“Spent 2 days listening to excellent presentations at #t2infosec. Now I’m too scared to use Android, iPhone, Mac or Windows. Or fly anywhere.” @tojoko
One of the favorite parts of my multi-faceted job is presenting at computer security conferences. Besides providing a venue to spotlight Synack’s R&D efforts, it allows me to connect with the greater computer security community.
T2 Infosec is an annual conference in chilly Finland,that is dedicated to those “interested in the technical aspects of information security.” Unlike other computer security conferences that seem to be obsessed with growth, T2 takes a different approach. By limiting the number of attendees, it seeks to provide quality over quantity, in an environment where personal networking can thrive. Honestly, I found this approach incredibly refreshing and left the conferences with many new friends. From the impressive conference swag (a top-quality jacket that helped me stay warm), and a cozy speaker dinner at one of Helsinki’s ‘must visit’ restaurants, to an incredibly helpful conference organizer (mahalo Tomi!), T2’14 definitely surpassed my expectations.
Session Presentation: Reversing iOS Apps
Synack was invited to present twice at T2’14. The first session, titled “Reversing iOS Apps – a Practical Approach”[PDF] provided the foundation needed to become a skilled iOS reverse engineer. More informally, the sessioncovered “everything I wished I had known when I started reversing iOS apps.”
Having a full hour to present, I was able to cover a great deal of content such as the iOS environment, how to prepare a reversing environment, iOS reversing techniques, common classes of iOS vulnerabilities, and finally my favorite part, actual examples of vulnerabilities in iOS apps.
Since security in iOS apps is generally an afterthought, buggy iOS apps are everywhere! Using the techniques described in the presentation, now anybody can reverse iOS apps and likely uncover security vulnerabilities. Tip: If you sign up as a mobile researcher for Synack, you will get paid to find these bugs in our customers’ mobile apps!
Session Presentation: Trends in OS X Security and Malware
The second presentation by Synack was titled “Watching the Apple Fall”[PDF]. The talk started with a general overview of Apple’s security posture, trends in OS X security, and OS X malware. For example, did you know that the first virus found spreading in the wild, Elk Cloner, targeted Mac computers? Unfortunately, as detailed in the talk, Apple’s current anti-malware mitigations leave a lot to be desired and can be trivially bypassed by a sophisticated attacker. Thus it should come as no surprise that OS X malware is becoming a more prevalent threat to both users and the enterprise.
After detailing the OS X boot and startup process, the talk provided a comprehensive list of methods of persistence that malware could abuse. Following this, many OS X malware samples were discussed, and for each, their persistence mechanism was identified.
Finally, in an attempt to make the world a better place, I discussed KnockKnock, an open-source tool written by Synack that can generically detect persistent binaries – including all malware specimens included in the talk!
Though I was quite busy finishing up my slides and preparing for my talks, I did have time to check out some of the other presentations. The conference started with an intriguing keynote by Aral Balkan of ind.ie. Aral thought-provokingly detailed how companies such as Facebook and Google should be thought of as digital imperialists, selling not products, but rather thriving on data generated by its (unwitting?) users.
Another session I quite enjoyed was “Code your (p)own Flight Simulator” by Hugo Teso. Hugo discussed how to exploit avionic systems, and delved into the specific differences (and challenges) that one faces when performing such a feat. To me, the most intriguing part of the session covered post-exploitation and how one would propagate amongst various interconnected components that make up a modern airline. Chatting with Hugo, I learned that he’s a trained commercial pilot – somehow, this made me worry even more about my flight home!
The conference was wrapped up with a presentation on solving the T2’14 challenge which included discussions on things such as Microsoft’s (undocumented) ‘rich signature,’ various quirky assembly op-codes, and to keep things entertaining, Rick Astley.
While I wasn’t able to attend all the talks, I heard great things about each, and I am eagerly awaiting the availability of the slides. So am I looking forward to warmer weather? Most definitely! However, T2’14 did not disappoint, and in fact, far exceeded my expectations! Do yourself a favor, submit a talk to T2’15 (October 29 – 30, 2015) or at least try to attend. I promise you won’t be disappointed!