar presentations


Presentation on theme: "Peter Coddington CEO 240-258-2100 ::"— Presentation transcript:

1 Peter Coddington CEO 240-258-2100 :: pcoddington@parabal.com

2 PaRaBaL was founded in 2009 and is located in the Research Park of University of Maryland, Baltimore County. UMBC has a strong computer curriculum. Full Apple – iPhone – iPad Exploitation Training Lab. PaRaBaL offers one of kind one week training. PaRaBaL is driven to create and build iPhone and iPad security and applications for the Intelligence and DOD agencies in the US. PaRaBaL is an SBA-certified HUBzone company. PaRaBaL is the first company to be awarded an iPhone security training contract – see press release on our web site. PaRaBaL is facility cleared with cleared personnel to assist the government with mobile security and applications to deliver information to mobile platforms. About PaRaBaL

3 PaRaBaL started in the iPhone space teaching iPhone security to the Intelligence Community. Understanding the Architecture & File System Reverse Engineering Understanding/Attacking iPhone/iPad Apps & Secure Coding Practices Using the iPhone/iPad as an attack platform & iPhone/iPad forensics The PaRaBaL training lab is 100% Apple products including iPhone, iPads & iMacs along with emulators for the respective devices. Only full Apple lab with supporting software for ethical hacking on the East Coast. Assembled a cadre of experts in the area of iPhone/iPad security and iOS understanding. iOS Security and Exploitation Training

4 We show how to alter databases in the iPhone to retain deleted and altered texts, address entries and other databases, and apply the alterations to non-jailbroken iPhones PaRaBaL Security Lab Example: File System – SQLite Databases

5 Plist files are XML files that house app setting, session information, keychain data. Plist can be altered to increase performance, and alter app functionality. PaRaBaL Security Lab Example: File System – Plist files

6 This app is designed to show how content from the address book can be sent to a designated server when a user taps “Upload Score” (i.e., if they’re playing a game and record a high score) PaRaBaL Security Lab Example: Address Book Exploitation

7 PaRaBaL Security Lab Example: Address Book Exploitation

8 After showing this exploit for almost a year which allows apps to submit this functionality and receive approval. This year apps offering this “functionality” are being exposed. PaRaBaL Security Lab Example: Address Book Exploitation

9 This xcode-based app is designed to spoof the user’s location. It is able to constantly change the location of the device to a different area. PaRaBaL Security Lab Example: Geo-location Spoof App

10 We examine an app using IDA Pro for unused sections of binary code where we inject a payload to exploit the traffic of the iPhone. PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection

11 This include intro to ARM assembly, and assembly instruction conversion to binary. PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection

12 With the increased processing power of an iPhone, we use Ruby, mobile terminal, and Metasploit to execute network exploitation on the road. PaRaBaL Security Lab Example: iPhone as a Mobile Attack Device

13 PaRaBaL Secure App Development for DoD Companies & organizations are moving to a broad range of mobile devices in the workforce. As iOS devices become more prominent in the workforce so do security concerns for iOS based applications. PaRaBaL’s extensive background in exploitation and security makes our development team the ideal choice for secure development of internal apps.

14 PaRaBaL iPad & iPhone Security Consulting Offer consulting services that entail designing a holistic mobile security solution and plan for your organization: Four step process to get the organization completely secure in regards to iOS devices that are in use within the workplace. Teach how to protect mobile iOS devices from vulnerabilities that have been exploited by people with malicious intent. Teach in-depth secure coding practices as well as ethical hacking exercises within the iOS platform. Create and develop new and customized apps for iOS devices catered specifically towards the customer’s needs. Offer training to employees on how to use their iOS devices without compromising company data and interests.

15 PaRaBaL Peter Coddington 240-258-2100 pcoddington@parabal.com www.parabal.com 5523 Research Park Dr. Suite 325 Catonsville, MD 21228


Download ppt "Peter Coddington CEO 240-258-2100 ::"

Similar presentations


Ads by Google