SlideShare une entreprise Scribd logo

Mysterious Crypto in Android Biometrics

P
Pichaya Morimoto

หัวข้อ: Mysterious Crypto in Android Biometrics วิทยากร: Pongsakorn Sommalai งาน: 2600 Thailand Meeting #51 Date: Wednesday, October 2, 2019 at 6:30 PM – 8:30 PM Event URL: https://www.facebook.com/events/559009754638956/

Technologie
1  sur  32
Télécharger pour lire hors ligne
Mysterious Crypto in Android Biometrics Responsible: Mr. Pongsakorn Sommalai Version (Date): 1.0 (2019-10-02) Confidentiality class: Public บจก.สยามถนัดแฮก
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Mr. Pongsakorn (Bongtrop) Sommalai Penetration Tester Siam Thanat Hack Company Limited Whoami It’s me.
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Overview 3 - Introduction - Android Biometrics (Authentication) Security - Android Keystore - Cryptographic Library in Android - Biometric Prompt - Example Applications - AndroidKeyStore - The better way (let's discuss)
Introduction บจก.สยามถนัดแฮก
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public What is Biometrics (Authentication)? 5 http://fintechnews.sg/18096/mobile-payment/singaporeans-interested-in-biometrics-authentication-and-payments/
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Password & PIN
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Password & PIN 000000
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public 8 1 2 Celeb’s Opinion
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Today’s Scenario 10 Scenario: The sophisticated threat actors or APT malware with access to the victim’s device. Not these:
Android Biometric Implementation บจก.สยามถนัดแฮก
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public What is Keystore ? 12 A safe box which can store cryptographic keys.
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public FriendZone Technology and the Trusted Execution Environment (TEE) 13
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public TrustZone Technology and the Trusted Execution Environment (TEE) 14
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public AndroidKeyStore and his Friend 15
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Key Material in AndroidKeyStore 16 - Generate in secure world - Encrypt in secure world - Decrypt in secure world - XXX in secure world Can you gimme a key? Can you decrypt for me?
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Cryptographic Library in Android 17 https://developer.android.com/guide/topics/security/cryptography
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Biometric Prompt 18 https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #1 19 // For the "insecure" method, the app relies on onAuthenticationSucceeded function being called btInsecureActivity.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View view) { new BiometricPrompt(MainActivity.this, executor, new BiometricPrompt.AuthenticationCallback() { @Override public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) { super.onAuthenticationSucceeded(result); i = new Intent(MainActivity.this, InsecureActivity.class); startActivity(i); } }).authenticate(promptInfo); } }); Let’s play !!
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #1 20
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #2 21 KeyStore + Cryptographic + BiometricPrompt
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #2 22 Generate Key Init Phrase Encrypt a Secret Store it Somewhere Fetch Key Access Phrase Authenticate Decrypt a Secret Secure World Secure World Secure World Only Object
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #2 23 Take a Look at the Source Code !!
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Interesting Property of a Key 24 - isInsideSecureHardware - isInvalidatedByBiometricEnrollment - isUserAuthenticationRequired - isUserAuthenticationRequirementEnforcedBySecureHardware - isUserAuthenticationValidWhileOnBody - userAuthenticationValidityDurationSeconds
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #SDHMobile 25 Let’s play with this scenario !!
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Store encrypted PIN or TOKEN for authentication. Is it secure ? 26
Possible Attacks on AndroidKeyStore บจก.สยามถนัดแฮก
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public AndroidKeyStore Recap 28 - Generate in secure world - Encrypt in secure world - Decrypt in secure world - XXX in secure world Can you gimme a key? Can you decrypt it for me? However, the key must be stored in somewhere right?
The better ways (let’s discuss) บจก.สยามถนัดแฮก
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Challenge Response Authentication (Symmetric) 30
บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Challenge Response Authentication (Asymmetric) 31
Q & A บจก.สยามถนัดแฮก Contact us: pentest@sth.sh

Recommandé

Multi-Channel App Approach & The Future of Multi-Channel
Multi-Channel App Approach & The Future of Multi-ChannelMulti-Channel App Approach & The Future of Multi-Channel
Multi-Channel App Approach & The Future of Multi-ChannelDipesh Mukerji
 
Diploma in it security (malware) - course gate
Diploma in it security (malware) - course gateDiploma in it security (malware) - course gate
Diploma in it security (malware) - course gateCourse Gate
 
Trends and transients_2019_cigdem_sengul
Trends and transients_2019_cigdem_sengulTrends and transients_2019_cigdem_sengul
Trends and transients_2019_cigdem_sengulCigdem Sengul
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
How to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisHow to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisCarlo Dapino
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsPriyanka Aash
 
U2F in Dashlane
U2F in DashlaneU2F in Dashlane
U2F in DashlaneDashlane
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNSC42 Ltd
 

Recommandé

Multi-Channel App Approach & The Future of Multi-Channel
Multi-Channel App Approach & The Future of Multi-ChannelMulti-Channel App Approach & The Future of Multi-Channel
Multi-Channel App Approach & The Future of Multi-ChannelDipesh Mukerji
 
Diploma in it security (malware) - course gate
Diploma in it security (malware) - course gateDiploma in it security (malware) - course gate
Diploma in it security (malware) - course gateCourse Gate
 
Trends and transients_2019_cigdem_sengul
Trends and transients_2019_cigdem_sengulTrends and transients_2019_cigdem_sengul
Trends and transients_2019_cigdem_sengulCigdem Sengul
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
How to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisHow to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisCarlo Dapino
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsPriyanka Aash
 
U2F in Dashlane
U2F in DashlaneU2F in Dashlane
U2F in DashlaneDashlane
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNSC42 Ltd
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison changmjchang
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
 
Secure Multi-Party Computation
Secure Multi-Party ComputationSecure Multi-Party Computation
Secure Multi-Party ComputationAshutosh Satapathy
 
Check Point Consolidation
Check Point ConsolidationCheck Point Consolidation
Check Point ConsolidationGroup of company MUK
 
Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Iliyas Khan
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-JM code group
 
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con ConfluentIoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con Confluentmimacom
 
Security In The Public Cloud
Security In The Public CloudSecurity In The Public Cloud
Security In The Public Cloudnine
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...Cyber Security Alliance
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security InternalsOpersys inc.
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Contents
ContentsContents
ContentsElmerPineda9
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security TrendsCisco Russia
 
SFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity
SFScon19 - Igor Falcomatà - Smart Cities vs CybersecuritySFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity
SFScon19 - Igor Falcomatà - Smart Cities vs CybersecuritySouth Tyrol Free Software Conference
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...Pichaya Morimoto
 
Securing and Hacking LINE OA Integration
Securing and Hacking LINE OA IntegrationSecuring and Hacking LINE OA Integration
Securing and Hacking LINE OA IntegrationPichaya Morimoto
 

Contenu connexe

Similaire à Mysterious Crypto in Android Biometrics

2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison changmjchang
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
 
Secure Multi-Party Computation
Secure Multi-Party ComputationSecure Multi-Party Computation
Secure Multi-Party ComputationAshutosh Satapathy
 
Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Iliyas Khan
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-JM code group
 
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con ConfluentIoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con Confluentmimacom
 
Security In The Public Cloud
Security In The Public CloudSecurity In The Public Cloud
Security In The Public Cloudnine
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...Cyber Security Alliance
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security InternalsOpersys inc.
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security TrendsCisco Russia
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 

Similaire à Mysterious Crypto in Android Biometrics (20)

2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhofer
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones Security
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
 
Secure Multi-Party Computation
Secure Multi-Party ComputationSecure Multi-Party Computation
Secure Multi-Party Computation
 
Check Point Consolidation
Check Point ConsolidationCheck Point Consolidation
Check Point Consolidation
 
Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
 
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con ConfluentIoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
 
Security In The Public Cloud
Security In The Public CloudSecurity In The Public Cloud
Security In The Public Cloud
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security Internals
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Contents
ContentsContents
Contents
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security Trends
 
SFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity
SFScon19 - Igor Falcomatà - Smart Cities vs CybersecuritySFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity
SFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 

Plus de Pichaya Morimoto

ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...Pichaya Morimoto
 
Securing and Hacking LINE OA Integration
Securing and Hacking LINE OA IntegrationSecuring and Hacking LINE OA Integration
Securing and Hacking LINE OA IntegrationPichaya Morimoto
 
Docker Plugin For DevSecOps
Docker Plugin For DevSecOpsDocker Plugin For DevSecOps
Docker Plugin For DevSecOpsPichaya Morimoto
 
Web Hacking with Object Deserialization
Web Hacking with Object DeserializationWeb Hacking with Object Deserialization
Web Hacking with Object DeserializationPichaya Morimoto
 
Burp Extender API for Penetration Testing
Burp Extender API for Penetration TestingBurp Extender API for Penetration Testing
Burp Extender API for Penetration TestingPichaya Morimoto
 
Bug Bounty แบบแมว ๆ
Bug Bounty แบบแมว ๆ Bug Bounty แบบแมว ๆ
Bug Bounty แบบแมว ๆ Pichaya Morimoto
 
Pentest 101 @ Mahanakorn Network Research Laboratory
Pentest 101 @ Mahanakorn Network Research LaboratoryPentest 101 @ Mahanakorn Network Research Laboratory
Pentest 101 @ Mahanakorn Network Research LaboratoryPichaya Morimoto
 
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)Pichaya Morimoto
 
Exploiting Blind Vulnerabilities
Exploiting Blind VulnerabilitiesExploiting Blind Vulnerabilities
Exploiting Blind VulnerabilitiesPichaya Morimoto
 
From Web Vulnerability to Exploit in 15 minutes
From Web Vulnerability to Exploit in 15 minutesFrom Web Vulnerability to Exploit in 15 minutes
From Web Vulnerability to Exploit in 15 minutesPichaya Morimoto
 
Exploiting WebApp Race Condition Vulnerability 101
Exploiting WebApp Race Condition Vulnerability 101Exploiting WebApp Race Condition Vulnerability 101
Exploiting WebApp Race Condition Vulnerability 101Pichaya Morimoto
 
CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?
CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?
CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?Pichaya Morimoto
 
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkPichaya Morimoto
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 

Plus de Pichaya Morimoto (15)

ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...
 
Securing and Hacking LINE OA Integration
Securing and Hacking LINE OA IntegrationSecuring and Hacking LINE OA Integration
Securing and Hacking LINE OA Integration
 
Docker Plugin For DevSecOps
Docker Plugin For DevSecOpsDocker Plugin For DevSecOps
Docker Plugin For DevSecOps
 
Web Hacking with Object Deserialization
Web Hacking with Object DeserializationWeb Hacking with Object Deserialization
Web Hacking with Object Deserialization
 
Burp Extender API for Penetration Testing
Burp Extender API for Penetration TestingBurp Extender API for Penetration Testing
Burp Extender API for Penetration Testing
 
Bug Bounty แบบแมว ๆ
Bug Bounty แบบแมว ๆ Bug Bounty แบบแมว ๆ
Bug Bounty แบบแมว ๆ
 
Pentest 101 @ Mahanakorn Network Research Laboratory
Pentest 101 @ Mahanakorn Network Research LaboratoryPentest 101 @ Mahanakorn Network Research Laboratory
Pentest 101 @ Mahanakorn Network Research Laboratory
 
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
 
Exploiting Blind Vulnerabilities
Exploiting Blind VulnerabilitiesExploiting Blind Vulnerabilities
Exploiting Blind Vulnerabilities
 
From Web Vulnerability to Exploit in 15 minutes
From Web Vulnerability to Exploit in 15 minutesFrom Web Vulnerability to Exploit in 15 minutes
From Web Vulnerability to Exploit in 15 minutes
 
Exploiting WebApp Race Condition Vulnerability 101
Exploiting WebApp Race Condition Vulnerability 101Exploiting WebApp Race Condition Vulnerability 101
Exploiting WebApp Race Condition Vulnerability 101
 
CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?
CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?
CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?
 
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 

Dernier

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Mysterious Crypto in Android Biometrics