YoVDO

Exchanging Demands

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Mobile Device Security Courses Android Security Courses iOS Security Courses

Course Description

Overview

Explore a Black Hat USA 2012 conference talk that delves into the vulnerabilities of Microsoft Exchange's mobile device management policies. Learn how attackers can exploit the protocol for updating these policies to remotely wipe connected devices without authentication. Discover the process of impersonating an Exchange server and sending policy updates through a simple script to erase data on Android and iOS devices. Gain insights into the security implications of Exchange's relationship with mobile clients, including password complexity enforcement, screen timeouts, and remote lockout features. Follow along as the speaker demonstrates proof-of-concept code and discusses potential future developments in this area of mobile security.

Syllabus

Introduction
Who am I
Laser Tag
Clarification
Story
Client Questions
Do We Need Exchange
Its Too Simple
SSL
Expert opinion
Lets get started
Installing Exchange
Hacking Competition
Provision Command
Service Response
Binary XML
Developing Concept
Structure
Device Encryption
Man in the Middle
Targets
Dance
Request
Policy Push
Demo Time
Python Script
Email
Phone
iPhone
Future Work
Open Source Software
Active Sync
Google Backdoor
Conclusion
Thank you


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube