Still Secure. We Empower What We Harden Because We Can Conceal

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration).

The Launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a statement in the Privacy Policy written by Apple: "Your device will keep track of places you have recently been, as well as how often and when you visited them, in order to learn places that are significant to you, to provide you with personalized services, such as predictive traffic routing, and to build better Photos Memories... ‘Everything' stores in iCloud service". Both cases are the same, designed in the same manner and driven by a similar idea to simplify the devices usage. It went even further with iOS and Android OS. Eventually, MS and Apple have boldly described their OS as "the most secure OS ever." This research is based on three things: data leaks, hardening, and forensics. Combining data leaks and hardening gives a data set with a goal and a vision of how to protect a system and make your use cases transparent. Forensics gives us excellent knowledge about valuable device security settings. Empowering the hardening with these anti-forensics techniques in terms of 'anti-forensics hardening' of a system makes it transparent what, when and why the whole device or its parts can or can not be accessed. To be entirely sure that all insecure gaps are closed and to verify how secure your system is, there is the option to rely on penetration testing additionally. Further more, we will talk about which insecure services are used to receive tracking data from your system, and which of them can be blocked without breaking the system and user use cases. Outline This talk will systematically review • Pentest to fix gaps of security & privacy. What tools to use and why you should perform pentesting, how to read and use security report. • Content Filtering. Mapping rogue sites, analytics and tracking services into granular activities to leverage privacy risks • Easy exploitation & post exploitation. Limits of AV solutions, risk of one vs. many browsers, add-ons & firewalls. • Host & On-host network activities monitoring. Disassembling features of big enterprise solutions into lightweight tools and bring it to in-home/small companies • Data Protection. The security & privacy features hidden across different OS editions and builds, plus overlapping features & dependences • On the way to dedicated and centralized manageable solutions. Pentesting of dedicated solutions, automating security, whitelisting (native vs. vendor vs. third-party tools) • Profiling and Use cases. The Future of forensically protected OS & devices

Presenters:

  • Yury Chemerkin - Advanced Monitoring
    Yury Chemerkin has ten years of experience in information security. He is a multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance. He's published many papers on mobile and cloud security, and speaks regularly at conferences such as CyberCrimeForum, DefCamp, HackerHalted, NullCon, OWASP, CONFidence, Hacktivity, Hackfest, DeepSec Intelligence, HackMiami, NotaCon, BalcCon, Intelligence Sec, InfoSec NetSysAdmins, RootCon, PHDays, etc.

Links:

Similar Presentations: