Website of Daniel A. Mayer

New Talks Section

I added a new Talks section to the website. The blog hasn’t been updated much, but I’ve been giving a number of talks:

  • idb my iOS penetration testing tool.
  • Time Trial joint research with Joel Sandin into the feasibility of remote timing attacks.
  • Joint research with Drew Suarez into the limitations of full-disk encryption on Android and how to bypass it by exploiting bootloader weaknesses.

New Idb Features: Classdump, Cert Installer, Hosts File Editor, Screenshot Utility

During the last weeks I released a few new features as well as stability and usability improvements for idb. The more notable ones are:

  • Integration of weak_classdump by Elias Limneos to dump class and method information in the form of header files.
  • Addition of a new /etc/hosts file editor.
  • Fixing of the CA certificate installer / manager.
  • Adding documentation and increasing visibility for the screenshot utility.

All of the features are now documented in the new Manual on Github.

Updated Talk at SOURCE Boston 2014

Last weekend I also spoke at SOURCE Boston about idb and some of the new features. SOURCE is a great conference with excellent talks and an audience size that makes it personal enough to connect and engage with many of the attendees.

Read more about the new idb features and see my updated slide deck after the jump.

Idb - iOS Research / Pentesting Tool

Last weekend (January 17-19 2014) I gave a talk on blackbox iOS app pentesting at ShmooCon 2014 in Washington, D.C. The talk covered various common iOS app vulnerabilities, mitigation techniques, and also introduced a new tool called idb and demonstrated how it can be used to test for the discussed vulnerabilities.

Here is the slide deck:

ShmooCon Video Recording

Update February 10th 2014 The recording of my ShmooCon talk was now posted on archive.org. Below is a local mirror of the video.

idb

idb is a tool to simplify some common tasks for iOS pentesting and research. It is written in ruby with a Qt GUI frontend and should run on OS X and Linux (with some restrictions). This is the first public release of the tool so bug reports, feature requests, and contributions are more than welcome! The code is available under the MIT license on Github:

Read the full list of features after the jump.

I Wrote a Dissertation and Got My Ph.D.

It has been a while now, but last September I succesfully defended my dissertation and got a Ph.D. in Computer Science from the Stevens Institute of Technology. First the dissertation and then my new job at Matasano Security have kept me busy and so I neglected my website for quite a while. Well, it has now been updated with a new “About Me” page and PDFs of my dissertation.

Most importantly, here is the obligatory Wordle for my dissertation:

NECCDC and the Infosec “Squirrel”

Our team just came back from the Northeast Collegiate Cyber Defense Competition (NECCDC) 2012. We had a young, fresh team and we have learned a lot!. Thanks to the red, black, and white teams for making this fun and challenging competition possible! I'm looking forward to see how our team will be doing in the coming years when they have even more experience. I am completing my PhD this Summer and I will not be returning to CCDC — at least not as a blue team member :–)

RSA Security started a fun social media campaign at RSA Conference 2012: "What is your Infosec alter ego?". Below is the result I got at NECCDC 2012. Whats' yours? Thank's for the t-shirt EMC / RSA!

Infosec Squirrel

Stevens LaTeX Poster Template

For the poster session of its bi-annual event "Research and Entrepreneurship Day" my school, the Stevens Institute of Technology, only provided a Powerpoint poster template. Since typesetting formulas (and so many other things…) is rather painful to do in Powerpoint, I decided it is worth the effort and converted the poster template to LaTeX. I based the template on baposter by Brian Amberg which provides an excellent starting point for research posters. The Stevens design was created using a tikz picture as poster background as well as some adjustments to the style of the boxes.

I hope this template will help out other Stevens students in creating a poster on their research using LaTeX.

Download the Poster Template

Download Stevens LaTeX Poster Template

License

baposter has been released under the GNU General Public License and since I had to modify the baposter.cls file, this template is released under the GPL as well. I would love to release it under an MIT-like license, public domain or under Creative Commons in the future.

Using the Pyramid SQLAlchemy Models Outside of Pyramid

Assume you have an existing pyramid application which uses SQLAlchemy to access its database backend. You have nicely defined all Object Relational Mapper (ORM) models and your application uses it to consistently access the database. Assume further, that you now have to write some scripts which also require access to the database (using the same model) but which are otherwise independent of the web application (e.g., cronjob scripts). Here is how you can use your existing pyramid SQLAlchemy model in your own scripts.