Exchanging Demands
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a Black Hat USA 2012 conference talk that delves into the vulnerabilities of Microsoft Exchange's mobile device management policies. Learn how attackers can exploit the protocol for updating these policies to remotely wipe connected devices without authentication. Discover the process of impersonating an Exchange server and sending policy updates through a simple script to erase data on Android and iOS devices. Gain insights into the security implications of Exchange's relationship with mobile clients, including password complexity enforcement, screen timeouts, and remote lockout features. Follow along as the speaker demonstrates proof-of-concept code and discusses potential future developments in this area of mobile security.
Syllabus
Introduction
Who am I
Laser Tag
Clarification
Story
Client Questions
Do We Need Exchange
Its Too Simple
SSL
Expert opinion
Lets get started
Installing Exchange
Hacking Competition
Provision Command
Service Response
Binary XML
Developing Concept
Structure
Device Encryption
Man in the Middle
Targets
Dance
Request
Policy Push
Demo Time
Python Script
Email
Phone
iPhone
Future Work
Open Source Software
Active Sync
Google Backdoor
Conclusion
Thank you
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube