(PDF) Yury Chemerkin Deepintel 2013

8/13/2019 (PDF) Yury Chemerkin Deepintel 2013

1/45

COMPLIANCE AND TRANSPARENFEATURES vs. SECURITY

STA

YU


2/45

EXPERIENCED IN :

REVERSE ENGINEERING & AVSOFTWARE PROGRAMMING & DOCUMENTATIONMOBILE SECURITY AND MDMCYBER SECURITY & CLOUD SECURITY

COMPLIANCE & TRANSPARENCYFORENSICS AND SECURITY WRITINGHAKIN9 / PENTEST / EFORENSICS MAGAZINE, GROTECK BUSINESS MEDIA

PARTICIPATION AT CONFERENCES

INFOSECURITYRUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS,DEFCONMOSCOW, HACTIVITY, HACKFESTCYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC,ICITST, CTICON (CYBERTIMES), ITA, I-SOCIETY

[ YURY CHEMERKIN ]

www.linkedin.com/in/yurychemerkin

http://sto

-

strategy.com yury.s@che
http://www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com/http://sto-strategy.com/http://sto-strategy.com/mailto:[email protected]://sto-strategy.com/mailto:[email protected]://www.linkedin.com/in/yurychemerkinhttp://eforensicsmag.com/http://pentestmag.com/http://hakin9.org/mailto:[email protected]://sto-strategy.com/http://www.linkedin.com/in/yurychemerkin


3/45

I. Opinions & Facts


4/45


5/45

Top clouds are not OpenSource

OpenStack is APIs compatible with Amazon EC2and Amazon S3 and thus client applications writtenfor AWS can be used with OpenStack with minimalporting effort, while Azure is not

Platform lock-in

There are Import/Export tools to migrate from/toVMware, while Azure doesnt have

Data Lock-in

Native AWS solutions linked with Cisco routers toupload, download and tunneling as well as 3 rd partystorage like SMEStorage (AWS, Azure, Dropbox,Google, etc.)

Tools Lock-in

Longing for an inter-cloud manaindustrial and built with complian

APIs Lock-In

Longing for inter-cloud APIs, howknown inter-OS APIs for PC, MD

No TransparencyWeak compliance and transparencand NDA relationships between cthird party auditors and experts

Abuse

Abusing is not a new issue and is eAWS Vulnerability Bulletins as a kresponse and stay tuned

What is about Public Clouds

Some known facts about AWS & Azure in order to issues men


6/45


7/45

[AWS] :: Xen Security Advisories

There are known XEN attacks (Blue Pills, etc.)No one XEN vulnerability was not applied to theAWS, Azure or SaaS/PaaS servicesVery customized clouds

[CSA] :: CSA The Notorious Nine Cloud Computing TopThreats in 2013

Replaced a document published in 2009Such best practices provides a least securityNo significant changes since 2009, even examples

Top Threats Examples

1.0. Threat: Data Breaches // Cross-VM SideChannels and Their Use to Extract private Keys,

7.0. Threat: Abuse of Cloud SerSide Channels and Their Use to EKeys4.0. Threat: Insecurity Interface

Besides of Reality of CSA Threats

1.0 & 7.0 cases highlight how thee.g. AWS EC2 are vulnerable1.0 & 7.0 cases are totally focusecloud case (VMware and XEN), known way to adopt it to AWS.4.0 case presents issues raised bynot related to public clouds (exceSkyDrive) and addressed to insec

Clouds: Public vs. Private

It is generally known, that private clouds are most secureThere is no a POC to prove a statemen


8/45

II. CSA Framework


9/45

CompliaModel

EnhancedSecurity

Model

BasicSecurityModel

CloudModel

Cloud CSACAIQ

MappingCSACMM


10/45


11/45


12/45

II. NIST Framework


13/45


14/45

The consolidated framework over all NIST documentsLogically clearly defined documents, e.g.

Categorization systemsSelecting controlFIPSForensicsLogging (SCAP)Etc.

ComplementarityInterchangeabilityExpansibilityDependenceMapping (NIST, ISO only)

NIST Framework


15/45

ComplementarityNIST Enhance ControlYour own security control

InterchangeabilityReplacing basic controls by enhanced controls

Expansibilityimpact or support the implementation of a particular security control or control enhancementYour own way to improve a framework

Mapping (NIST, ISO only)NIST->ISOISO->NISTNIST->Common Criteria (rev4 only)

NIST Framework


16/45

Basic controls arent applicable in case ofInformation systems need to communicate with other systems across different policyAPTInsiders ThreatsMobility (mobile location, non-fixed)Single-User operations

Interchangeability

Replacing basic controls by enhanced controlsExpansibility

impact or support the implementation of a particular security control or control enhancementYour own way to improve a framework

Mapping (NIST, ISO only)NIST->ISOISO->NISTNIST->Common Criteria (rev4 only)

NIST Framework

Interchangeability


17/45

III. Clouds


18/45

Amazon Web ServicesGenerally IaaS+SaaS, PaaS

Microsoft AzureGenerally PaaS

Recent changes IaaSBlackBerry Enterprise Service

SeparatedIntegrated with Office365

SaaS as a MDM solution

Clouds


19/45


20/45

BlackBerr BlackBerry


21/45

Office Office365

Cisco/VoI

Android, iOS Unified

Management

BlackBerr4,5,6,7

BlackBerryZ10/Q10,

Playbook

BES 10 BES 5

Officeintegration

UnifiedDevice

Platform


22/45

IV. Cloud & Compliance Speci


23/45

There is no one cloud

There is no one standard

What vision is adopted by cloud vendors?

What vision is adopted by cloud operators(3rd party)?

What is your way to use and manage cloud?

All of that reflected in the

There are many models and archi

There are many ways to built cloualignment to

Virtualizing of anything able to b

Data distribution, service distribumanagement

Clear

compliance requirements

Cloud & ComplianceSpecific


24/45

The Goal is bringing a transparency of cloud controls andfeatures, especially security controls and featuresSuch documents have a claim to be up-to-date withexpert-level understanding of significant threats andvulnerabilities

Unifying recommendations for all cloudsUp to now, it is the 3 rd revisionAll recommendations are linked with other standards

PCI DSS, ISO, COBITNIST, FEDRAMPCSA own vision how it must be referred

Top known cloud vendors announcecompliance with itSome of reports are getting old by nowCustomers have to control their environeeds

Customers want to know whether it is inespecially local regulations and how farCustomers want to know whether it maktransparency to let to build an appropriate

Cloud & Compliance Specific

There is no one cloudThere is no one standard

There are many models and architectu

There are many ways to built cloud in a


25/45

CAIQ/CCM provides equivalent of recommendations overseveral standards, CAIQ provides more details on securityand privacy but NIST more specific

CSA recommendations are pure with technical details

It helps vendors not to have their solutions worked

out in details and/or badly documentedIt helps them to put a lot of references on 3 rd partyreviewers under NDA (SOC 1 or SAS 70)

Bad idea to let vendors fills such documents

They provide fewer public detailsThey take it to NDA reports

Vendors general explanations multiplstandards recommendations are extremelytransparencyClouds call for specific levels of audreporting, security controlling and data reten

It is often not a part of SLA offere

It is outside recommendationsAWS often falls in details with their architecAWS solutions are very well to be in costandards and specific local regulations

NIST 800-53, or even Russian sec(however the Russian framework iframework)

Cloud & Compliance Specific

Compliance, Transparency, Elab

Description DIFFERENCE (AWS vs. AZURE)Third Party Audits As opposed to AWS, Azure does not have a clearly defined statement whether their customers able to p


26/45

Compliance: fromCloud Vendors view

Compliance, Transparency, Elab

y pp , y pvulnerability test

Information System RegulatoryMapping

AWS falls in details to comply it that results of differences between CAIQ and CMM

Handling / Labeling / Security Policy AWS falls in details what customers are allowed to do and how exactly while Azure does not

Retention Policy AWS points to the customers responsibility to manage data, exclude moving between Availability Zonesensures on validation and processing with it, and indicate about data historical auto-backup

Secure Disposal Not seriously, AWS relies on DoD 5220.22 additionally while Azure does NIST 800-88 only

Information Leakage AWS relies on AMI and EBS services, while Azure does on Integrity data

Policy, User Access, MFA No both haveBaseline Requirements AWS provides more high detailed how-to docs than Azure, allows to import trusted VM from VMware, AzureEncryption, Encryption KeyManagement

AWS offers encryption features for VM, storage, DB, networks while Azure does for XStore (Azure Storage)

Vulnerability / Patch Management AWS provides their customers to ask for their own pentest while Azure does not

Nondisclosure Agreements, ThirdParty Agreements

AWS highlights that they does not leverage any 3 rd party cloud providers to deliver AWS services to thethe procedures, NDA undergone with ISO

User ID Credentials Besides the AD (Active Directory) AWS IAM solution are alignment with both CAIQ, CMM requirements whthe AD to perform these actions

(Non)Production environments,Network Security

AWS provides more details how-to documentsto having a compliance

Segmentation Besides vendor features, AWS provides quite similar mechanism in alignment CAIQ & CMM, while Azure poininfrastructureon a vendor side

Mobile Code AWS points their clients to be responsible to meet such requirements, while Azure points to build solutions track


27/45

Consumer Relationship onlyEverything except SA- 13 Location -aware technologies may be used to validate conauthentication integrity based on known equipment location

Vendor Relationship onlyRequirements include technical and management solutions

Consumer Relationship shared with VendorInclude non-technical solutions only

Such policies, roles, procedures, trainingAll requirements cover SaaS, PaaS, IaaS cloud typesGeneral requirements onlyMissing details (like DoD)

Compliance: from CSAs viewpo

Examination of CSA


28/45

Data Governance - Information Leakage (DG-07) .Security mechanisms shall be implemented to prevent data leakage refer

AC-2 Account ManagementAC-3 Access EnforcementAC-4 Information Flow Enforcement

AC-6 Least Privilege (the most correct reference)AC-11 Session Lock General requirements only

Security mechanisms shall be implemented to prevent data leakage missed in turn (no refAC-7 Unsuccessful Login Attempts

AC-8 System Use NotificationAC-9 Previous Logon (Access) Notification

AC-10 Concurrent Session Control


Examination of CSA References NIS


29/45

Data Governance - Information Leakage (DG-07) .Security mechanisms shall be implemented to prevent data leakage also refers to ISO

A.10.6.2 Security of network servicesA.10.6.2 refers to NIST in turn

CA-3 Information System Connections

SA-9 External Information System ServicesSC-8 Transmission IntegritySC-9 Transmission Confidentiality

DG-07 should refer to PE-19 Information Leakage in fact

It could include the NIST requirement AC-6. Least Privilege tooA few of them applicable in case of Cloud MDM and should be extended by different toolkit


Examination of CSA References ISO


30/45

Data Governance NIST :: access control, media

management, etc.

Ownership / StewardshipClassificationHandling / Labeling / Security Policy

Retention PolicySecure DisposalNon-Production DataInformation Leakage

Risk Assessments

Azures vision - Distribution of informat

CSA , ISO is better applicable thaNIST is applicable as a custom conBest way is adopt NIST enhancem

Need to remap CSA->NIST rev4Technical / Access ControlAttributesAttribute ConfigurationPermitted Attributes for SpInfoSystemsPermitted Values and Rang

Cloud & Compliance Specifics. Ex

CSA Cloud :: Azure


31/45

Access Control

Account, Session ManagementAccess / Information Flow EnforcementLeast Privilege, Security Attributes

Remote / Wireless Access

AWSs Vision is not Data Distribution

NIST is better applicable than CSNIST is applicable as a custom conThere are many enhancements to i

Dynamic Account CreationRestrictions on Use of ShaAccountsGroup Account RequestsAppovals/RenewalsAccount Monitoring - Atype.g. :: log-delivery-write fo


NIST Cloud :: AWS


32/45

AWSs Vision is not Data Distribution, howeverCSA :: Data Governance is applicable from theresource-based viewpoint

Resource based policy Attached toresource

AWSs Vision is not Data Distribution, however

NIST :: Access Control is applicable from the user-based viewpoint

Account based policy Attached to usersdefine that policy for MDM users toaccess internal network resources

Combine with a mobile policy


CSA / NIST Cloud :: AWS


33/45

Device diversityConfiguration managementSoftware DistributionDevice policy compliance & enforcementEnterprise ActivationLoggingSecurity SettingsSecurity Wipe, LockIAM

Make you sure to start managing security underuncertain terms without AI

Refers to NIST-800-53 and otherSometimes missed requiremenlocking device, however it is in

A bit details than CSANo statements on permission managem

Make you sure to start managing secuuncertain terms without AI

COMPLIANCE AND MDM

CSA Mobile Device Management: KeyComponents NIST-124


34/45

= , , , set of OS permissions, set of device permissions, set

of MDM permissions, set of missed permissions (lack ofcontrols), set of rules are explicitly should be applied to gaina compliance

= + , set of APIs , set of APIs that interact with sensitive data, set of APIs that do not interact with sensitive data

To get a mobile security designed with full granularity the setshould be empty set to get instead of , sothe matter how is it closer to empty. On another hand it shouldfind out whether assumptions , are true and if it ispossible to get .

Set of permissions < Set of activities efftypical case < 100%,ability to control each API = 100%More than 1 permission per APIs >10

lack of knowledge about possible improper granularity

[ DEVICE MANAGEMENT

Concurrency over native& additional security features The situation is very seri

MDM features

P


35/45

GOALS - MOBILE RESOURCES / AIM OF ATTACK

DEVICE RESOURCESOUTSIDE-OF-DEVICE RESOURCES

ATTACKS SET OF ACTIONS UNDER THE THREATAPIs - RESOURCES WIDELY AVAILABLE TO CODERSSECURITY FEATURES

KERNEL PROTECTION , NON-APP FEATURESPERMISSIONS - EXPLICITLY CONFIGURED

3RD PARTYAV, FIREWALL, VPN, MDM

COMPLIANCE - RULES TO DESIGN A MOBILE SECURITYIN ALIGNMENT WITH COMPLIANCETO

[ DEVICE MANAGEMENT

APPLICATION LEVEL ATTACKS VECTOR

AV, MDM,DLP, VPN

Attacks

APIs

MDM features


36/45

[ BLACKBERRY. PERMISSIOBB 10 Cascades SDK BB 10 AIR SDK PB (ND

Background processing + +

BlackBerry Messenger - -Calendar, Contacts + via invoke

Camera + +Device identifying information + +

Email and PIN messages + via invokeGPS location + +

Internet + +Location + -

Microphone + +Narrow swipe up - +

Notebooks + -Notifications + +

Player - +Phone + -Push + -

Shared files + +Text messages + -

Volume - +


37/45

[ iOS. Settings ]Component Unit

Restrictions :: Native application

SafariCamera, FaceTime

iTunes Store, iBookstoreSiri

Manage applications*

Restrictions :: 3 rd application

Manage applications*Explicit Language (Siri)

Privacy*, Accounts*Content Type Restrictions*

Unit subcomponents

Privacy :: Location Per each 3rd party app

For system services

Privacy :: Private InfoContacts, Calendar, Reminders, Photo

Bluetooth Sharing

Twitter, Facebook

AccountsDisables changes to Mail, Contacts, Calendars, iCloud, and

Find My FriendsVolume limit

Content Type Restrictions

Ratings per country and regionMusic and podcasts

Movies, Books, Apps, TV showsIn-app purchases

Require Passwords (in-app purchases

Game Center Multiplayer GamesAdding Friends (Game Center)

Manage applications Installing AppsRemoving Apps

[ d d ]


38/45

ACCESS_CHECKIN_PROPERTIES,ACCESS_COARSE_LOCATION,

ACCESS_FINE_LOCATION,ACCESS_LOCATION_EXTRA_COMM

ANDS,ACCESS_MOCK_LOCATION,ACCESS_NETWORK_STATE,

ACCESS_SURFACE_FLINGER,ACCESS_WIFI_STATE,ACCOUNT_

MANAGER,ADD_VOICEMAIL,AUTHENTICATE_ACCOUNTS,BAT

TERY_STATS,BIND_ACCESSIBILITY_SERVICE,BIND_APPWIDGET

,BIND_DEVICE_ADMIN,BIND_INPUT_METHOD,BIND_REMOTE

VIEWS,BIND_TEXT_SERVICE,BIND_VPN_SERVICE,BIND_WALL

PAPER,BLUETOOTH,BLUETOOTH_ADMIN,BRICK,BROADCAST_

PACKAGE_REMOVED,BROADCAST_SMS,BROADCAST_STICKY,

BROADCAST_WAP_PUSH,CALL_PHONE,CALL_PRIVILEGED,CA

MERA,CHANGE_COMPONENT_ENABLED_STATE,CHANGE_CO

NFIGURATION,CHANGE_NETWORK_STATE,CHANGE_WIFI_M

ULTICAST_STATE,CHANGE_WIFI_STATE,CLEAR_APP_CACHE,C

LEAR_APP_USER_DATA,CONTROL_LOCATION_UPDATES,DELE

TE_CACHE_FILES,DELETE_PACKAGES,DEVICE_POWER,DIAGN

OSTIC,DISABLE_KEYGUARD,DUMP,EXPAND_STATUS_BAR,FAC

TORY_TEST,FLASHLIGHT,FORCE_BACK,GET_ACCOUNTS,GET_

PACKAGE_SIZE,GET_TASKS,GLOBAL_SEARCH,HARDWARE_TE

ST,INJECT_EVENTS,INSTALL_LOCATION_PROVIDER,INSTALL_P

ACKAGES,INTERNAL_SYSTEM_WINDOW,INTERNET,KILL_BACK

GROUND_PROCESSES,MANAGE_ACCOUNTS,MANAGE_APP_T

OKENS,MASTER_CLEAR,MODIFY_AUDIO_SETTINGS,MODIFY_

PHONE_STATE,MOUNT_FORMAT_FILESYSTEMS,MOUNT_UN

MOUNT_FILESYSTEMS,NFC,PERSISTENT_ACTIVITY,PROCESS_

OUTGOING_CALLS,READ_CALENDAR,READ_CALL_LOG,READ_

CONTACTS,READ_EXTERNAL_STORAGE,READ_FRAME_BUFFE

R,READ_HISTORY_BOOKMARKS,READ_INPUT_STATE,READ_L

OGS,READ_PHONE_STATE,READ_PROFILE,READ_SMS,READ_

SOCIAL_STREAM,READ_SYNC_SETTINGS,READ_SYNC_STATS,

READ_USER_DICTIONARY,REBOOT,RECEIVE_BOOT_COMPLET

ED,RECEIVE_MMS,RECEIVE_SMS,RECEIVE_WAP_PUSH,RECO

RD_AUDIO,REORDER_TASK

,SET_ACTIVITY_WATCHER,S

SET_ANIMATION_SCALE,SE

,SET_POINTER_SPEED,SET_

ROCESS_LIMIT,SET_TIME,SE

ET_WALLPAPER_HINTS,SIG

TUS_BAR,SUBSCRIBED_FEE

ITE,SYSTEM_ALERT_WINDO

REDENTIALS,USE_SIP,VIBRA

TINGS,WRITE_CALENDAR,W

TS,WRITE_EXTERNAL_STOR

STORY_BOOKMARKS,WRIT

GS,WRITE_SETTINGS,WRITE

RITE_SYNC_SETTINGS,WRIT

[ Android. Permissions ]

List contains ~150 permissions I have ever seen that on old BlackBe

[ A d id P i i G


39/45

ACCOUNTSAFFECTS_BATTERYAPP_INFOAUDIO_SETTINGSBLUETOOTH_NETWORKBOOKMARKSCALENDARCAMERACOST_MONEYDEVELOPMENT_TOOLSDEVICE_ALARMSDISPLAYHARDWARE_CONTROLS

LOCATIONMESSAGESMICROPHONENETWORKPERSONAL_INFOPHONE_CALLSSCREENLOCKSOCIAL_INFOSTATUS_BARSTORAGESYNC_SETTINGSSYSTEM_CLOCKSYSTEM_TOOLS

USER_DICTIONVOICEMAILWALLPAPERWRITE_USER_D

[ Android. Permission Groups

But there only 30 permissions groups Ihave everseen that on old BlackBerr

MDM

E d

d i i


40/45

CAMERA AND VIDEOHIDE THE DEFAULT CAMERA APPLICATION

PASSWORDDEFINE PASSWORD PROPERTIESREQUIRE LETTERS (incl. case)REQUIRE NUMBERS

REQUIRE SPECIAL CHARACTERSDELETE DATA AND APPLICATIONS FROM THEDEVICE AFTERINCORRECT PASSWORD ATTEMPTSDEVICE PASSWORDENABLE AUTO-LOCK

LIMIT PASSWORD AGELIMIT PASSWORD HISTORRESTRICT PASSWORD LENMINIMUM LENGTH FOR TPASSWORD THAT IS ALLO

ENCRYPTIONAPPLY ENCRYPTION RULENCRYPT INTERNAL DEV

TOUCHDOWN SUPPORTMICROSOFT EXCHANGE EMAIL PROFILESACTIVESYNC

MDM .Extend your device security cap

Android CONTROLLEDFOUR GRO

MDM E d d i i


41/45

BROWSER

DEFAULT APP,AUTOFILL, COOKIES, JAVASCRIPT, POPUPS

CAMERA, VIDEO, VIDEO CONF

OUTPUT, SCREEN CAPTURE, DEFAULT APP

CERTIFICATES(UNTRUSTED CERTs)

CLOUD SERVICES

BACKUP / DOCUMENT / PICTURE / SHARINGCONNECTIVITY

NETWORK, WIRELESS, ROAMINGDATA, VOICE WHEN ROAMING

CONTENT

CONTENT (incl. EXPLICIT)RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS

DIAGNOSTICS AND USAGE(SUBMISSION LOGS)

MESSAGING(DEFAULT APP)

BACKUP / DOCUMENT PICTURE / SHA

ONLINE STORE

ONLINE STORES , PURCHASES, PASSW

DEFAULT STORE / BOOK / MUSIC APP

MESSAGING(DEFAULT APP)

PASSWORD(THE SAME WITH ANDROID, NEW BL

PHONE AND MESSAGING(VOICE DIALING)PROFILE & CERTs(INTERACTIVE INSTALLATION)

SOCIAL(DEFAULT APP)

SOCIAL APPS / GAMING / ADDING FRDEFAULT SOCIAL-GAMING / SOCIAL

STORAGE AND BACKUP

DEVICE BACKUP AND ENCRYPTION

VOICE ASSISTANT(DEFAULT APP)

MDM . Extend your device security c

iOS CONTROLLED16 GROU


42/45

MDM E t d d i it


43/45

THERE55 GROUPS CONTROLLED IN ALLEACH GROUPCONTAINSFROM 10 TO 30 UNITSARE CONTROLLED TOOEACH UNIT IS UNDER A LOT OFFLEXIBLE PARAMsINSTEADOF A WAY DISABLE/ENABLED &HIDE/UNHIDEEACH EVENT IS

CONTROLLED BY CERTAIN PERMISSIONALLOWED TO CONTROL BY SIMILARPERMISSIONS TO BE MORE FLEXIBLE

DESCRIBED360 PAGES IN ALL THAT IN FOUR TIMEMORE THAN OTHER DOCUMENTS

EACH UNIT CANT CONTROL AITSELF

CREATE, READ, WRITE/DELETE ACTIONS IN REMESSAGES LEAD TO SPREQUESTING A MESSA

ONLYSOME PERMISSIONS ARDELETE ANY OTHER APSOME PERMISSIONS ARWHICH 3RD PARTY PLUGIN, INSTEAD OF THAT PL

MDM . Extend your device security c

Blackberry(old) Huge amountofpermissions are MD

CONCLUSION


44/45

The best Security & Permissions ruled by AWSMost cases are not clear in according to the rolesand responsibilities of cloud vendors & customersMay happen swapping responsibilities and shiftingthe vendor job on to customer shouldersReferring to independent audits reports underNDA as many times as they canCSA put the cross references to other standardsthat impact on complexity & lack of clarity morethan NIST SP800-53

CONCLUSION

SelectSecurityControls

CheckScope

CSA

DefGranu

ApplyCSA as

common

Remapto NIST

Improvebasic

CSA

Nenha
http://scribd.com/ychemerkin


45/45

Q & A
https://plus.google.com/108216608239392698703mailto:[email protected]://twitter.com/sto_bloghttps://twitter.com/yury.chemerkinhttp://scribd.com/ychemerkinhttps://www.facebook.com/yury.chemerkinhttp://www.slideshare.net/YuryChemerkin/http://www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com/http://eforensicsmag.com/http://pentestmag.com/http://hakin9.org/

(PDF) Yury Chemerkin Deepintel 2013

Documents

Transcript of (PDF) Yury Chemerkin Deepintel 2013