Lobotomy | The Android Assessment Toolkit

Through the years of assessing and reverse engineering Android applications, I consistently found a number of manual tasks overwhelmingly tedious and, at times, in desperate need of automation. I repeatedly found efficiency issues while working through my methodology for assessing Android applications, having to bounce from tool to tool in order to accomplish a specific goal. However, an idea that had been festering in the back of my mind for a while finally found its way into code, thus, Lobotomy was created.

Lobotomy, a new Android security toolkit, was developed to serve multiple purposes. The first objective was to build a framework that could easily be used to add in new features or functionality that would solve certain tasks when hacking up and reverse engineering Android applications. This was created on the notion that you will load once and work forever, meaning you can load your target Android application and work on the innards of that application through different modules without having to switch to other tools to perform operations on the same application. Another purpose of the framework was to become a wrapper for other well-known tools and their features sets.

Some of the tools Lobotomy provides wrappers for include:

• apktool
• bowser
• Dex2Jar
• Androguard
• Frida
• Adb

Perhaps the most important aspect of Lobotomy is its ability to find the important functionality and vulnerabilities within any target application quickly. There are many features that help motivate someone to look at the material that really matters. Whether that is an exported Broadcast Receiver, or the instrumentation of the Activity lifecycle, Lobotomy also helps minimize the amount of time spent looking at unnecessary components as well.

Features

Here are some of Lobotomy’s current features:

• APK loader
• APK Decompilation with apktool
• Conversion magic with Dex2Jar
• Attack surface enumeration
• Component enumeration
• Permission enumeration
• Permission to API mappings (BETA)
• Convert any APK into a debuggable APK
• APK Profiler
• Bowser | parseUri, loadUrl, addJavascriptInterface search and destroy
• Web services and frontend UI
• Logcat wrapper
• Frida implementation (BETA)
• SurgicalAPI | Find API usage for common vulnerabilities in targeted methods

Lobotomy is evolving as it continues to be developed by GuidePoint Security. We would love your help and input with the new features.

You can check out Lobotomy here:

https://github.com/guidepointsecurity/lobotomy

We will also be adding a Wiki to document all of the features and how to use them, as well as a list of new and upcoming features in the works for the tool.

About GuidePoint Security
GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

Join GuidePoint Security and Partners at Charlotte SecureWorld 2015

SecureWorld Logo-Icon 2015

If you’re an Information Security professional looking for globally relevant education, training and networking, you don’t want to miss the Charlotte SecureWorld 2015 Conference.

GuidePoint Security will be attending the conference, along with two of our premier technology partners, Absolute Software and Varonis.

When: Wednesday, February 11, 2015
Where: Charlotte SecureWorld Conference, Booth #300, at Harris Conference Center, Charlotte, NC

GuidePoint Security is proud to partner with Absolute Software and Varonis. Both companies bring their own innovative solutions to the table, making it possible for us to match the right tools and resources to the unique information security demands of our clients.

Absolute Software was founded in 1993 on the idea that individuals and businesses should be able to track, manage and secure their mobile computers regardless of the physical location of the device. Today, their security-as-a-service solutions protect millions of computers worldwide with subscribers who range from individuals to the largest public and private sector organizations.

Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. They specialize in human-generated data, a type of unstructured data, such as documents and audio/video files, which often contains an enterprise’s financial information, intellectual property and other forms of vital information.

To learn more and to network with GuidePoint Security and our partners, please stop by booth #300 at the Charlotte SecureWorld 2015 Conference.

For additional information about the Charlotte SecureWorld 2015 Conference, visit http://www.secureworldexpo.com/charlotte/home.

About GuidePoint Security, LLC

GuidePoint Security provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps our clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Virginia, and with offices in Michigan, New Hampshire, Florida and North Carolina, GuidePoint Security is a small business and classification can be found with the System for Award Management (SAM). Learn more at www.guidepointsecurity.com.

Mobile Security and Privacy in an iOS 8 World

iOS 8 was released on September 17 of this year for the iPad 2, iPhone 4S, and newer devices, and is pre-installed on the new iPhone 6 and 6+, which was released on September 19, 2014. Since blogs and articles detailing the new features and changes in iOS 8 abound, we won’t share those details here. Instead, we will cover only the security and privacy improvements. If you’re interested in all the juicy details surrounding iOS 8, have a look at the iPhone or iPad user guides published by Apple, which are available for free in the iBook store.

Now, on the topic of mobile security, according to 451 Research, mobile device security is the top source of pain for the enterprise security managers who were interviewed for their latest study. The pain points cover several general areas including consumerization, employee expectations, and device management. Mobile device security was a top concern of 16% of respondents, up 13% from last year.

Screen Shot 2014-09-25 at 3.19.24 PM

So, will the security changes in iOS 8 help enterprise security managers sleep at night? Time will tell, but let’s have a look at the goods.

For starters, Apple can no longer unlock a user’s device even if requested by government or law enforcement order – that ability was removed in iOS 8. This is very important for privacy and security, especially with the rollout of the Apple Pay feature available with iPhone 6/6+. Apple also patched the so-called “diagnostic backdoors” that were supposedly used by the NSA to steal users’ data. If that isn’t enough, several other features have been created or modified to quickly enable “un-trusting” of all computers that a device has been connected to and the ability to limit the amount of data that applications collect and share about you. You can even change Safari’s default search from Google to the privacy-conscious DuckDuckGo.

Furthermore, Apple’s updated privacy policy assures users that they don’t use email and Web browsing habits to build a user profile for monetization. As if this isn’t enough to prove Apple is serious about security and privacy, most of the security measures are implemented by default. One exception is the necessity of users to manually implement two-step verification for their iCloud accounts, which will help prevent potentially sensitive data, such as selfies, from getting stolen.

Well, what do you think? Will these changes make a difference for the troubled security managers around the country? They certainly won’t hurt, but anyone involved in enterprise mobility management or mobile security research knows there’s still much to be done to reduce the risk of mobility and BYOD in the enterprise. Reach out to your GuidePoint Security account executive to learn more about what you can do to reduce the risk of adopting BYOD in your organization.

Finally, I’d be remiss if I didn’t mention the partnership that Apple & IBM announced over the summer. In my opinion, this is going to be a good thing for users and enterprises, but not so much for device and application management vendors, who may find stiff competition from companies with much deeper pockets. Will 2014 be the year that Apple and Google finally decide to take enterprise mobility seriously? We’ll all have to stay tuned as this evolves.

About GuidePoint Security

GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Virginia, and with offices in Michigan, New Hampshire, Florida and North Carolina, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

 

 

 

GuidePoint Security Hosts Security Social Hour at Black Hat 2014

Join us, GuidePoint Security, in discussions about the powerful security tools we arm our customers with in their fight against Information Security attacks. GuidePoint will be joined by four partnering technologies at this event: Bluebox, Co3 Systems, ForeScout and Skybox Security.

When: Tuesday, August 5, 2014, 7-9PM

Where: Ri Ra Irish Pub, Mandalay Bay, Las Vegas

Even as security threats to your users and networks continue to rise, GuidePoint Security offers the solutions and technologies to address them. By combining our security technology partners’ solutions with our services and experience we meet meet and exceed the security needs of our clients.

Our security technology partners offer the following solutions to address today’s advanced security threats:

  • Bluebox offers the first mobile data security solution to safeguard corporate data across the device, application, and network.
  • Co3 Systems provides collaboration software that brings people, processes, and technology together to prepare, assess, manage, and mitigate security and privacy incidents.
  • ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyber attacks.
  • Skybox Security delivers cutting-edge risk analytics for enterprise security management. Their solutions give complete network visibility, help to eliminate attack vectors, and optimize security management processes. As a result, they are able to protect the network and the business.

At GuidePoint Security, we lead security innovation by helping clients recognize threats, understand solutions, and mitigate risks throughout their IT environment by determining which solutions best fit their needs.

Be sure to visit GuidePoint Security at the Security Social Hour for live music, cocktails, food, and great conversation on August 5th.

 To register for the GuidePoint Security Social Hour, visit http://gpsec.me/1koOLch.

 For additional information about the Black Hat 2014 Conference, visit http://gpsec.me/UfeGNt.

About GuidePoint Security

GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Va., and with offices in Michigan, New Hampshire, Florida and North Carolina.  GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at www.guidepointsecurity.com.

 

Securing People and Assets Via Mobile Security

Banner two

GuidePoint Security is adding another partner to its portfolio of technologies.  In an effort to provide its clients with best-of-breed solutions, GuidePoint Security has expanded its list of partners to include Bluebox Security™. Bluebox was chosen as a new partner for its unique ability to deliver enterprise visibility, security, and control of mobile data, while simultaneously enabling mobile productivity for employees, without compromising their privacy.

GuidePoint Security understands the importance of mobile security and how it plays a significant role for the people and businesses it protects.  By adding another mobile security vendor, GuidePoint Security has expanded it’s reach to provide the best service possible to its existing and future customers.

“Mobile Security has been redefined, and Bring Your Own Device is here to stay,” said Justin Morehouse, Founder and Principal at GuidePoint Security.  “This partnership expands our offerings to confirm us as a leader in Information Security.”

“GuidePoint Security was founded by Information Security veterans who understand the importance of a data-first security strategy, and we are thrilled to have their endorsement both as a customer, and a partner,” said Caleb Sima, CEO, Bluebox Security. “The combination of GuidePoint Security’s deep domain expertise with Bluebox’s next-generation solution, will allow companies to rethink their mobile security approach to reduce risk in today’s rapidly changing mobile landscape.”

In order to further solidify the relationship between the two companies, GuidePoint Security and Bluebox are co-hosting a live webinar: 10 Questions CISOs Should Ask About Mobile Security. The webinar will be an interactive conversation about factors CISOs should be considering when implementing a mobile security solution.

The mobile landscape is changing rapidly, creating new challenges and opportunities for CISOs tasked with balancing business enablement and risk. This webinar provides a great opportunity for people to get in-depth information about how the partnership works and how it can benefit their business.  Click here to register.

Read additional news about this partnership: GuidePoint Security Secures Mobile Data With Bluebox Security.

About GuidePoint Security

GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. GuidePoint Security is a small business. Classification can be found with the System for Award Management (SAM).  For more information visit  www.guidepointsecurity.com.

About Bluebox Security

Founded in 2012 by a team of security experts, Bluebox Security offers the first mobile data security solution to safeguard corporate data across the device, application, and network. The cloud-based solution provides complete visibility and security of corporate data, while providing employees the freedom, ease of use, and privacy that ensures widespread adoption. Bluebox Security has received a total of $27.5 million in funding from Andreessen Horowitz, Tenaya Capital, Sun Microsystems co-founder, Andreas Bechtolsheim, SV Angel, and Google Board member Ram Shriram. The company is headquartered in San Francisco. For more information visit  www.bluebox.com.

 

GuidePoint Security Presents on Offensive Mobile Forensics and Bitcoin Transactions at BSides Boston 2014

Conference attendees will get a new experience this year at the annual Security BSides Boston 2014 Conference.  GuidePoint Security speakers will cover two new topics at BSides:  Offensive Mobile Forensics and Bitcoin Transactions.

When:  May 9-10, 2014
Where:  Security BSides Boston 2014, Cambridge, MA

First up of our two speakers is David Bressler. He will discuss Bitcoin Explorer – Visualizing/Monitoring Bitcoin Transactions.

Bitcoin was originally made public as a proof-of-concept in 2009.  Since then, Bitcoin and other crypto currencies have been gaining a vast amount of public attention with their valuation and volatility, ultimately making them a target for online criminals to steal.  Bitcoin, in particular, is both controversial and interesting to a large number of people, due to recent attacks on its exchanges. The pseudo-anonymous nature of Bitcoin has also piqued public interest because it makes tracking specific transactions and uncovering the Bitcoin address where the coins are stored difficult.  This talk will go over the basics of crypto currencies, specifically Bitcoin, and demonstrate how anyone could visualize Bitcoin transactions by utilizing the public Bitcoin block chain (general ledger).

Our next Speaker, Joey Peloquin, will discuss Offensive Mobile Forensics.

Offensive Mobile Forensics is a process in which an analyst employs the same techniques and tools potential attackers or criminals use on lost or stolen devices, to determine the actual risk of that loss or theft to the enterprise.  What data is accessible? This talk will educate attendees on some of the tools that can be used, where the most interesting data is stored on the device, and examples of data leakage from actual analysis.  Finally, he’ll perform a couple of live technical demos.

Be sure to visit the Security BSides Boston Conference to hear these accomplished speakers.  Also, stop by to see GuidePoint Security in the exhibit hall.

For additional information about the Security Bsides Boston 2014 Conference, visit http://gpsec.me/1iGR4Ff.

About GuidePoint Security, LLC

GuidePoint Security provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. GuidePoint Security is a small business. Classification can be found with the System for Award Management (SAM). Learn more at www.guidepointsecurity.com.

Visit GuidePoint Security at InfoSec World, Orlando

Join GuidePoint Security as we highlight and showcase two of our technology partners, Bromium and Skybox.

When:  Monday, April 7-8, 2014
Where:  InfoSec World Conference & Expo, Booth #219, at Disney’s Contemporary Resort, Orlando, FL

GuidePoint Security partners with vendors that offer unique technologies that address the security needs of our clients.  With the complexity of security threats ever increasing, GuidePoint Security offers the right solutions and technologies for our clients’ specific needs. 

These two technology partners offer the following solutions to address today’s advanced security threats.

Bromium provides protection at the endpoint with vSentry, an innovative product that protects against all advanced malware. vSentry automatically creates hardware-isolated micro-VMs that secure every user task – such as visiting a web page, downloading a document, or opening an email attachment.

Skybox delivers cutting-edge risk analytics for enterprise security management.  Their solutions give complete network visibility, help to eliminate attack vectors, and optimize security management processes. Protecting the network and the business.

GuidePoint Security uses their expertise to lead security innovation by helping clients recognize threats, understand solutions, and mitigate risks throughout their IT environment by determining which solutions fit their clients’ needs.  GuidePoint Security offers the people, processes, technologies, and oversight that deliver results to your organization.

Be sure to visit GuidePoint Security at the InfoSec World conference in Orlando, booth #219.

For additional information about the InfoSec World Conference and Expo, visit http://gpsec.me/1hmTEAm.

About GuidePoint Security, LLC
GuidePoint Security provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps our clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Virginia, and with offices in Michigan, New Hampshire, Florida and North Carolina, GuidePoint Security is a small business and classification can be found with the System for Award Management (SAM). Learn more at www.guidepointsecurity.com.

GuidePoint Security Named Bromium 2013 Partner of the Year

GuidePoint Security, LLC, a leader in security innovation, announced it was named the 2013 Partner of the Year by Bromium.

Bromium’s Partner of the Year award recognizes GuidePoint Security for delivering innovative solutions during the past year that directly address the security challenges of our mutual customers.

“GuidePoint Security has demonstrated exceptional dedication in working to solve the most pressing endpoint security challenges facing our customers today,” said Jarrett Miller, Bromium Vice President of Global Channels.  “Bromium is fortunate to have GuidePoint as an accredited partner in our partner ecosystem which is represented by the best and brightest in the industry.”

“GuidePoint Security is honored to receive Bromium’s Partner of the Year award,” said Michael Volk, Managing Partner at GuidePoint Security.  “This further substantiates our commitment to meet the specific security challenges of our customers.  By partnering with industry leaders like Bromium, we are uniquely positioned to provide our customers with innovative Information Security solutions that deliver results.”

GuidePoint Security’s customers leverage Bromium’s ability to solve the end point security problem with innovations that focus on protection – not detection. GuidePoint Security is available to assist with Bromium solutions and help organizations find ways to achieve their security goals.

About GuidePoint Security, LLC

GuidePoint Security provides customized, innovative and valuable information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps our clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Learn more at www.guidepointsecurity.com.

About Bromium

Bromium was founded in 2010 with a mission to restore trust in computing. The company’s founders, Gaurav Banga, Simon Crosby, and Ian Pratt, have a long and deep history of innovation in virtualization and security. Inspired by the isolation principles of traditional virtualization, the Bromium team has created an innovative new technology called micro-virtualization to address the enterprise security problem and provide protection for end users against advanced malware. Bromium has its headquarters in Cupertino, California, and an R&D center in Cambridge, UK. The company is backed by top-tier investors, including Andreessen Horowitz, Ignition Capital, Highland Capital Partners, Intel Capital and Lightspeed Venture Partners. Learn more at www.bromium.com.

Going to RSA? Start it Off Right.

Come meet GuidePoint Security, CloudPassage, Co3Systems and Kaspersky at the GuidePoint Security Social Hour.

When:  Monday, February 24, 2014 from 6:00 PM to 8:00 PM (PST)

Where: John Colins
138 Minna St
San Francisco, CA 94105

GuidePoint Security works with these partners to help organizations use the following solutions to address today’s most challenging information security risks.

CloudPassage addresses the number one inhibitor to cloud adoption – security. They provide server security products purpose-built for dynamic public and hybrid cloud hosting environments.

Kaspersky is one of the fastest growing IT security vendors in the world. Firmly positioned as one of the top four leading vendors of security solutions for endpoint users.

Co3 Systems is an Incident Response Management platform. From privacy breaches, to malware outbreaks, to system intrusions, to Distributed Denial-of-Service (DDoS) attacks – they automate incident response management.

GuidePoint Security uses their expertise to lead security innovation by helping clients recognize threats, understand solutions, and mitigate risks throughout their IT environment by determining which solutions fit their clients’ needs. GuidePoint Security offers the people, processes, technologies and oversight that deliver results to your organization.

Make sure to visit the GuidePoint Security Social Hour and talk to the experts and discuss the latest and greatest risks, trends and technologies in information security.

For additional information about the GuidePoint Security Social Hour, visit http://gpsec.me/1bRwdNH and for more information about the RSA Conference, visit http://gpsec.me/1gdWsQS.

About GuidePoint Security

GuidePoint Security provides customized, innovative and valuable information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps our clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Learn more at www.guidepointsecurity.com.

GuidePoint Welcomes Joey Peloquin as Director of Professional Services

RESTON, Va., January 7, 2014 – GuidePoint Security LLC, a leading provider of innovative information security solutions, today announced that industry veteran Joey Peloquin has joined the company’s growing professional services team as Director of Professional Services.  GuidePoint Security’s customized, innovative information security solutions enable commercial and federal organizations to more successfully secure IT resources. The company will leverage Peloquin’s experience to further mature its world-class Information Assurance and Technology Integration services, including application, cloud and mobile security offerings.

“Joey brings a wealth of real-world expertise in dynamic fields of application, cloud, and mobile security,” said Bryan Orme, Principal at GuidePoint Security. “This expertise coupled with his proven records of building elite technical teams forwards our momentum of providing innovative security solutions for our clients’ most complicated information security challenges.”

As commercial and federal organizations further embrace today’s data-centric technologies, including mobile and cloud computing, the need to implement effective information security controls becomes paramount. Traditional thinking and controls no longer appropriately safeguard data and assets against emerging threats. GuidePoint Security provides customized innovative solutions to address the real-world information security threats that its customers face.

“I joined GuidePoint because they have managed to attract and retain a team of brilliant consultants of varying backgrounds, in addition to the founders and leadership that are veterans in the information security industry. In a nutshell, GuidePoint provides the support required to build a successful consulting practice, and the openness and attitude of sharing that will help make sure the journey together is a fun and successful one,” said Peloquin.

Peloquin’s 13 plus years of experience in the information technology industry includes specializing in all areas of information security. Prior to joining the GuidePoint Security team, Joey served as Worldwide Security Architect for F5 Networks focusing on mobile and application security, and authentication and access security. His previous experience also includes managing application and mobile security consulting teams at national security consulting firms, and establishing HP Software’s professional security services division after the acquisition of SPI Dynamics.

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps our clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. For more information, visit www.guidepointsecurity.com.