Posts

Erez Metula is presenting at the International 2014 Cyber Security Summit in Tel Aviv, Israel

On January 16th, 2014, Erez will be giving an important presentation on Android Hacking in Mobile Application Security.

Full logistical details can be found here: http://cyber-security-tlv-summit.events.co.il/save-the-date

CYBERSEC-LUZ

We’d love to see everyone there and we’re looking forward to the exchange of ideas. For now, take a look at the  Synopsis so you have an idea of what’s ahead!

 Synopsis of his upcoming speech:

The mobile apps revolution has completely changed the way we use our mobile devices, that up until  recently were used just to make phone calls. Mobile applications nowadays handle our most sensitive data –  phone calls, SMS text messages, geographic location, financial information, internet browsing, etc., but the  question is “How can we really tell how secure are those applications? Who can assure us they are not spying on  us? Or, can it be abused by other applications taking advantage of security vulnerabilities in those apps?”

During this presentation we will answer such questions, while focusing on Android mobile applications. We will  start by describing the threat model of mobile apps vs. traditional apps, then we’ll demonstrate a couple of  common application level vulnerabilities, and the tools/techniques used to expose them.

Participants of this presentation will also witness the usage of the AppUse Android Penetration Testing VM – an open source virtual machine created by AppSec Labs for the sole purpose of pentesting Android applications.

 

Getting to know our experts: Chilik Tamir

Over the last few years AppSec Labs has been building a strong reputation for excellence in the field of Application Security. We offer services including pen-testing and full code review. As we’ve grown we’ve increased our experience, branching not only from pen-testing, but to in-company training and e-learning. We’ve developed a product line in e-learning which we are selling world-wide, and we’re expanding our market.

So, it’s about time that we show you who we are and what motivates us to do what we do. This will be the start to a few blog interviews letting you (our community) get to know us (your community) BETTER. We hope you enjoy hearing more about us and we look forward to hearing more from you.

Keep in touch with us via Twitter and Facebook!

@AppSecLabs

https://www.facebook.com/AppsecLabs

https://www.youtube.com/user/AppSecLabs/videos

Author: Jessie A. Pincus, International Sales Director and Academic Director, AppSec Labs

Getting to Know our Experts:

Chilik Tamir, Chief Scientist, AppSec Labs

Question: How did you originally get into the field of Cyber Security?
Chilik: It was a hobby that became a job.  I saw the WarGames movie back in the 1980’s and it intrigued me.

Question: Since you focus your research on the Apple iOS platform, what do you see as its main vulnerabilities, and where has it improved or made changes to compensate?
Chilik: Apple is beginning to implement security features that are set to ‘ON’ as the default setting, instead of relying on developers to officially turn them on. The pairing notification message and the protection class encryption are enabled by default. Until iOS 7 they weren’t enabled by default.

Question: What aspect of the field of Cyber Security initially grabbed your attention and made you say “I want to work in that field.”?​

Read more

Getting to Know Our Experts: Erez Metula

Blackhat 2013. Las Vegas, Nevada

Blackhat 2013. Las Vegas, Nevada

Over the last few years AppSec Labs has been building a strong reputation for excellence in the field of Application Security. We offer services including penetration testing and full code review. As we’ve grown we’ve increased our experience, branching from pen-testing to in-company application security training and e-learning. We’ve developed a product line in e-learning which we are selling world-wide, and we’re expanding our market.

So, it’s about time that we show you who we are and what motivates us to do what we do. This will be the start to a few blog interviews letting you (our community) get to know us (your community) BETTER. We hope you enjoy hearing more about us and we look forward to hearing more from you.

Keep in touch with us via Twitter, Facebook, and YouTube!

@AppSecLabs

https://www.facebook.com/AppsecLabs

https://www.youtube.com/user/AppSecLabs/videos

 

Author: Jessie A. Pincus, International Sales Director and Academic Director, AppSec Labs

Getting to Know our Experts:
Erez Metula, Application Security Expert, Founder of AppSec Labs

Jessie Asks: How did you originally get into the field of Cyber Security?
Erez Answers: I started coding at the age of 12. I was very interested in the subject of gaming and I got frustrated when I had to bypass stages in order to continue. So, I wondered how I could do it and I thus got into hacking and patching. Once I learned more I understood that it was all about coding. In order to do it properly I needed to be a developer, so I started learning Computer Science.

Jessie Asks: What aspect of the field of Cyber Security initially grabbed your attention and made you say “I want to work in that field.”?

Read more

Domain hijacking & Range attack by cPanel

cPanel navigates the requests that are sent to the server to the correct account according to domain. Of course, the account owner must declare that the domain belongs to him. In order to ensure that the domain does, in fact, belong to him, cPanel offers two options (without EPP code):

1. To refer the domain DNS to the DNS storage server.

2. To create a randomly-named file on the domain, created by cPanel, which is unique per-user.

cPanel assign domain options

I will go into some detail regarding the first option.

Read more

When Crypto Goes Wrong – Presentation

OWASP-Moves-RSA-Conference-Training-Class-Across-the-Street-421783-2

Slides from erez’s “When Crypto Goes Wrong” presentation at yesterday’s OWASP Israel 2011 conference.

When Crypto Goes Wrong – Presentation