POPULARITY
2 episodes with mobile device security
2 episodes with mobile device security
2 episodes with mobile device security
Matt Finnegan from Oxygen Forensics joins the Forensic Focus Podcast to share his journey into digital forensics, starting with his military background. He talks about what it's like working with mobile devices, the challenges of keeping up with ever-changing smartphone security, and his role as a Solutions Architect. Matt also provides insights on the state of mobile forensics today, why cloud solutions are becoming more important, and how to handle massive amounts of data. The conversation ends with a reflection on the future of the field and the ongoing need to keep forensic methods clear and transparent. 00:00 – Introduction to Matt Finnegan from Oxygen Forensics 00:46 Matt Finnegan's Journey into Digital Forensics 01:57 Training and Early Experiences in Digital Forensics 03:52 Transition from Military to Oxygen Forensics 04:24 Role and Responsibilities of a Solutions Architect 07:43 Challenges in Mobile Forensics 10:10 Advancements in Mobile Device Security 19:44 Cloud Forensics and Data Extraction 28:30 Challenges of Data Volume and Processing 37:59 Operating Systems and Forensic Tools 44:43 Factory Reset and Data Recovery 49:45 Future Challenges in Digital Forensics
In this episode, Jacob speaks with Brian Kowalski, Senior Vice President of Federal at Hypori.In the episode they discuss Hypori's origin story and its innovations in the mobile security space.Here are some highlights from the episode:Hypori's origin story and its roots starting as an NSA Commercial Solutions for Classified Program (CSfC) productHow it is different from traditional Mobile Device Management (MDM)How it works, its certifications, and its deployment optionsHow Hypori can help achieve CMMC complianceWe don't think about it much, but mobile devices really are a huge risk - just think of how much information is on your phone!If you work in cybersecurity, you should know about this unique option to provide secure mobile access!Follow Brian on LinkedIn: https://www.linkedin.com/in/brian-kovalski-057b8a7/Hypori Website: https://www.hypori.com/-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e26&utm_campaign=coursesNeed a FedRAMP authorized Password Manager?Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
In this series we're focusing on 15 Ways to Keep Your Organization Safe from Cyber Attacks - in this episode we'll focus on way #12: Mobile Device Security. With the high usage of mobile devices in work environments it is important for you and your employees to understand the importance that mobile security plays in protecting you from compromise. Connect with us: https://www.linkedin.com/company/envisionitllc marketing@envisionitllc.com
What is the difference between an arrest, a kidnapping, and a wrongful detention, and what does this mean for security professionals working with business travelers? Dave Benson from the Center for Personal Protection and Safety breaks it down in the latest episode of SM Highlights, sponsored by Amarok (https://amarok.com/). Tom Stutler, CPP, discusses how ESG (environmental, social, governance) initiatives affect corporate security processes and goals. Matt Edmondson from the SANS Institute offers tips for mobile device security training. Show Notes Want to learn more about these topics? Check out the following Security Management content: For more about wrongful detention risks and training: https://www.asisonline.org/security-management-magazine/articles/2023/07/travel-security/train-travelers-wrongful-detention-risks/ -- How are mobile devices integrated into your access management and security program? Read the August 2023 issue of Security Technology: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2023/august/ -- Read Matt Edmonson's article on mobile device security training here: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2023/august/Assessing-Need-Heightened-Mobile-Device-Security-Awareness/ -- Interested in studying how ESG issues can be security issues? Check out this article: https://www.asisonline.org/security-management-magazine/latest-news/online-exclusives/2022/6-ways-environmental-social-and-governance-principles-influence-security/ -- To learn more about this episode's sponsor, Amarok, and to get a free risk assessment, visit go.amarok.com/security-management
Our conversation with Joe Kissell, author of Take Control of Your Passwords continues as we delve into the world of passkeys, exploring their functionality, multiple account scenarios, and workarounds for crossing over between different ecosystems. Joe also provides insights into the importance of mobile device security, offering tips for setting longer and more secure alphanumeric passcodes. (Part 2) Kolide ensures only secure devices can access your cloud apps. It's Zero Trust tailor-made for Okta. Book a demo today at Kolide.com/macvoices. Show Notes: Chapters 0:00:59 Passkeys and Multiple Accounts on Sites0:01:53 Creating Multiple Passkeys for One User Account0:02:16 Workaround for Crossing Over Between Ecosystems0:05:11 Using Passkeys as Recovery Method0:07:53 New Concepts and Topics in the Book0:08:42 Benefits of Password Managers0:10:28 LastPass and Other Untrustworthy Password Managers0:12:32 Importance of Mobile Device Security and Alphanumeric Passcodes0:19:01 Books Available for Purchase and Upgrade Information0:20:44 Discussion on experimenting with Passkeys Guests: Joe Kissell is the publisher of Take Control ebooks, as well as the author of over 60 books on a wide variety of tech topics. Keep up with him if you can on his personal site, JoeKissell.com, and on Twitter. Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Mastodon: https://mastodon.cloud/@chuckjoiner Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
https://www.yourcyberpath.com/97/ In today's episode, we discuss the emerging topic of passwordless authentication with our guest James Azar, CTO and CSO of AP4 group who are well known for their work in critical infrastructure. Passwords have been here for decades, but with the ever-changing nature of the technology industry, passwords are becoming a little weak for our needs. Our hosts take the time to discuss what passwordless authentication is, how it can be implemented, and why there is a move towards passwordless. After that, they go over the issue of balancing security and user experience and making sure our customers are satisfied and provided with solutions that fix their problems without sacrificing security. Following that, they discuss some of the challenges that are associated with utilizing passwordless authentication, including different organization policies, user acceptance, and the lack of usability it could pose. James then goes on to highlight that passwordless authentication is only as good as the user, and it always goes back to the human factor - it only changes the sophistication of the attack. In the end, James highlights that the biggest decisive factor on whether an organization will move to passwordless authentication is going to be cost. What You'll Learn ● What is passwordless authentication? And why is it relevant? ● How is passwordless authentication implemented? ● How to balance security and good user experience? ● What are the challenges of using passwordless authentication? ● What is Zero Trust? Relevant Websites For This Episode ● https://www.udemy.com/course/irresistible-cybersecurity/ ● https://www.cyberhubpodcast.com/ Other Relevant Episodes ● Episode 88 - The CIA Triad – The Basis of Cybersecurity (Authentication) ● Episode 91 - Mobile Device Security with Haseeb Awan ● Episode 92 - Password Managers
The importance of mobile device security cannot be overstated. With our lives becoming increasingly digital, it is essential that we take the necessary steps to secure our devices. By doing so, we can protect our data and our privacy, while also preventing malicious actors from gaining access to our accounts. More info at HelpMeWithHIPAA.com/401
InfosecTrain hosts a live event entitled “Cybersecurity Foundation Course” with certified experts Mr. Nawaj. What are the Basics of Networking? | Cybersecurity Foundation Day-1: • What are the Basi... Introduction of OSI model | Cybersecurity Foundation Day-2 : • Introduction of O... Introduction of Networking Media | Cybersecurity Foundation Day-3 : • Introduction of N... What are the Routing and Switching? | Cybersecurity Foundation Day-4 : • What are the Rout... Basics of WAN | Cybersecurity Foundation Day-5 : • Basics of WAN | W... Cyber Security Vs. Information Security | Cybersecurity Foundation Day-6: • Cyber Security Vs... What is Social Engineering | Cybersecurity Foundation Day-7: • What is Social En... An Introduction to Cryptography | Cybersecurity Foundation Day-8: • An Introduction t... Network Security Appliances | Cybersecurity Foundation Day-9: • Network Security ... Introduction to Packet Analysis | Cybersecurity Foundation Day-10: • Introduction to P... Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com ➡️ Agenda for the Webinar
https://www.yourcyberpath.com/91/ Haseeb Awan is the Founder & CEO at EFANI Secure Mobile. In this episode, we'll hear about Haseeb's cyber path, and we'll explore some of the biggest mobile phone risks and what you can do about them. In the beginning, Haseeb tells the story of how his phone number was compromised not once, not twice, but three times, with basically the same type of attack and how that forced him into cybersecurity. Then, Kip and Haseeb go over some of the risks that mobile users can be a victim of and the ways your mobile number could be compromised from social engineering, bribery of account executives, to SIM swapping, and man-in-the-middle attacks. In the end, Haseeb finishes off by discussing how cybersecurity is growing and that cyber risk is greater than ever and that more countries and organizations are building cyber armies. What You'll Learn ● How did Haseeb get into Cybersecurity? ● What is SIM swapping? ● What is an IMSI catcher? ● What is location tracking? ● Who should worry about their mobile security? Relevant Websites For This Episode ● https://www.efani.com/ ● https://www.nsogroup.com/ ● https://www.amazon.com/This-They-Tell-World- Ends/dp/1635576059 ● https://www.linkedin.com/in/haseebawan/ Other Relevant Episodes ● Episode 59 - Five things to know before you get into cybersecurity ● Episode 78 - Current State of the Cybersecurity Industry with Deidre Diamond of CyberSN
CyberSecurity Awareness: Back2BasicsmodeRemovable Media. Another security awareness topic that is used daily by companies is removable media. ... Passwords and Authentication. ... Physical Security. ... Mobile Device Security. ... Working Remotely. ... Public Wi-Fi. ... Cloud Security.Support the show
As security risks to internet-enabled devices reach an all-time high, Nokia has been highlighting the most pressing threats to user devices through its annual https://pages.nokia.com/T006US-Threat-Intelligence-Report-2021.html?_ga=2.13194295.127736566.1647453137-1818832214.1646691997 (threat intelligence reports). According to the 2020 and 2021 reports, malware infections on both computers and mobile devices are on the rise—specifically through downloadable software that poses as something helpful or fun for users. And yet, proposed federal laws would weaken mobile-device protections at this critical time by forcing all hardware manufacturers to accept unvetted software applications or “apps” in their digital marketplaces—a practice known as “sideloading” that has been called out by the Department of Homeland Security specifically. (The department's 2017 https://www.dhs.gov/sites/default/files/publications/DHS%20Study%20on%20Mobile%20Device%20Security%20-%20April%202017-FINAL.pdf (Mobile Device Security report) stated that “users should avoid—and enterprises should prohibit on their devices—sideloading of apps and the use of unauthorized app stores.”) This episode addresses the technical challenges sideloading brings into the process of keeping a secure mobile ecosystem. To discuss how we can protect consumers' financial and other personal data, https://www.nokia.com/blog/author/kevin-mcnamee/ (Kevin McNamee), the head of Nokia's Threat Intelligence Lab, joins https://www.aei.org/profile/shane-tews/ (Shane) on the latest episode of “Explain to Shane.” Under Kevin's leadership, the Threat Intelligence Lab analyzes thousands of mobile malware samples per day to help power Nokia's network-based malware detection program.
Greg Scott joins Cory off the top of the hour to talk about a new phone that will have a front-facing camera that is always on. Is that good for our online security? After that, Cory delivers the breaking news of MPD naming an interim chief to step in when Medaria Arradondo leaves in a few weeks. Plus, REM5 Virtual Reality founder Amir Berenjian joins Cory to help explain the metaverse and what it could mean for human lives in the future. See omnystudio.com/listener for privacy information.
The battle between Apple vs. Everyone has been a battle fought with Steve Jobs. Is Apple iPhone really better or is it just some classy fashion statement? Does the FBI dislike them even more? Listen more here on this podcast to see if Android or Apple is the better mobile operating system
Vulnerabilities affecting code compilers What if hackers could turn back time? Ukrainian National charged for Kaseya ransomware attack Detecting internet censorship in real-time A new application security toolkit to uncover dependency confusion attacks Mike Fong, CEO, and founder of Privoro talks about hardware to protect phones from eavesdropping, surveillance, and location tracking. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Mike Fong Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: plextrac.com/twit nureva.com/twit bitwarden.com/twit
Vulnerabilities affecting code compilers What if hackers could turn back time? Ukrainian National charged for Kaseya ransomware attack Detecting internet censorship in real-time A new application security toolkit to uncover dependency confusion attacks Mike Fong, CEO, and founder of Privoro talks about hardware to protect phones from eavesdropping, surveillance, and location tracking. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Mike Fong Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: plextrac.com/twit nureva.com/twit bitwarden.com/twit
Vulnerabilities affecting code compilers What if hackers could turn back time? Ukrainian National charged for Kaseya ransomware attack Detecting internet censorship in real-time A new application security toolkit to uncover dependency confusion attacks Mike Fong, CEO, and founder of Privoro talks about hardware to protect phones from eavesdropping, surveillance, and location tracking. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Mike Fong Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: plextrac.com/twit nureva.com/twit bitwarden.com/twit
Vulnerabilities affecting code compilers What if hackers could turn back time? Ukrainian National charged for Kaseya ransomware attack Detecting internet censorship in real-time A new application security toolkit to uncover dependency confusion attacks Mike Fong, CEO, and founder of Privoro talks about hardware to protect phones from eavesdropping, surveillance, and location tracking. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Mike Fong Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: plextrac.com/twit nureva.com/twit bitwarden.com/twit
We all use mobiles to process everything, especially with lockdown, but are they secure? Can they be secured? Philip Ingram MBE talks to Ash Patel from Zimperium and Andi Robinson from DataShield.https://blog.zimperium.com/https://datashield-uk.com
Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard. https://mastercard.us/en-us.html
@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0. Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science Graduated with Bachelors and Masters in Computer Science. Graduate Certificate in Information Security and Privacy. Minor in Math. Interested in security from a Yahoo! Group on Cryptography. Liked how you can turn text into gibberish and back again. Became interested in penetration testing after moving to Charlotte, and moonlighted as a QA while a full-stack developer. Co-workers did not want me to test their code because I would always find bugs. Moved into penetration testing space. Always had an interest in mobile, but never did mobile development and decided it wasn’t for me Became interested in bug bounties and noticed that mobile payouts were higher. At this time also completed SANS 575 - Mobile Device Security and Ethical Hacking. Realized the barrier to entry was VERY (almost non-existent) low in Android as it’s open source. Started to learn/expand mobile hacking on my own time The threat exposure is VERY high with mobile hacking. As you have a web app component, network component, and phone component. I always reference a slide from Secure Works. Link to YouTube Channel → thefluffy007 - YouTube thefluffy007 – A security researchers thoughts on all things security – web, mobile, and cloud The Mobile App Security Company | NowSecure owasp-mstg/Crackmes at master · OWASP/owasp-mstg · GitHub Rana Android Malware (reversinglabs.com) These 21 Android Apps Contain Malware | PCMag Android Tamer -Android Tamer The Diary of an (Inexperienced) Bug Hunter - Intro to Android Hacking | Bugcrowd Android Debug Bridge (adb) | Android Developers Goal: discussing best practices and methods to reverse engineer Android applications Introduction to Java (w3schools.com) JavaScript Introduction (w3schools.com) Introduction to Python (w3schools.com) Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX (Frida can be used with JavaScript, and Python, along with other languages) GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida) Android APK crackme: owasp-mstg/0x05c-Reverse-Engineering-and-Tampering.md at master · OWASP/owasp-mstg · GitHub Reverse-Engineering - YobiWiki Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. (ibotpeaches.github.io) GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. IntroAndroidSecurity download | SourceForge.net ←- link to my virtual machine and Androidx86 emulator Background: **consider this a primer for any class you might teach, a teaser, if you will** Why do we want to be able to reverse engineer APKs and IPKs? Android APKS (Android Packages) holds the source code to the application. If you can reverse this you will essentially have the keys to the kingdom. Developers and companies (if they’re proprietary) will add obfuscation - a technique to make the code unreadable to thwart reverse engineers from finding out their code. What are some of the structures and files contained in APKs that are useful for ppl analyzing binaries? Android applications have to have a MainActivity (written in Java). This activity is the entry point to the application. Android applications also have an AndroidManifest.xml file which is the skeleton of the application. This describes the main activity, intents, service providers, permissions, and what Android operating system can run the application. When testing apps for security, how easy is it to emulate security and physical controls if you’re not on a handset? Pretty easy. You can use an emulator. I must forewarn though - you will need A LOT of memory for it to work effectively. Are there ever any times you HAVE to use a handset? An app that tests something like Android’s Safetynet and won’t run without it? Do they ever want perf testing on their apps? Was thinking about how you check events in logs, battery drain, using apps on older Android/iOS versions? When organizations or developers ask you to test an app, is there anything in particular in scope? Out of scope? How do progressive web apps differ than a more traditional app? Lab setup IntroToAndroidSecurity VM Android Emulator Tools to use Why use them? (free, full-featured) Setup and installation OS-specific tools? Tools used - Frida, Jadx-GUI (or command line), text editor. All of these items are free. No setup required if using my virtual machine :-) These apps are OS specific if you choose Linux or Windows. Callbacks Methodology Decompile the application - can use a tool titled - Apktool (free) Look “under the hood” of the application - Jadx-GUI (Graphical User Interface) or Jadx-CLI (command line) Connect your emulator/device using Android Debug Bridge (adb) Get version of Frida on device Look online to find correct version of Frida **this is important** Start to play around with the tool and see if you receive error messages/prompts. Can then go back to code that was reverse engineered and see where it’s located. Best practices Leave no stones unturned! Meaning you might see something that seems too rudimentary to work - and yet it does. Cert pinning - Typical issues seen Hard-coded passwords, data that is not being encrypted in rest or transit. Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0. Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science Graduated with Bachelors and Masters in Computer Science. Graduate Certificate in Information Security and Privacy. Minor in Math. Interested in security from a Yahoo! Group on Cryptography. Liked how you can turn text into gibberish and back again. Became interested in penetration testing after moving to Charlotte, and moonlighted as a QA while a full-stack developer. Co-workers did not want me to test their code because I would always find bugs. Moved into penetration testing space. Always had an interest in mobile, but never did mobile development and decided it wasn’t for me Became interested in bug bounties and noticed that mobile payouts were higher. At this time also completed SANS 575 - Mobile Device Security and Ethical Hacking. Realized the barrier to entry was VERY (almost non-existent) low in Android as it’s open source. Started to learn/expand mobile hacking on my own time The threat exposure is VERY high with mobile hacking. As you have a web app component, network component, and phone component. I always reference a slide from Secure Works. Link to YouTube Channel → thefluffy007 - YouTube thefluffy007 – A security researchers thoughts on all things security – web, mobile, and cloud The Mobile App Security Company | NowSecure owasp-mstg/Crackmes at master · OWASP/owasp-mstg · GitHub Rana Android Malware (reversinglabs.com) These 21 Android Apps Contain Malware | PCMag Android Tamer -Android Tamer The Diary of an (Inexperienced) Bug Hunter - Intro to Android Hacking | Bugcrowd Android Debug Bridge (adb) | Android Developers Goal: discussing best practices and methods to reverse engineer Android applications Introduction to Java (w3schools.com) JavaScript Introduction (w3schools.com) Introduction to Python (w3schools.com) Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX (Frida can be used with JavaScript, and Python, along with other languages) GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida) Android APK crackme: owasp-mstg/0x05c-Reverse-Engineering-and-Tampering.md at master · OWASP/owasp-mstg · GitHub Reverse-Engineering - YobiWiki Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. (ibotpeaches.github.io) GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. IntroAndroidSecurity download | SourceForge.net ←- link to my virtual machine and Androidx86 emulator Background: **consider this a primer for any class you might teach, a teaser, if you will** Why do we want to be able to reverse engineer APKs and IPKs? Android APKS (Android Packages) holds the source code to the application. If you can reverse this you will essentially have the keys to the kingdom. Developers and companies (if they’re proprietary) will add obfuscation - a technique to make the code unreadable to thwart reverse engineers from finding out their code. What are some of the structures and files contained in APKs that are useful for ppl analyzing binaries? Android applications have to have a MainActivity (written in Java). This activity is the entry point to the application. Android applications also have an AndroidManifest.xml file which is the skeleton of the application. This describes the main activity, intents, service providers, permissions, and what Android operating system can run the application. When testing apps for security, how easy is it to emulate security and physical controls if you’re not on a handset? Pretty easy. You can use an emulator. I must forewarn though - you will need A LOT of memory for it to work effectively. Are there ever any times you HAVE to use a handset? An app that tests something like Android’s Safetynet and won’t run without it? Do they ever want perf testing on their apps? Was thinking about how you check events in logs, battery drain, using apps on older Android/iOS versions? When organizations or developers ask you to test an app, is there anything in particular in scope? Out of scope? How do progressive web apps differ than a more traditional app? Lab setup IntroToAndroidSecurity VM Android Emulator Tools to use Why use them? (free, full-featured) Setup and installation OS-specific tools? Tools used - Frida, Jadx-GUI (or command line), text editor. All of these items are free. No setup required if using my virtual machine :-) These apps are OS specific if you choose Linux or Windows. Callbacks Methodology Decompile the application - can use a tool titled - Apktool (free) Look “under the hood” of the application - Jadx-GUI (Graphical User Interface) or Jadx-CLI (command line) Connect your emulator/device using Android Debug Bridge (adb) Get version of Frida on device Look online to find correct version of Frida **this is important** Start to play around with the tool and see if you receive error messages/prompts. Can then go back to code that was reverse engineered and see where it’s located. Best practices Leave no stones unturned! Meaning you might see something that seems too rudimentary to work - and yet it does. Cert pinning - Typical issues seen Hard-coded passwords, data that is not being encrypted in rest or transit. Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
This week I talk about mobile device operating system and file system security, focusing specifically on applications.
This episode is about Mobile Device Security and the takedown of a popular password leaking website weleakinfo.com
Todays tip discusses why longer passwords outwit bot attacks versus shorter more complicated passwords.
Show Notes: https://thugcrowd.com/notes/20180612.html
Show Notes: https://thugcrowd.com/notes/20180612.html
Gartner predicts that through 2018, over 50 percent of Internet of Things (IoT) device manufacturers will not be able to address threats due to weak authentication practices. Millions of IoT devices — including everyday objects like routers, security cameras, DVRs, medical devices, cars and more — have already been infected with malware and repurposed as zombie armies by cyber attackers. As a result, the bandwidth of distributed denial of service (DDoS) attacks reached frightening levels in 2016, culminating with attacks of well over 600 Gbps. Until device makers require unique passwords by default, it is up to us to protect ourselves. In this episode, host Cherie Caswell Dost speaks with Bryan Fischer, senior director, Forsythe Security Professional Services, about the ever-changing security challenges of IoT devices, and how organizations can mitigate associated risks. Listen to the latest episode of And There You Have IT to learn: How IoT continues to change the threat landscape. The inherent and evolving risks that accompany smart devices. How manufacturers are trying to shore up their devices. How companies can take action against IoT-related risks. Why robust authentication practices are critical. Top 5 Cyber Security Predictions for 2017 – The security threat landscape continues to change and present new challenges. Here are five predictions for 2017 that are worth preparing for. Mobile Device Security in the Workplace: 5 Key Risks and a Surprising Challenge – With well-supported mobility and security awareness programs, your organization can keep users happy and your network secure so you can compete in today’s mobile-first environment. Forsythe Technology - For more than 40 years, Forsythe has helped companies succeed by working to optimize, modernize, and innovate enterprise IT. We develop solutions that make practical business sense from idea to implementation. We help champion innovation and deliver bottom-line results. We serve as the bridge, moving you from traditional to new IT. Whatever your business needs, we make it happen.
Jose Morales discusses mobile device security enhancements with defensive and offensive uses.
MPT Podcast 52 - Mobile Device Best Practices, with guest Mike Meikle of SecureHIM Inc. Mr. Meikle recommends some ways to keep medical practice mobile devices safe. This Issue (6:15): What mobile devices are safe to use in a medical environment? How can you protect your practice from malicious content? Does one operating system have an advantage over another? Click the play button to hear the podcast [smart_track_player url="http://mptaudio.s3.amazonaws.com/$emed$podcast/MPT_podcast_52.mp3" title="MPT Podcast 52 - Mobile Device Best Practices, with guest Mike Meikle of SecureHIM Inc." ]
Mobile device security and BYOD (Bring Your Own Device) are hot growth sectors in the mobile industry. Dozens of vendors now offer numerous solutions to enterprise companies and SMB’s that prevent sensitive data from dripping into mobile devices. It’s challenging as podcast guest Ken Khouri of IBM Global Technology will tell you. When Apple announced […]
Internet-connected mobile devices are becoming increasingly attractive targets Listen on Apple Podcasts.
© 2020-2025 Ivy Podcast Discovery LLC
