Ask the Insider Threat Experts at the 2015 DoDIIS Worldwide Conference

GuidePoint Security will be showcasing Insider Threat Solutions at DoDIIS Worldwide Conference on August 23rd thru Aug 26th, 2015.

GuidePoint has been working closely with the federal government over the past three years to develop PKI integrations for mission critical and business applications through F5 Networks, and integrating the resulting audit data into a Splunk application to assist in monitoring PKI access and authorization. This new capability assists in identifying users that mean harm to government networks.

In addition, GuidePoint has partnered with multiple industry- leading vendors including Digital Guardian, Exabeam, Apcon, and Pernix Data on enhancing network and system data for identifying suspicious activity across the enterprise, ultimately supporting the identification of anomalous activity. With these capabilities, GuidePoint enables a holistic approach to insider threat and anomaly detection for government networks.

GuidePoint Security is extremely excited for the opportunity to demonstrate newly developed solutions and capabilities at DODIIS Worldwide to help our customers and partners better understand the options available when working with GuidePoint.

Information about our partners:

Digital Guardian: Digital Guardian, formerly Verdasys, is a network security company focused on securing the sensitive data of the world’s most inventive, influential companies.

Exabeam: Exabeam is a user behavior analytics solution that leverages existing log data to quickly detect advanced attacks and accelerate incident response. Exabeam’s Stateful User Tracking™ automates the work of security analysts by resolving individual security events and behavior anomalies into a complete attack chain. Built by seasoned security and enterprise IT veterans from Imperva and Sumo Logic, Exabeam is headquartered in San Mateo, California and is privately funded by Norwest Venture Partners, Aspect Ventures and Investor Shlomo Kramer.

Apcon: APCON develops innovative, scalable technology solutions to enhance network monitoring, support IT traffic analysis, and streamline IT network management and security. APCON delivers state-of-the-art IT data aggregation, filtering, and network switching products, as well as leading-edge management software. APCON is headquartered near Portland, Oregon, where it has operated since 1993.

PernixData: PernixData is fundamentally changing how storage is designed and operated in virtualized data centers. The company’s software puts storage intelligence into high speed server media, establishing a control point for optimizing application performance and managing data center operations with true scale-out growth. With PernixData software, customers can leverage any storage platform for capacity, creating a decoupled storage architecture that maximizes design flexibility while minimizing storage costs.

Event information:

When: August 23-26, 2015
Where: Henry B. Gonzalez Convention Center | San Antonio, TX

The Defense Intelligence Agency (DIA) 2015 Department of Defense Intelligence Information Systems (DoDIIS) is a conference hosted by the DIA Chief Information Officer. This year’s theme is “Accelerating Intelligence Integration-Powered by Innovation & Technology, designed to highlight the DIA CIO’s commitment and intent to unify the defense intelligence infrastructure and information sharing initiatives through innovation, collaborative partnerships and technologies. Visit https://www.ncsi.com/dia/2015/index.php for more information.

Our technical experts from GuidePoint Security look forward to the opportunity to share our knowledge and newly developed solutions with attendees. We hope to see you at DoDIIS!

About GuidePoint Security
GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com
.

 

 

Lobotomy | The Android Assessment Toolkit

Through the years of assessing and reverse engineering Android applications, I consistently found a number of manual tasks overwhelmingly tedious and, at times, in desperate need of automation. I repeatedly found efficiency issues while working through my methodology for assessing Android applications, having to bounce from tool to tool in order to accomplish a specific goal. However, an idea that had been festering in the back of my mind for a while finally found its way into code, thus, Lobotomy was created.

Lobotomy, a new Android security toolkit, was developed to serve multiple purposes. The first objective was to build a framework that could easily be used to add in new features or functionality that would solve certain tasks when hacking up and reverse engineering Android applications. This was created on the notion that you will load once and work forever, meaning you can load your target Android application and work on the innards of that application through different modules without having to switch to other tools to perform operations on the same application. Another purpose of the framework was to become a wrapper for other well-known tools and their features sets.

Some of the tools Lobotomy provides wrappers for include:

• apktool
• bowser
• Dex2Jar
• Androguard
• Frida
• Adb

Perhaps the most important aspect of Lobotomy is its ability to find the important functionality and vulnerabilities within any target application quickly. There are many features that help motivate someone to look at the material that really matters. Whether that is an exported Broadcast Receiver, or the instrumentation of the Activity lifecycle, Lobotomy also helps minimize the amount of time spent looking at unnecessary components as well.

Features

Here are some of Lobotomy’s current features:

• APK loader
• APK Decompilation with apktool
• Conversion magic with Dex2Jar
• Attack surface enumeration
• Component enumeration
• Permission enumeration
• Permission to API mappings (BETA)
• Convert any APK into a debuggable APK
• APK Profiler
• Bowser | parseUri, loadUrl, addJavascriptInterface search and destroy
• Web services and frontend UI
• Logcat wrapper
• Frida implementation (BETA)
• SurgicalAPI | Find API usage for common vulnerabilities in targeted methods

Lobotomy is evolving as it continues to be developed by GuidePoint Security. We would love your help and input with the new features.

You can check out Lobotomy here:

https://github.com/guidepointsecurity/lobotomy

We will also be adding a Wiki to document all of the features and how to use them, as well as a list of new and upcoming features in the works for the tool.

About GuidePoint Security
GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.