yury chemerkin
play

YURY CHEMERKIN I have 10+ years of experience in information - PowerPoint PPT Presentation

Nov 03, 2022 •653 likes •1.43k views

S TILL S ECURE . W E E MPOWER W HAT W E H ARDEN B ECAUSE W E C AN C ONCEAL YURY CHEMERKIN MULTI-SKILLED SECURITY EXPERT CJSC ADVANCED MONITORING YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

  1. S TILL S ECURE . W E E MPOWER W HAT W E H ARDEN B ECAUSE W E C AN C ONCEAL YURY CHEMERKIN MULTI-SKILLED SECURITY EXPERT CJSC ADVANCED MONITORING

  2. YURY CHEMERKIN I have 10+ years of experience in information security. I‘m a multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile &, Cloud Computing, IAM, Forensics & Compliance. I published many papers on mobile and cloud security, regularly appears at conferences such as CyberCrimeForum, HackerHalted, DefCamp, DeepSec & DeepSec Intelligence, NullCon, OWASP , CONFidence, Hacktivity, Hackfest, HackMiami, NotaCon, BalcCon, Intelligence- Sec, InfoSec NetSysAdmins, etc. LINKEDIN: HTTPS://WWW.LINKEDIN.COM/IN/YURYCHEMERKIN TWITTER: @YURYCHEMERKIN EMAIL: YURY.S@CHEMERKIN.COM

  3. SECURITY ISSUES FORENSICS SOFTWARE DEVICE 'N' OS LEAKS CAPABILITIES 'N' SECURITY SPECIFICS LIMITS IMPLEMENTATIONS

  6. FORENSICS TOOLS. ADVERTISEMENT IS A MOST SCARIEST THING IN THE WORLD 

  7. SECURITY NOWADAYS. FORENSICS DIRECTION 3 RD PARTY APP SERVERS APP VENDOR CDN BACKUP OF CLOUD CLOUD DEVICE MOBILE & 2FA LEAKED DESKTOP DATABASE DEVICE

  8. PRIVACY & RISK MANAGEMENT LOGIC • Cornerstone accounts • Email accounts • “Sign-Up/In via” accounts • Interconnected accounts • Cloud & Storage accounts • “Keychains” & encrypted disks • App servers • … • Finally, data

  9. CORNERSTONE ACCOUNTS

  10. EMAIL & SOCIAL

  11. EMAIL (LACK OF) SUPPORT VIA IMAP4

  12. OUTLOOK/EXCHANGE SUPPORT

  13. CLOUD

  14. CLOUDY DATA. EXTRACTION

  15. RUNGAP APP. AN INTERFACE FOR DATA EXCHANGE DROPBOX SPORT HEALTH DATA BODY ZIPPED FILES SUPPORTS ACTIVITIES MEASURES ROUTES MAPS

  16. RUNGAP – DETAILS • Analytics, 3 rd party sdk – Google, Facebook, • Network • Dropbox support to exchange & store data – highly detailed files with a source info • Some general activities data is available but mainly transfer as zipped files • Examples are on next slides

  18. RUNGAP – DETAILS • Analytics, 3 rd party sdk – Google, Facebook, • No useful backup data • Activity – Raw data with geo and activity type • LAP – similar data items like above • Thumbimage – route with a map background • Also Mapfingerprint, path, raw data tables contains raw data

  19. DATA ACQUISITION • Ability to stop extraction process • Mosaic data types • Network retrieving data issue

  20. FORENSICS. UNSTOPPABLE ACCESS

  21. MAIN OWNER DATA

  22. ENVIRONMENT DISCOVERING

  23. DATA ACQUISITION VIA ‘NETWORK’

  24. DATA ACQUISITION VIA ‘NETWORK’

  25. STRAVA GOOGLE, NETWORK CREDENTIALS, SPORT GEAR MAINLY KEEP CRASHLYTICS, DATA IS PROFILE AND MEASURES IF IT ON STRAVA FACEBOOK, PROTECTED MEASURES EXISTS SERVERS ZENDESK, FROM MITM IO.BRANCH GEO DATA IN ZENDESK PHOTOS BACKUPS USERID & TAKEN BY TOKEN USERS ON CLOUDFRONT + BASIC PROFILE

  26. STRAVA – DETAILS • Analytics, 3 rd party sdk – Google, Crashlytics, Facebook, Zendesk, io.branch • Network: • Traffic is generally protected by certificate (Pinning), however developer API doesn’t have it as a built-in feature • Protected credentials, profile and measures related to runs, walking stats sync but aren’t correctly incorporated to overall stats (not supported over years) • Gear measures if it exists • Mainly keep on strava servers

  27. STRAVA – DETAILS • Geo Route details Documents\*.stravactivity • wp: lat:55.899412; long:37.575460; hacc:64.000000; vacc:63.175690; alt:187.060074; speed:4.348559; course:124.105452; t:1554864639.673529; dt:1554864639.612675 • Zendesk UserID & Token • \Library\Preferences\com.zendesk.core.identity.plist

  28. STRAVA – DETAILS • Photos taken by users • \Library\Preferences\ com.strava.stravaride.plist • + basic bio • Full Name + email

  29. DISK ENCRYPTION & PROTECTION Removable Mounted TPM module volumes volumes Encrypted RAM Profile, MDM boot-volume Slow Administration Recovery keys Bruteforce Privileges

  30. DISK PROTECTION – LAST MILES IN PROTECTION

  31. ADMINISTRATION PRIVILEGES ISSUES

  32. MEMORY PROTECTION AGAINST DMA ATTACKS

  33. FORENSICS. DEVELOPED IN A MAC STYLE 

  34. UNSUPPORTED OF PROTECTED FF

  35. BROWSERS OPPORTUNITIES Features / Firefox Chrome IE & EDGE Safari Opera + Browser Game FX Self-hosted + - - - - Sync storage Self-hosted + - - - - Accounts EMM / MDM Windows Side Windows Side + MacOS Server - Policies only only Side only Mobile No encryption Encryption by No encryption No encryption - support user-password without recovering this key

  36. ARTEFACTS ON DESKTOPS AND LAPTOPS • iTunes backups, except • Content from the iTunes and App Stores, Apple Books, Media Content synced from iTunes • Data already stored in iCloud, like iCloud Photos, iMessages, and text (SMS) and multimedia (MMS) messages • Face ID or Touch ID, Apple Pay information and settings, plus Apple Mail data • Activity, Health, and Keychain data (without iTunes password) • Saved passwords • Email account • Authentication tokens

  37. CREDENTIALS COLLECTION • Keychains: Credentials Manager for Windows, Keychain for MacOS • Browsers Credentials: Chrome, Firefox, IE & Edge, Safari, Opera, Yandex • Email accounts: resetting accounts, sent password via email • Tokens & Paired records: bypassing credentials & authorization needs • Cornerstone accounts’ credentials: various limitations to manage account & credentials

  38. PASSWORD MANAGEMENT ISSUE. Y2017 REPORT • The average business employee must keep track of 191 passwords, according to a report from LastPass. • According to the report, 81% of confirmed data breaches are due to passwords. • And the average 250-employee company has 47,750 passwords in use, the report found • Only 27% of businesses have enabled multi-factor authentication to protect their password vaults, LastPass found. • https://www.securitymagazine.com/articles/88475-average- business-user-has-191-passwords

  39. PASSWORD MANAGEMENT ISSUE. MAPPING TO USER CREDENTIALS’ USE CASES. Screen lock iCloud iTunes backup password password password Screen Time One-time Lockdown password codes records

  40. PASSWORD MANAGEMENT ISSUE. MAPPING TO USER CREDENTIALS’ USE CASES. • Screen lock password (= iPhone passcode) • iCloud password (= Apple Account password) • iTunes backup password (= local backup password) • Screen Time password (secures device, account, and changes) • One-time codes (2FA passwords shared across account-linked devices) • Lockdown records: In iOS 9, if a pairing record hasn’t been used for more than six months, it expires. This timeframe is shortened to 30 days in iOS 11 or later.

  41. PASSWORD MANAGEMENT ISSUE. SCREEN LOCK PASSCODE. Unlock the device USB accessories Device pairing & Change account local backup password & trusted phone number Reset local backup View passwords Access certain types Physical analysis password saved in the keychain of data from iCloud

  42. PASSWORD MANAGEMENT ISSUE. SCREEN LOCK PASSCODE. • Unlock the device & Connect to USB accessories (unlocking the device disables USB restrictions) • Pair the device with the new computer and make a new local backup • Change the iCloud password and trusted phone number (only on 2FA accounts; one-time 2FA password not required) • Reset (remove) the iTunes backup password (if Screen Time password is not set) • iOS 13: Change or set new iTunes backup password, Update iOS & Reset the device to factory settings • View passwords saved in the keychain • Access certain types of data from iCloud (iCloud password and one-time 2FA password required). This includes iCloud keychain, Health data, synced messages, Screen Time data • Perform physical analysis. If the device screen lock passcode is known and there are no Screen Time restrictions on installing apps, then jailbreak, extract the file system and decrypt the keychain are possible. The keychain contains the Screen Lock password and the iCloud password among other things.

  43. PASSWORD MANAGEMENT ISSUE. ICLOUD PASSWORD. Reset device via Sign in, Authorize Some data from Account, Device Remote location, Recovery mode App Store iCloud without Lock, Find Device, lock & erase, purchases, app 2FA, more data Factory reset Change Account & updates with 2FA, much cloud password more – 2FA + screen lock password

  44. PASSWORD MANAGEMENT ISSUE. ICLOUD PASSWORD. • Reset device via Recovery mode, then enter iCloud password when prompted during setup • Sign in, Authorize App Store purchases, app updates • Extract some data from iCloud without 2FA, more data with 2FA, much more – 2FA, screen lock password • Sign into Apple Account, Disable iCloud lock, turn off Find my iPhone, perform factory reset • Remotely locate, lock or erase devices via Find My (even for 2FA accounts, one-time 2FA codes are NOT required) • Change your Apple ID/iCloud password, Sign in on Apple devices to make them trusted

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

R11410-20 photomultiplier tubes Dmitry Akimov a,b , Alexander Bolozdynya a , Yury Efremenko a,c ,

R11410-20 photomultiplier tubes Dmitry Akimov a,b , Alexander Bolozdynya a , Yury Efremenko a,c ,

Peculiarities of the Hamamatsu R11410-20 photomultiplier tubes Dmitry Akimov a,b , Alexander Bolozdynya a , Yury Efremenko a,c , Vladimir Kaplin a , Alexander Khromov a , Yury Melikyan a , Valery Sosnovtsev a a Moscow Engineering Physics Institute

538 views • 37 slides
Study of MRS photodiodes for T2K experiment Yury Kudenko E. Akhromeev, G. Bondarenko* ) , V.

Study of MRS photodiodes for T2K experiment Yury Kudenko E. Akhromeev, G. Bondarenko* ) , V.

Study of MRS photodiodes for T2K experiment Yury Kudenko E. Akhromeev, G. Bondarenko* ) , V. Golovin* ) , E. Gushin, A. I zmailov, M. Khabibullin, A. Khotjantsev, B. Lubsandorzhiev, O. Mineev, Yu. Musienko, A. Shaikhiev, N. Yershov I NR,

389 views • 24 slides
There are no first-order sentences with quantifier depth 4 and an infinite spectrum Yury

There are no first-order sentences with quantifier depth 4 and an infinite spectrum Yury

There are no first-order sentences with quantifier depth 4 and an infinite spectrum Yury Yarovikov Moscow Institute of Physics and Technology June 9, 2019 Yury Yarovikov (Moscow Institute of Physics and Technology) There are no first-order

716 views • 40 slides
Unexpected applicatives and morphological compositionality in Adyghe Yury Lander Institute of

Unexpected applicatives and morphological compositionality in Adyghe Yury Lander Institute of

Morphology of the Worlds Languages, University of Leipzig, 12 June 2009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Unexpected applicatives and morphological compositionality in Adyghe Yury Lander Institute of Oriental

184 views • 6 slides
Inference and Sampling of K 33 -free Ising Models Valerii Likhosherstov 1 , Yury Maximov 1,2 ,

Inference and Sampling of K 33 -free Ising Models Valerii Likhosherstov 1 , Yury Maximov 1,2 ,

Inference and Sampling of K 33 -free Ising Models Valerii Likhosherstov 1 , Yury Maximov 1,2 , Michael Chertkov 1,2,3 1 Skolkovo Institute of Science and Technology, Moscow, Russia 2 Theoretical Division and Center for Nonlinear Studies, Los Alamos

797 views • 7 slides
PetrSU-Nokia-NSN Laboratory on Wireless and Mobile Technology Yury A. Bogoyavlenskiy, Dmitry G.

PetrSU-Nokia-NSN Laboratory on Wireless and Mobile Technology Yury A. Bogoyavlenskiy, Dmitry G.

PetrSU-Nokia-NSN Laboratory on Wireless and Mobile Technology Yury A. Bogoyavlenskiy, Dmitry G. Korzun, Kirill A. Kulakov, Vadim A. Ponomarev Petrozavodsk State University Department of Computer Science AMICT2010 Workshop, 2527 May,

756 views • 18 slides
Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich Olga Gadyatskaya RAID 2016 Sensitive Resource Protection in Android Android is the most popular mobile OS: - ~ 2 billion of third-party apps

523 views • 24 slides
Comparison of Channels: Criteria for Domination by a Symmetric Channel Anuran Makur and Yury

Comparison of Channels: Criteria for Domination by a Symmetric Channel Anuran Makur and Yury

Comparison of Channels: Criteria for Domination by a Symmetric Channel Anuran Makur and Yury Polyanskiy EECS Department, Massachusetts Institute of Technology LIDS Student Conference 2017 . . . . . . . . . . . . . . . . . . .

475 views • 46 slides
Larisa Fleishman Yury Gubman Valuation of dwelling is carried out with different methods: Price

Larisa Fleishman Yury Gubman Valuation of dwelling is carried out with different methods: Price

Mass Appraisal at the Census Level - Israeli Case Larisa Fleishman Yury Gubman Valuation of dwelling is carried out with different methods: Price agreed upon in a sale transaction Owners self -reported valuation Experts (appraiser's)

490 views • 15 slides
Vegetation Response on Climatic Changes in West-Siberian North Sergey Kirpotin 1 , Yury Polishchuk

Vegetation Response on Climatic Changes in West-Siberian North Sergey Kirpotin 1 , Yury Polishchuk

Vegetation Response on Climatic Changes in West-Siberian North Sergey Kirpotin 1 , Yury Polishchuk 2 , Oleg Pokrovsky 3 , Alexey Kouraev 3 , Natalia Bryksina 2 , Anna Sugaipova 2 , Elena Zakharova 3 , Liudmila Shirokova 4 , Maria Kolmakova 1,3 ,

510 views • 30 slides
H. H.E. Yury y P. Sen Sentyu yurin, PhD Secr Secretary Gen ener eral Gas Exp Gas xpor

H. H.E. Yury y P. Sen Sentyu yurin, PhD Secr Secretary Gen ener eral Gas Exp Gas xpor

H. H.E. Yury y P. Sen Sentyu yurin, PhD Secr Secretary Gen ener eral Gas Exp Gas xpor ortin ing Cou ountrie ies For orum (GE (GECF) 27 27 No Novemb mber 2019 2019 Doha, Qatar The 1 st GECF International Seminar Natural Gas:

227 views • 10 slides
Neutrino detectors for oscillation experiments Yury Kudenko Institute for Nuclear Research,

Neutrino detectors for oscillation experiments Yury Kudenko Institute for Nuclear Research,

Neutrino detectors for oscillation experiments Yury Kudenko Institute for Nuclear Research, Moscow INSTR17, Novosibirsk, Russia, 1 March 2017 1 OUTLINE Neutrino oscillations Current experiments - Accelerators: T2K, NOVA - Plans for

945 views • 29 slides
Isosceles Sets Yury Ionin October 10, 2015 1 2 P. Erd os, E 735, The American Mathematical

Isosceles Sets Yury Ionin October 10, 2015 1 2 P. Erd os, E 735, The American Mathematical

Isosceles Sets Yury Ionin October 10, 2015 1 2 P. Erd os, E 735, The American Mathematical Monthly (1946). Six points can be arranged in the plane so that all triangles formed by triples of these points are isosceles. Show that seven

312 views • 15 slides
Facility Location Games Yury Kochetov Sobolev Institute of Mathematics. Novosibirsk. Russia

Facility Location Games Yury Kochetov Sobolev Institute of Mathematics. Novosibirsk. Russia

Facility Location Games Yury Kochetov Sobolev Institute of Mathematics. Novosibirsk. Russia Contents 1. Introduction 2. The leaderfollower location problem 3. Theoretical and empirical results 4. Extensions of the basic model 5. Application in

329 views • 29 slides
Development of superconducting undulators at the Advanced Photon Source Yury Ivanyushenkov on

Development of superconducting undulators at the Advanced Photon Source Yury Ivanyushenkov on

Development of superconducting undulators at the Advanced Photon Source Yury Ivanyushenkov on behalf of the APS superconducting undulator project team Advanced Photon Source Argonne National Laboratory FNAL Accelerator Physics and Technology

497 views • 49 slides
by the Intensity Frontier Needs Nikolai Mokhov Pertti Aarnio, Yury Eidelman, Konstantin Gudima,

by the Intensity Frontier Needs Nikolai Mokhov Pertti Aarnio, Yury Eidelman, Konstantin Gudima,

Fermilab Accelerator Physics Center MARS15 Code Developments Driven by the Intensity Frontier Needs Nikolai Mokhov Pertti Aarnio, Yury Eidelman, Konstantin Gudima, Alexander Konobeev, Vitaly Pronskikh, Igor Rakhno, Sergei Striganov, Igor

507 views • 32 slides
Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com )

Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com )

January 30th, 2016 FOSDEM16 Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com ) Enterprise desktop at home with FreeIPA and GNOME 2 Enterprise? Enterprise desktop at home with FreeIPA and GNOME 3 *

978 views • 71 slides
OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006 Background Proposal is to define extensions to Kerberos V5 (rfc4120) to support pre-authentication using an OTP Three main aims: Allow an OTP

180 views • 14 slides
TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1 Outline IntroducLon MoLvaLon

638 views • 26 slides
Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given the time Security Notions and computational resources. However,

307 views • 10 slides
Federal Advocacy and Policy Updates: What's New for HCBS and Self-Direction Alison Barkoff Dan

Federal Advocacy and Policy Updates: What's New for HCBS and Self-Direction Alison Barkoff Dan

Federal Advocacy and Policy Updates: What's New for HCBS and Self-Direction Alison Barkoff Dan Berland Director of Advocacy Director of Federal Policy Center for Public Representation NASDDDS abarkoff@cpr-us.org dberland@nasddds.org

817 views • 59 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Use of NSF Supercomputers Rob Gardner, University of Chicago OSG Council, Indianapolis, October

Use of NSF Supercomputers Rob Gardner, University of Chicago OSG Council, Indianapolis, October

Use of NSF Supercomputers Rob Gardner, University of Chicago OSG Council, Indianapolis, October 3, 2017 1 Acknoweledgements !! Frank Wuerthwein Edgar Fajardo Mark Neubauer, Dave Lesny & Peter Onyisi Mats Rynge Rob Quick 2 Goal

676 views • 28 slides
Governance, Risk Management and Compliance Lect. Dr. Ana-Maria Ghiran Prof. Dr. Robert Buchmann

Governance, Risk Management and Compliance Lect. Dr. Ana-Maria Ghiran Prof. Dr. Robert Buchmann

24th International Working Conference, REFSQ 2018, Utrecht, The Netherlands, March 19-22, 2018 Security Requirements Elicitation from Engineering Governance, Risk Management and Compliance Lect. Dr. Ana-Maria Ghiran Prof. Dr. Robert Buchmann

305 views • 14 slides

More recommend