Needle - Black Hat Arsenal USA 2017

Needle - Black Hat Arsenal USA 2017

I delivered a talk based on this presentation at Black Hat Arsenal USA 2017 (https://www.blackhat.com/us-17/arsenal/schedule/index.html#needle-7897) in Las Vegas (July 27th, 2017).

A87dd450496fa9c95cc16f7d77c340a3?s=128

Marco Lancini

July 27, 2017
Tweet

Transcript

  1. ++ Black Hat Arsenal USA Marco Lancini 27th July 2017

    Needle
  2. What is Needle? Black Hat Arsenal USA A tool for

    auditing iOS Application Security An open source, modular framework •streamline the entire process •acts as a central hub Not a vuln scanner •knowledge (and intuition) of the tester is still required
  3. Motivation Beginners: easy to use Professionals: save time during assessments

    Developers: quickly test their products Black Hat Arsenal USA
  4. The Architecture

  5. New Native Agent Black Hat Arsenal USA

  6. How it works (briefly…) Black Hat Arsenal USA

  7. UI Black Hat Arsenal USA

  8. + The framework core exposes APIs to interact with the

    local and remote OS + These wraps common functionalities • file and data access • command execution • networking + Speed-up creation of new modules API Black Hat Arsenal USA
  9. API Black Hat Arsenal USA

  10. API - Agent Black Hat Arsenal USA

  11. Currently Supported Modules Black Hat Arsenal USA Binary Storage Dynamic

    Analysis Hooking / Instrumentation Network Communications Static Analysis
  12. Other additions

  13. Automatic Issue Detection Black Hat Arsenal USA

  14. + python needle-cli.py -g APP=mwr.ios.dvia -m binary/info/metadata -m device/agent_client#COMMAND=OS_VERSION Non

    Interactive Mode Black Hat Arsenal USA
  15. Support for System Apps Black Hat Arsenal USA

  16. Roadmap

  17. Roadmap Black Hat Arsenal USA •Replace all the dependencies Agent

    to deploy on device Support for non-jailbroken devices •Substrate integration •WebView scanner •Hook Swift methods •URI handlers fuzzer •Obfuscation detection New modules … community based
  18. Want to know more? Black Hat Arsenal USA mwr.to/needle @mwrneedle