Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, November 20 • 12:00pm - 12:50pm
BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors

Sign up or log in to save this to your schedule and see who's attending!

Video of session:
https://www.youtube.com/watch?v=Ef_YeULnw1k&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=8

The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit toys, there can be stregnth in numbers. Join us as we explore what actually needs to be done in a mobile assessment and how we can do it right from our SSH prompt on our iOS device. Our tool is simple yet effective and as you learn to do mobile assessments you'll also teach yourself the fundamentals of the OWASP Mobile Top 10. Topics explored will be binary analysis, app decryption, data storage, endpoint parsing, class inspection, file monitoring, and more! Heck we might even release some sort of ghetto BASH Obj-c source parser!

Speakers
avatar for Jason Haddix

Jason Haddix

Head of Penetration Testing, Fortify
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security... Read More →
avatar for Dawn Isabel

Dawn Isabel

HP ShadowLabs
Dawn Isabel is currently a Mobile Security Consultant at HP ShadowLabs, where she tests iOS and Android applications and develops in-house tools for static and dynamic analysis of mobile apps. Prior to that, she designed and ran a penetration testing service at the University of Michigan, and developed Python automation for vulnerability management with Nessus. Dawn was team lead of the Computer Incident Response Team (CIRT) at Ford Motor Company... Read More →


Wednesday November 20, 2013 12:00pm - 12:50pm
Salon 1 (5th Floor Ballroom) NY Marriott Marquis

Attendees (88)