Fernando Russ

Mobile devices became a central part of today's daily life. Every mobile
offering comprises a complex ecosystem of technologies interacting to
provide solutions to the increasing need of having ubiquitous
availability of business-critical data. This trend speeds business
decisions and processes but at the same time poses big security challenges.

A recurring question when deciding to "go mobile" is: Is it a wise
decision having so many business secrets in your pocket? For… Mostrar más

Mobile devices became a central part of today's daily life. Every mobile
offering comprises a complex ecosystem of technologies interacting to
provide solutions to the increasing need of having ubiquitous
availability of business-critical data. This trend speeds business
decisions and processes but at the same time poses big security challenges.

A recurring question when deciding to "go mobile" is: Is it a wise
decision having so many business secrets in your pocket? For sure it is
not if you don't take any measure to guarantee the security of the data
at rest.

To tackle this, several companies offer solutions to cryptographically
protect the business information stored inside our mobile devices.

During this talk we will focus on an SAP framework called DataVault, one
of the key components of the SAP Mobile Platform (SMP) which implements
a secure storage for confidential information using proven strong
cryptography.

In particular, we will present and exploit live a series of
vulnerabilities on this framework which allow an attacker to partially
decrypt the content of the secure key-value storage without the prior
knowledge of any secret or key. Also, leveraging these
vulnerabilities, we will show a practical cloning attack against the SAP
Authenticator, a time-based one-time (TOTP)
two-factor authenticator app based on the RFC6238. Mostrar menos

Mobile devices are becoming ubiquitous in the infrastructure of any modern organization. As part of this industry's push towards remotely accessible business functions, business critical applications vendors (such as SAP) are also getting on board. In the last few years, SAP has been developing a series of solutions which covers different aspects of the mobile landscape from managing devices, to integrating custom mobile applications to the business logic of the SAP systems.

The SAP… Mostrar más

Mobile devices are becoming ubiquitous in the infrastructure of any modern organization. As part of this industry's push towards remotely accessible business functions, business critical applications vendors (such as SAP) are also getting on board. In the last few years, SAP has been developing a series of solutions which covers different aspects of the mobile landscape from managing devices, to integrating custom mobile applications to the business logic of the SAP systems.

The SAP Mobile Platform is composed of a group of complex third-party technologies, both open source and in-house developments. Moreover, bridging naturally isolated ecosystems like SAP to a mobile device infrastructure, poses challenging tasks from a security perspective. Such challenges include securing communications, choosing an adequate authentication mechanism, defining the proper data encryption requirements and taking care of an adequate device provisioning. An organization has to have in mind all of these concepts and increasingly complex attack scenarios while building a secure mobile infrastructure.

If an attacker is able to exploit vulnerabilities exposing any of the previously mentioned attack vectors, he would be able to perform sabotage, espionage or fraud attacks to the company. This could lead to a full compromise of the backend system, which manage not only critical business data, but also confidential and sensitive information with the liability implications of this. Mostrar menos

Traditionally understand 'binary operation' as the discipline to turn a vulnerability in the ability to run arbitrary code on the U about the victim. If we consider this as the "stage 1" then one can think of different ways to move to a "stage 2", this being able to use services that gives the operating system to any process, such as managing memory, sockets, the system files, etc.. The restrictions of the current Stage 2 technologies in commercial products are well described by Dino Dai Zovi… Mostrar más

Traditionally understand 'binary operation' as the discipline to turn a vulnerability in the ability to run arbitrary code on the U about the victim. If we consider this as the "stage 1" then one can think of different ways to move to a "stage 2", this being able to use services that gives the operating system to any process, such as managing memory, sockets, the system files, etc.. The restrictions of the current Stage 2 technologies in commercial products are well described by Dino Dai Zovi WOOT in a publication in 2007, as a solution proposes a sketch of stage 2 then bootstrapea a VM. Motivated by this, and given the current restrictions of these techniques when developing tools for post-operation, began to investigate the problems and possibilities to develop a payload that bootstrapee a VM. In this talk we will tell about the problems of development of the payload using a VM that runs a subset of Python, and how we solved that. Also we will be releasing a license opensource toolchain needed to build a payload using this technique, and demonstrate how we use it to build the prototype on an exploit payload. Mostrar menos

This talk is about web application security assessment. In particular, in this talk we set to improve the assessment process for SQL injection vulnerabilities by providing the means to discard exogenous "false positive" alarms and confirm exploitable vulnerabilities.
We propose a black-box technique to detect and exploit SQL injection vulnerabilities. The exploitation provides an interface to execute arbitrary SQL code through them. Therefore, we are able to thoroughly assess the impact of… Mostrar más

This talk is about web application security assessment. In particular, in this talk we set to improve the assessment process for SQL injection vulnerabilities by providing the means to discard exogenous "false positive" alarms and confirm exploitable vulnerabilities.
We propose a black-box technique to detect and exploit SQL injection vulnerabilities. The exploitation provides an interface to execute arbitrary SQL code through them. Therefore, we are able to thoroughly assess the impact of the vulnerability (e.g., understand what a hacker can do).
The core of this talk is in examining the difficulties that appear while trying to expose vulnerability and how to do a black-box interaction to automatically construct an exploit. Mostrar menos

Con la proliferación de servicios de cloud-computing se han vuelto comunes los ambientes de ejecución limitados, acotando la potencia del software implementable y forzando un modelo de ejecución no continuo (lineal/imperativa). En esta charla presentaremos una implementación tentativa de continuations en pure-python, y mostraremos algunos de los problemas y sus soluciones que encontramos desarrollando este framework.

In this talk we focus in analyzing the problems underlying the attack and penetration in the web application scenario, more specifically, using SQL Injection vulnerabilities we introduce the concept of SQL Agent.
The SQL Agent acts as an efficient translator from SQL to HTTP requests that later exploit a SQL Injection on a given web application.

We analyzed the problems underlying the attack and penetration in the web application scenario. We produce effective solutions to the payload engineering problem in the web-application scenario which allow the attacker/penetration tester to analyze the scenario and build his exploits abstracting the burdensome details in executing an attack.