SlideShare une entreprise Scribd logo

Windows Phone Application Penetration Testing

Télécharger en tant que PPTX, PDF
Jewel Joy
Jewel Joy

Penetration Testing Windows Phone Applications Jewel Joy Contents : Windows Phone Overview Approach Application File Structure Tools for Penetration Testing Security Features

MobileTechnologie
1  sur  15
Jewel Joy
 Windows Phone Overview  Approach  Application File Structure  Tools for Penetration Testing  Security Features PenetrationTesting of Windows Phone Applications
 Microsoft’s Own OS  Based onWindows 8 Core – ARM Architecture  History  The successor to theWindows Mobile OS  - 15 Mar 2010 –Windows Phone 7 series announced  - 21 Oct 2010 –Windows Phone 7 released  - 29 Oct 2012 –Windows Phone 8 released With the GDR 2 (Amber) & GDR 3 (Black) Updates PenetrationTesting of Windows Phone Applications
 NTFS file system support  BitLocker device encryption  Sandboxed applications: Applications run in their own sandboxed virtual environment  UEFI Secure boot: Unified Extensible Firmware Interface (UEFI) is the successor to the legacy BIOS firmware interface. UEFI relies on theTrusted Platform Module (TPM) 2.0 standard requiring unique keys to be burned into the chip during production to restrict software without correct digital signature to execute.  AllWindows Phone 8 binaries must have digital signatures signed by Microsoft to run PenetrationTesting of Windows Phone Applications
 Chamber Concept (WP7)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Elevated Rights Chamber (ERC) ▪ Services, user-mode drivers  - Standard Rights Chamber (SRC) ▪ Pre-installed applications  - Least PrivilegedChamber (LPC) ▪ Applications from WP store PenetrationTesting of Windows Phone Applications
 Chamber Concept (WP8)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Least Privileged Chamber (LPC)  All other software: services,  pre-installed apps, application fromWP store PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications
 Emulator /Windows Phone SDK  Unlocked Device  Side Loading  Developer Unlock – Free Unlock with 2 Apps Limit  Student Unlock – Up to 3 Apps  Limitations  Apps from the store cannot be extracted  Apps from the store will not work on emulators PenetrationTesting of Windows Phone Applications
 Burp Suite  WP Power tools  .NET Reflector PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications ► AppManifest.xaml ► WMAppManifest.xml
► WMAppManifest.xml
PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications

Recommandé

Windows Phone 8 application security
Windows Phone 8 application securityWindows Phone 8 application security
Windows Phone 8 application security
Andrey Chasovskikh
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
Jorge Orchilles
 
Windows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveWindows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep Dive
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
Andrey Chasovskikh
 
Reverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 appsReverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 apps
Amaan Khan
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission Model
Georgia Weidman
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 

Recommandé

Windows Phone 8 application security
Windows Phone 8 application securityWindows Phone 8 application security
Windows Phone 8 application security
Andrey Chasovskikh
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
Jorge Orchilles
 
Windows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveWindows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep Dive
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
Andrey Chasovskikh
 
Reverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 appsReverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 apps
Amaan Khan
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission Model
Georgia Weidman
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
National Cheng Kung University
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit Giri
OWASP Delhi
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 
Android Security
Android SecurityAndroid Security
Android Security
Suminda Gunawardhana
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
Ravishankar Kumar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
Kelwin Yang
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
In tune inaction
In tune inactionIn tune inaction
In tune inaction
Olav Tvedt
 
RSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamRSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallam
Ahmed Sallam
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
Asanka Dilruk
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
Sperasoft
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
Avinash Birnale
 
Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999
Ahmed Sallam
 
Android
AndroidAndroid
Android
Tapan Khilar
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
Pietro F. Maggi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
Dirk Nicol
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
hackstuff
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
christopherfairbairn
 
Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8
Damir Dobric
 
Windows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers ConferenceWindows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers Conference
Damir Dobric
 

Contenu connexe

Tendances

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
Ravishankar Kumar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
In tune inaction
In tune inactionIn tune inaction
In tune inaction
Olav Tvedt
 

Tendances (20)

Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit Giri
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android security
Android securityAndroid security
Android security
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
In tune inaction
In tune inactionIn tune inaction
In tune inaction
 
RSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamRSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallam
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999
 
Android
AndroidAndroid
Android
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
 

Similaire à Windows Phone Application Penetration Testing

Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8
AlexanderGoetz
 
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxEclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
Brett Hackleman
 
13.30 hr Hebinck
13.30 hr Hebinck13.30 hr Hebinck
13.30 hr Hebinck
Themadagen
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
Positive Hack Days
 

Similaire à Windows Phone Application Penetration Testing (20)

Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8
 
Windows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers ConferenceWindows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers Conference
 
Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
 
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxEclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
 
Eclipse RT Day
Eclipse RT DayEclipse RT Day
Eclipse RT Day
 
13.30 hr Hebinck
13.30 hr Hebinck13.30 hr Hebinck
13.30 hr Hebinck
 
Pwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit GiriPwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit Giri
 
Windows Embedded in the Real World
Windows Embedded in the Real WorldWindows Embedded in the Real World
Windows Embedded in the Real World
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Windows Mobile
Windows MobileWindows Mobile
Windows Mobile
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 
OSGi: Best Tool In Your Embedded Systems Toolbox
OSGi: Best Tool In Your Embedded Systems ToolboxOSGi: Best Tool In Your Embedded Systems Toolbox
OSGi: Best Tool In Your Embedded Systems Toolbox
 
Window IoT Mod 1.pdf
Window IoT Mod 1.pdfWindow IoT Mod 1.pdf
Window IoT Mod 1.pdf
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
 
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor Customizations
 
Albin profile
Albin profileAlbin profile
Albin profile
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 

Dernier

BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Cara Menggugurkan Kandungan 087776558899
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
nishacall1
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
nishacall1
 

Dernier (6)

BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
Leading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfLeading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdf
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 

Windows Phone Application Penetration Testing

  • 2.  Windows Phone Overview  Approach  Application File Structure  Tools for Penetration Testing  Security Features PenetrationTesting of Windows Phone Applications
  • 3.  Microsoft’s Own OS  Based onWindows 8 Core – ARM Architecture  History  The successor to theWindows Mobile OS  - 15 Mar 2010 –Windows Phone 7 series announced  - 21 Oct 2010 –Windows Phone 7 released  - 29 Oct 2012 –Windows Phone 8 released With the GDR 2 (Amber) & GDR 3 (Black) Updates PenetrationTesting of Windows Phone Applications
  • 4.  NTFS file system support  BitLocker device encryption  Sandboxed applications: Applications run in their own sandboxed virtual environment  UEFI Secure boot: Unified Extensible Firmware Interface (UEFI) is the successor to the legacy BIOS firmware interface. UEFI relies on theTrusted Platform Module (TPM) 2.0 standard requiring unique keys to be burned into the chip during production to restrict software without correct digital signature to execute.  AllWindows Phone 8 binaries must have digital signatures signed by Microsoft to run PenetrationTesting of Windows Phone Applications
  • 5.  Chamber Concept (WP7)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Elevated Rights Chamber (ERC) ▪ Services, user-mode drivers  - Standard Rights Chamber (SRC) ▪ Pre-installed applications  - Least PrivilegedChamber (LPC) ▪ Applications from WP store PenetrationTesting of Windows Phone Applications
  • 6.  Chamber Concept (WP8)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Least Privileged Chamber (LPC)  All other software: services,  pre-installed apps, application fromWP store PenetrationTesting of Windows Phone Applications
  • 7. PenetrationTesting of Windows Phone Applications
  • 8. PenetrationTesting of Windows Phone Applications
  • 9.  Emulator /Windows Phone SDK  Unlocked Device  Side Loading  Developer Unlock – Free Unlock with 2 Apps Limit  Student Unlock – Up to 3 Apps  Limitations  Apps from the store cannot be extracted  Apps from the store will not work on emulators PenetrationTesting of Windows Phone Applications
  • 10.  Burp Suite  WP Power tools  .NET Reflector PenetrationTesting of Windows Phone Applications
  • 11. PenetrationTesting of Windows Phone Applications ► AppManifest.xaml ► WMAppManifest.xml
  • 13. PenetrationTesting of Windows Phone Applications
  • 14. PenetrationTesting of Windows Phone Applications
  • 15. PenetrationTesting of Windows Phone Applications