OWASP Meeting in Kraków

• macOS Malware Incident Response at Scale (Kuba Sendor)

Even for a big incident response team handling all of the repetitive tasks related to malware infections is a tedious endeavor. Malware incident responders spend a lot of their precious time staring at the digital forensics collected from potentially infected macOS systems, without much indication where to look at or which part of the forensic trail to focus on.

Some parts of the process could be automated, e.g. taking the advantage of the open source OSXCollector forensic evidence collection & analysis toolkit (https://github.com/Yelp/osxcollector). This process takes the full advantage of the additional information on suspicious domains, URLs and file hashes. But it still requires a certain degree of configuration and manual maintenance that consumes a lot of attention from malware incident responders.

AMIRA (Automated Malware Incident Response and Analysis) comes to the rescue (https://github.com/Yelp/amira). AMIRA turns the forensic evidence gathered by OSXCollector into an actionable response plan, suggesting the infection source as well as the suspicious files and domains requiring a closer look from an analyst. Furthermore, AMIRA could be easily integrated with the incident response platform, making sure that very little overhead is necessary.

Speaker's bio:

Kuba Sendor (@jsendor) helps companies develop securely in the ever-changing threat landscape. He has experience in automating malware incident response, as well as leading and optimizing security incident response processes.

In the past he was managing Corporate Security team at Yelp, where his team was responsible for analyzing and responding to malware and phishing threats in addition to any other unforeseen security incidents. Before that, he worked as researcher in the Security and Trust group at SAP. Over there he participated in the initiatives related to data access control and privacy policies, way before GDPR was a thing.

He holds double MSc degree in Computer Science from AGH University of Science and Technology, and Telecom ParisTech/Institut Eurecom in Sophia Antipolis, France. In his free time he likes cycling, running and reading conspiracy theory novels.

• Pentesting iOS apps without jailbreak (Wojciech Reguła)

Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources.

Speaker's bio:

Wojciech is an IT Security Specialist employed at SecuRing. Professionally responsible for web and mobile security testing with particular emphasis on iOS. He is a creator of secure Ruby code examples for OWASP Security Knowledge Framework and founder of infosec student research group UKOD located in AGH in Cracow, Poland. In free time he runs his blog https://wojciechregula.blog.