Needle - Black Hat Arsenal USA 2017

A87dd450496fa9c95cc16f7d77c340a3?s=47 Marco Lancini
July 27, 2017
Technology
0
100

Needle - Black Hat Arsenal USA 2017

I delivered a talk based on this presentation at Black Hat Arsenal USA 2017 (https://www.blackhat.com/us-17/arsenal/schedule/index.html#needle-7897) in Las Vegas (July 27th, 2017).

A87dd450496fa9c95cc16f7d77c340a3?s=128

Marco Lancini

July 27, 2017
Tweet

More Decks by Marco Lancini

See All by Marco Lancini
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
78
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
120
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
310
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
120
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
85
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
1
150
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
20
A87dd450496fa9c95cc16f7d77c340a3?s=48 marcolancini
0
48

Other Decks in Technology

See All in Technology
7e6a435700dda6cdb22105d601f20892?s=48 picardparis
4
2k
11b879ad001638b95dd62331eed65505?s=48 fortegp05
0
250
34fcd5f1deeb25b1138e9845137feb6e?s=48 kakutani
11
1.2k
Ac85568dfa460d48c36095d142632b1a?s=48 wps
0
130
13d64bff196e33cc6b352f226137d16e?s=48 monoqlo
6
380
Cb7edd153cf503f44c727b73647558bf?s=48 tetsuroito
0
1k
1cf2de2da02f94ad87a7a31038721e6c?s=48 capsmalt
1
140
88dae28e3d082236f37db2f5c2db339d?s=48 keropiyo
0
110
3623c11f38517055d9040073ed81913b?s=48 endoumari
3
350
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
1.1k
6ca998e3a07596f141597da0d2983ecc?s=48 0si43
2
190
0ced4f52ccc9e9b2644b4dd7f475e545?s=48 kkojima
1
180

Featured

See All Featured
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
175
14k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
218
14k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
296
39k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
9.9k
78b475797a14c84799063c7cd073962f?s=48 holman
448
130k
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
330
29k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
196
19k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
10
1.4k
78b475797a14c84799063c7cd073962f?s=48 holman
287
130k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
236
23k
32de0bd2ba869609d26fd052a4622778?s=48 cromwellryan
100
5.7k
245cee81a9c424266e5e401d844ea881?s=48 lara
589
60k

Transcript

  1. ++ Black Hat Arsenal USA Marco Lancini 27th July 2017

    Needle

  2. What is Needle? Black Hat Arsenal USA A tool for

    auditing iOS Application Security An open source, modular framework •streamline the entire process •acts as a central hub Not a vuln scanner •knowledge (and intuition) of the tester is still required

  3. Motivation Beginners: easy to use Professionals: save time during assessments

    Developers: quickly test their products Black Hat Arsenal USA

  4. The Architecture

  5. New Native Agent Black Hat Arsenal USA

  6. How it works (briefly…) Black Hat Arsenal USA

  7. UI Black Hat Arsenal USA

  8. + The framework core exposes APIs to interact with the

    local and remote OS + These wraps common functionalities • file and data access • command execution • networking + Speed-up creation of new modules API Black Hat Arsenal USA

  9. API Black Hat Arsenal USA

  10. API - Agent Black Hat Arsenal USA

  11. Currently Supported Modules Black Hat Arsenal USA Binary Storage Dynamic

    Analysis Hooking / Instrumentation Network Communications Static Analysis

  12. Other additions

  13. Automatic Issue Detection Black Hat Arsenal USA

  14. + python needle-cli.py -g APP=mwr.ios.dvia -m binary/info/metadata -m device/agent_client#COMMAND=OS_VERSION Non

    Interactive Mode Black Hat Arsenal USA

  15. Support for System Apps Black Hat Arsenal USA

  16. Roadmap

  17. Roadmap Black Hat Arsenal USA •Replace all the dependencies Agent

    to deploy on device Support for non-jailbroken devices •Substrate integration •WebView scanner •Hook Swift methods •URI handlers fuzzer •Obfuscation detection New modules … community based

  18. Want to know more? Black Hat Arsenal USA mwr.to/needle @mwrneedle