Needle - Black Hat Arsenal USA 2017

Transcript

1. ++ Black Hat Arsenal USA Marco Lancini 27th July 2017

   Needle

2. What is Needle? Black Hat Arsenal USA A tool for

   auditing iOS Application Security An open source, modular framework •streamline the entire process •acts as a central hub Not a vuln scanner •knowledge (and intuition) of the tester is still required

3. Motivation Beginners: easy to use Professionals: save time during assessments

   Developers: quickly test their products Black Hat Arsenal USA

4. The Architecture

5. New Native Agent Black Hat Arsenal USA

6. How it works (briefly…) Black Hat Arsenal USA

7. UI Black Hat Arsenal USA

8. + The framework core exposes APIs to interact with the

   local and remote OS + These wraps common functionalities • file and data access • command execution • networking + Speed-up creation of new modules API Black Hat Arsenal USA

9. API Black Hat Arsenal USA

10. API - Agent Black Hat Arsenal USA

11. Currently Supported Modules Black Hat Arsenal USA Binary Storage Dynamic

    Analysis Hooking / Instrumentation Network Communications Static Analysis

12. Other additions

13. Automatic Issue Detection Black Hat Arsenal USA

14. + python needle-cli.py -g APP=mwr.ios.dvia -m binary/info/metadata -m device/agent_client#COMMAND=OS_VERSION Non

    Interactive Mode Black Hat Arsenal USA

15. Support for System Apps Black Hat Arsenal USA

16. Roadmap

17. Roadmap Black Hat Arsenal USA •Replace all the dependencies Agent

    to deploy on device Support for non-jailbroken devices •Substrate integration •WebView scanner •Hook Swift methods •URI handlers fuzzer •Obfuscation detection New modules … community based

18. Want to know more? Black Hat Arsenal USA mwr.to/needle @mwrneedle