Peter Coddington CEO 240-258-2100 :: pcoddington@parabal.com About PaRaBaL • PaRaBaL was founded in 2009 and is located in the Research Park of University of Maryland, Baltimore County. UMBC has a strong computer curriculum. • Full Apple – iPhone – iPad Exploitation Training Lab. • PaRaBaL offers one of kind one week training. • PaRaBaL is driven to create and build iPhone and iPad security and applications for the Intelligence and DOD agencies in the US. • PaRaBaL is an SBA-certified HUBzone company. • PaRaBaL is the first company to be awarded an iPhone security training contract – see press release on our web site. • PaRaBaL is facility cleared with cleared personnel to assist the government with mobile security and applications to deliver information to mobile platforms. iOS Security and Exploitation Training • PaRaBaL started in the iPhone space teaching iPhone security to the Intelligence Community. • Understanding the Architecture & File System • Reverse Engineering • Understanding/Attacking iPhone/iPad Apps & Secure Coding Practices • Using the iPhone/iPad as an attack platform & iPhone/iPad forensics • The PaRaBaL training lab is 100% Apple products including iPhone, iPads & iMacs along with emulators for the respective devices. • Only full Apple lab with supporting software for ethical hacking on the East Coast. • Assembled a cadre of experts in the area of iPhone/iPad security and iOS understanding. PaRaBaL Security Lab Example: File System – SQLite Databases We show how to alter databases in the iPhone to retain deleted and altered texts, address entries and other databases, and apply the alterations to non-jailbroken iPhones PaRaBaL Security Lab Example: File System – Plist files Plist files are XML files that house app setting, session information, keychain data. Plist can be altered to increase performance, and alter app functionality. PaRaBaL Security Lab Example: Address Book Exploitation This app is designed to show how content from the address book can be sent to a designated server when a user taps “Upload Score” (i.e., if they’re playing a game and record a high score) PaRaBaL Security Lab Example: Address Book Exploitation We show how to check what apps are transmitting using a proxy and Wireshark PaRaBaL Security Lab Example: Address Book Exploitation After showing this exploit for almost a year which allows apps to submit this functionality and receive approval. This year apps offering this “functionality” are being exposed. PaRaBaL Security Lab Example: Geo-location Spoof App This xcode-based app is designed to spoof the user’s location. It is able to constantly change the location of the device to a different area. PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection We examine an app using IDA Pro for unused sections of binary code where we inject a payload to exploit the traffic of the iPhone. PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection This include intro to ARM assembly, and assembly instruction conversion to binary. PaRaBaL Security Lab Example: iPhone as a Mobile Attack Device With the increased processing power of an iPhone, we use Ruby, mobile terminal, and Metasploit to execute network exploitation on the road. PaRaBaL Secure App Development for DoD • Companies & organizations are moving to a broad range of mobile devices in the workforce. • As iOS devices become more prominent in the workforce so do security concerns for iOS based applications. • PaRaBaL’s extensive background in exploitation and security makes our development team the ideal choice for secure development of internal apps. PaRaBaL iPad & iPhone Security Consulting • Offer consulting services that entail designing a holistic mobile security solution and plan for your organization: • Four step process to get the organization completely secure in regards to iOS devices that are in use within the workplace. • Teach how to protect mobile iOS devices from vulnerabilities that have been exploited by people with malicious intent. • Teach in-depth secure coding practices as well as ethical hacking exercises within the iOS platform. • Create and develop new and customized apps for iOS devices catered specifically towards the customer’s needs. • Offer training to employees on how to use their iOS devices without compromising company data and interests. PaRaBaL Peter Coddington 240-258-2100 pcoddington@parabal.com www.parabal.com 5523 Research Park Dr. Suite 325 Catonsville, MD 21228