Bienvenue sur Scribd !

Ignorer le carrousel

Network Forensics: Uncovering Secrets of Mobile Applications

Transféré par

ahmadlatip

0% ont trouvé ce document utile (0 vote)

26 vues28 pages

Titre original

2012-06-06_BH-WC_v1.pdf

Copyright

Formats disponibles

PDF, TXT ou lisez en ligne sur Scribd

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Signaler ce document

Droits d'auteur :

Formats disponibles

Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd

Signaler comme contenu inapproprié

0% ont trouvé ce document utile (0 vote)

26 vues28 pages

Network Forensics: Uncovering Secrets of Mobile Applications

Transféré par

ahmadlatip

Droits d'auteur :

Formats disponibles

Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd

Signaler comme contenu inapproprié

Passer à la page

Vous êtes sur la page 1sur 28

Rechercher à l'intérieur du document

NETWORK

FORENSICS: UNCOVERING
SECRETS OF MOBILE APPLICATIONS
Eric Fulton
BlackHat | Webcasts
Sponsored by: ForeScout

Wednesday, June 13, 2012 1

ROADMAP
• Introduction
• Explanation of different mobile fields
• Methods of Interception
• Case Study – Facebook Traffic
• Case Study – Identification of Installed Applications
• NFPC Contest
• Wrap-‐up

Wednesday, June 13, 2012 2

INTRO
• Eric Fulton, Director of Research at LMG Security
• @Trisk3t
• LMGSecurity.com
• Other Learning Opportunities
• Network Forensics, BlackHat USA, July 21-‐24 2012
• www.ForensicsContest.com
• DEFCON Contest (#NFPC)
• Why Network Forensics…

Wednesday, June 13, 2012 3

MOBILE DEVICE FIELDS
• Network Forensics
• Hardware Analysis
• NFC
• Huawei
• File System Analysis
• Much like traditional forensics
• Application Analysis
• Mobile Malware
• CarrierIQ
• Radio Analysis

Wednesday, June 13, 2012 4

MOBILE NETWORK FORENSICS
• Identifying and analyzing data sent via wireless signals
• Relatively easy to intercept
• Often contains sensitive and identifying information
• Plethora of existing tools and learning aids

Wednesday, June 13, 2012 5

METHODS OF INTERCEPTION
• GnuRadio
• Interception GSM and CDMA signals via software defined radio
• (or get a HAM license, see Chris Paget’s talk)
• Allows for voice, text, and data interception
• Wifi
• Interception and MiTM of data packets
• Especially effective with SSLSniff
• Analysis on a corporate network (BYOD Identification)

Wednesday, June 13, 2012 6

Case Study

ANALYSIS OF FACEBOOK TRAFFIC

Wednesday, June 13, 2012 7

MOBILE FACEBOOK TRAFFIC

Wednesday, June 13, 2012 8

DECRYPTING IN WIRESHARK

Wednesday, June 13, 2012 9

FACEBOOK DECRYPTED

Wednesday, June 13, 2012 10

MOBILE APPLICATION STREAM ANALYSIS

Wednesday, June 13, 2012 11

Case Study

ANALYZING INSTALLED APPLICATIONS

Wednesday, June 13, 2012 12

HERE IS AN INSTALLED APPLICATION

Wednesday, June 13, 2012 13

QUESTIONS TO KEEP IN MIND
• How do you identify installed applications when you don’t own the
device?
• Can you determine the intent of the application via network
traffic?
• Are you able to identify sensitive information being exfiltrated by
an application?

Wednesday, June 13, 2012 14

Wednesday, June 13, 2012 15
Wednesday, June 13, 2012 16
MOBILE APPLICATION TRAFFIC

Wednesday, June 13, 2012 17

WHAT DO YOU SEE?

Wednesday, June 13, 2012 18

TELNUM? M_ADDR?

Wednesday, June 13, 2012 19

ZOOM. ENHANCE.

Wednesday, June 13, 2012 20

LET US @DIG DEEPER

Wednesday, June 13, 2012 21

WHOIS

Wednesday, June 13, 2012 22

WHOIS

Wednesday, June 13, 2012 23

GOOGLE

Wednesday, June 13, 2012 24

Wednesday, June 13, 2012 25
DISCUSSION
• How could you identify malware in an enterprise?

• How could you prevent malware in an enterprise?

• What else could you do with the information found?

Wednesday, June 13, 2012 26

NETWORK FORENSICS PUZZLE CONTEST
• Puzzle #10: PaulDotCom Goes Off the Air
• http://forensicscontest.com/2012/05/31/
puzzle-‐10-‐pauldotcom-‐goes-‐off-‐the-‐air
• Winner gets a BlackHat Black Card!
• #NFPC @ Defcon 20
• Winner gets an iPad!

Wednesday, June 13, 2012 27

THANKS!

Questions?

Wednesday, June 13, 2012 28

Vous aimerez peut-être aussi

Android Forensics and Security Testing Course - PUBLIC - RELEASE
Document201 pages
Android Forensics and Security Testing Course - PUBLIC - RELEASE
tamrakarangela
Pas encore d'évaluation
Android Forensics Techniques
Document20 pages
Android Forensics Techniques
Vlog Info Techno
Pas encore d'évaluation
Mobile Phone Extraction: Understanding Technologies for Accessing and Extracting Data
Document37 pages
Mobile Phone Extraction: Understanding Technologies for Accessing and Extracting Data
agus adi putra
Pas encore d'évaluation
Harvesting Cloud Credentials in IOS and Android Devices An Investigative Resource
Document6 pages
Harvesting Cloud Credentials in IOS and Android Devices An Investigative Resource
IJRASETPublications
Pas encore d'évaluation
Practical Mobile Forensics - Second Edition
D'Everand
Practical Mobile Forensics - Second Edition
Satish Bommisetty
Pas encore d'évaluation
07813792
Document6 pages
07813792
Rahmat Haryadi
Pas encore d'évaluation
AndroidForensicToolsandTechnique
Document7 pages
AndroidForensicToolsandTechnique
Karina Astudillo
Pas encore d'évaluation
Privacy and Networks CPS 96: Eduardo Cuervo Amre Shakimov
Document33 pages
Privacy and Networks CPS 96: Eduardo Cuervo Amre Shakimov
Jason Roberts
Pas encore d'évaluation
Mobile Data Loss: Threats and Countermeasures
D'Everand
Mobile Data Loss: Threats and Countermeasures
Michael T. Raggo
Pas encore d'évaluation
Performance Investigation of Two-Stage Detection Techniques Using Traffic Light Detection Dataset
Document11 pages
Performance Investigation of Two-Stage Detection Techniques Using Traffic Light Detection Dataset
IAES IJAI
Pas encore d'évaluation
Webinar 042213 Hopkins Gillett
Document34 pages
Webinar 042213 Hopkins Gillett
ai.test
Pas encore d'évaluation
Mobile Application Security: Who, How and Why: Presented by
Document55 pages
Mobile Application Security: Who, How and Why: Presented by
Sandip
Pas encore d'évaluation
Operationalizing Privacy by Design - A Guide To Implementing Strong Privacy Practices PDF
Document72 pages
Operationalizing Privacy by Design - A Guide To Implementing Strong Privacy Practices PDF
Moises Neves Camelo
100% (2)
Online Safety, Security, Ethics, and Etiquette: Joseph Dale A. Llanes, LPT
Document29 pages
Online Safety, Security, Ethics, and Etiquette: Joseph Dale A. Llanes, LPT
aleya
Pas encore d'évaluation
Mobile Testing Interview Question & Answer
Document10 pages
Mobile Testing Interview Question & Answer
ramakant tyagi
Pas encore d'évaluation
Mobile Application Security Penetration Testing Ba
Document13 pages
Mobile Application Security Penetration Testing Ba
Venkat
Pas encore d'évaluation
Cyber Crimes: Chunlian QU
Document16 pages
Cyber Crimes: Chunlian QU
Vinay Chauhan
Pas encore d'évaluation
An Analysis of Digital Forensics in Cyber Security: D. Paul Joseph and Jasmine Norman
Document8 pages
An Analysis of Digital Forensics in Cyber Security: D. Paul Joseph and Jasmine Norman
yk
Pas encore d'évaluation
A Comparison Study of Android Mobile Forensics For Retrieving Files System
Document19 pages
A Comparison Study of Android Mobile Forensics For Retrieving Files System
AI Coordinator - CSC Journals
100% (1)
Peoplexploit Dev
Document29 pages
Peoplexploit Dev
014 CSE Devamruth AG
Pas encore d'évaluation
Mobile Os Research Paper
Document7 pages
Mobile Os Research Paper
ogisxnbnd
100% (1)
Android Memory Analysis and Acquisition
Document12 pages
Android Memory Analysis and Acquisition
Muhammad Irfan
Pas encore d'évaluation
Name Netid Group Number: Website Link: Tutorial Details Time Spent On Assignment
Document10 pages
Name Netid Group Number: Website Link: Tutorial Details Time Spent On Assignment
Antony Quirk
Pas encore d'évaluation
4-1 iOS applications hands-on
Document107 pages
4-1 iOS applications hands-on
shiva kumar
Pas encore d'évaluation
Android Developer CV
Document5 pages
Android Developer CV
NUN Singh
Pas encore d'évaluation
The Dark Side of Internet
Document4 pages
The Dark Side of Internet
Jorge Alberto Forero Molano
Pas encore d'évaluation
Learning Android Forensics - Sample Chapter
Document40 pages
Learning Android Forensics - Sample Chapter
Packt Publishing
100% (5)
Ing 3
Document6 pages
Ing 3
emir.dmrklll1
Pas encore d'évaluation
Android Forensics: Tools and Techniques For Manual Data Extraction
Document19 pages
Android Forensics: Tools and Techniques For Manual Data Extraction
aman sharma
Pas encore d'évaluation
A Systematic Literature Review of The Mobile Application For Object Recognition For Visually Impaired People
Document8 pages
A Systematic Literature Review of The Mobile Application For Object Recognition For Visually Impaired People
Saraswat Akshaya Pati
Pas encore d'évaluation
CWS Project
Document13 pages
CWS Project
Saavy Bansal
Pas encore d'évaluation
Internet of Things
Document14 pages
Internet of Things
Киба Нтулус
Pas encore d'évaluation
ABBREVIATING USERS’ DATA ON SOCIAL MEDIA
Document13 pages
ABBREVIATING USERS’ DATA ON SOCIAL MEDIA
saleem
Pas encore d'évaluation
Track anyone's location with this Android GPS app
Document8 pages
Track anyone's location with this Android GPS app
Septyasari
Pas encore d'évaluation
An Analysis of Pre-Installed Android Software
Document17 pages
An Analysis of Pre-Installed Android Software
Rguez
Pas encore d'évaluation
Irjet V8i5509
Document5 pages
Irjet V8i5509
Cawaale Ciilmooge
Pas encore d'évaluation
Learning Android Forensics
D'Everand
Learning Android Forensics
Rohit Tamma
Évaluation : 4.5 sur 5 étoiles
4.5/5 (3)
Summary Business and Legal
Document20 pages
Summary Business and Legal
Richard Arnold Simbolon
Pas encore d'évaluation
Design and Implementation of A Targeted Data Extraction System For Mobile Devices" Fifteenth IFIP WG 11.9 International Conference On Digital Forensics, Orlando, USA
Document36 pages
Design and Implementation of A Targeted Data Extraction System For Mobile Devices" Fifteenth IFIP WG 11.9 International Conference On Digital Forensics, Orlando, USA
Arun GS
Pas encore d'évaluation
E-Attendance RFID Tracking
Document3 pages
E-Attendance RFID Tracking
MUHAMMAD ARIF DANIAL BIN ROSNELIFAIZUR
Pas encore d'évaluation
Chapter-1
Document34 pages
Chapter-1
Mohammad Islam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Module 1
Document107 pages
Module 1
prabadeviboopathy87
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
Mobile Survey Toolkit
Document24 pages
Mobile Survey Toolkit
Oxfam
Pas encore d'évaluation
2018 08 23 Intelligent Security Automation by Ty Miller PDF
Document25 pages
2018 08 23 Intelligent Security Automation by Ty Miller PDF
ahmadlatip
Pas encore d'évaluation
2018 08 23 Handling Vast Amounts of Threat Intel Via Automation by Anomali PDF
Document10 pages
2018 08 23 Handling Vast Amounts of Threat Intel Via Automation by Anomali PDF
ahmadlatip
Pas encore d'évaluation
Blackhat Webinar: Dan Cornell Cto, Denim Group
Document29 pages
Blackhat Webinar: Dan Cornell Cto, Denim Group
ahmadlatip
Pas encore d'évaluation
2012-20-09 Armitage Blackhat Webcast PDF
Document6 pages
2012-20-09 Armitage Blackhat Webcast PDF
ahmadlatip
Pas encore d'évaluation
Brian Smith, CTO & Founder
Document7 pages
Brian Smith, CTO & Founder
ahmadlatip
Pas encore d'évaluation
Network and Device Level Mobile Security Controls
Document10 pages
Network and Device Level Mobile Security Controls
ahmadlatip
Pas encore d'évaluation
2012-20-09 GWeidman Blackhat Webcast PDF
Document17 pages
2012-20-09 GWeidman Blackhat Webcast PDF
ahmadlatip
Pas encore d'évaluation
Mza 900 P Us
Document12 pages
Mza 900 P Us
Nadia Deco
Pas encore d'évaluation
Testing Passive Optical Networks: FTTX Pon Guide
Document84 pages
Testing Passive Optical Networks: FTTX Pon Guide
Anonymous 5Pzs8gpVQ
Pas encore d'évaluation
SDH vs SONET: Understanding the Differences Between Synchronous Digital Hierarchy and Synchronous Optical Network
Document30 pages
SDH vs SONET: Understanding the Differences Between Synchronous Digital Hierarchy and Synchronous Optical Network
Reynald John Pastrana
Pas encore d'évaluation
Seatex DPS 200: Installation Manual
Document110 pages
Seatex DPS 200: Installation Manual
jfc
100% (1)
MT6592 Octa-Core Smartphone Application Processor Technical Brief
Document53 pages
MT6592 Octa-Core Smartphone Application Processor Technical Brief
temp210715
Pas encore d'évaluation
Antenna Systems For Vehicle-To-Everything (V2X) Communication at 5 .9 GHZ Considering The Vehicle Body
Document236 pages
Antenna Systems For Vehicle-To-Everything (V2X) Communication at 5 .9 GHZ Considering The Vehicle Body
Saif Kamal
Pas encore d'évaluation
The TR1985/6/7 and TR1998 Series of Airband Transceivers: Colin Guy G4DDI
Document6 pages
The TR1985/6/7 and TR1998 Series of Airband Transceivers: Colin Guy G4DDI
Bobby Chipping
100% (1)
MY MY Rocket Rocket A A 1092 1092 ZV ZV Llte TE: Base Station Antennas Trisectors
Document14 pages
MY MY Rocket Rocket A A 1092 1092 ZV ZV Llte TE: Base Station Antennas Trisectors
hirak.mazumdar
Pas encore d'évaluation
Competitive Exams Bluetooth Functioning: Examrace
Document4 pages
Competitive Exams Bluetooth Functioning: Examrace
Raja Posupo
Pas encore d'évaluation
DIM10-087-06 Installation Guide
Document3 pages
DIM10-087-06 Installation Guide
carlos sanchez
Pas encore d'évaluation
ProblemSheet - Chapter 3
Document5 pages
ProblemSheet - Chapter 3
Bhen Calugay
Pas encore d'évaluation
An Introduction To Crystal Filters
Document8 pages
An Introduction To Crystal Filters
mathurashwani
Pas encore d'évaluation
MTS714# 2WC-21 PDF
Document2 pages
MTS714# 2WC-21 PDF
glukker
Pas encore d'évaluation
TEMS Investigation (GSM) Ver 001
Document0 page
TEMS Investigation (GSM) Ver 001
saeedtarkian
Pas encore d'évaluation
Casio tv-1900bxm SM
Document21 pages
Casio tv-1900bxm SM
Дмитрий Артюх
Pas encore d'évaluation
Isscc 2019 1
Document3 pages
Isscc 2019 1
Zyad Iskandar
Pas encore d'évaluation
GSM Swap Sectors
Document5 pages
GSM Swap Sectors
Pramod Gautam
Pas encore d'évaluation
Review Notes: Digital Signal Processing ELEC96010 (EE3-07)
Document49 pages
Review Notes: Digital Signal Processing ELEC96010 (EE3-07)
prasanna prasanna
Pas encore d'évaluation
Spectral Decomposition
Document165 pages
Spectral Decomposition
aryo
Pas encore d'évaluation
Electronic Communication & Data Communication
Document88 pages
Electronic Communication & Data Communication
GuruKPO
100% (2)
CompTIA Network+ Certification Practice Test 3 (Exam N10-006)
Document9 pages
CompTIA Network+ Certification Practice Test 3 (Exam N10-006)
Lostbyondthevoid
Pas encore d'évaluation
RCI-6900F CB Radio Operation Manual
Document41 pages
RCI-6900F CB Radio Operation Manual
Richardson Almeida
0% (1)
2.1 Symmetric Ciphers
Document21 pages
2.1 Symmetric Ciphers
jemal yahyaa
Pas encore d'évaluation
Branch Line Coupler: Hanyang University
Document7 pages
Branch Line Coupler: Hanyang University
SaifulIslam
Pas encore d'évaluation
DWDM Basics Ciena
Document11 pages
DWDM Basics Ciena
cao_boy3
Pas encore d'évaluation
Huawei LTE Handover Fault Diagnosis (Traffic KPIs)
Document104 pages
Huawei LTE Handover Fault Diagnosis (Traffic KPIs)
Muhammad Usman
100% (1)
ECE 2010 Gate Question Papers
Document23 pages
ECE 2010 Gate Question Papers
Rohan Singla
Pas encore d'évaluation
Analog to Digital Conversion in AVR Microcontrollers
Document12 pages
Analog to Digital Conversion in AVR Microcontrollers
Sathiya Nathan
Pas encore d'évaluation
A 23 GHZ Fast-Locking PLL Using Phase Error Compensator
Document5 pages
A 23 GHZ Fast-Locking PLL Using Phase Error Compensator
nayakadarsh2000
Pas encore d'évaluation
3G Wireless Evolution to WCDMA
Document39 pages
3G Wireless Evolution to WCDMA
Usman Gul
Pas encore d'évaluation