Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Malicious MDM: Exploiting iOS MobileConfigs for Device Control

OWASP Foundation via YouTube

Overview

Explore the potential security risks of Mobile Device Management (MDM) in this OWASP AppSec California 2015 conference talk. Delve into the basics of MDM functionality and learn how attackers can exploit Apple's MDM service to gain control over iOS devices. Discover techniques for deploying malicious MDM configurations and leveraging company phones to access internal networks. Gain insights into protecting your business from rogue MDM profiles and understand the implications of various MDM architectures, including client-server models and enrollment methods. Examine post-deployment exploitation techniques, such as wireless attacks and application vulnerabilities. Learn about preventive measures and best practices for securing mobile devices in corporate environments.

Syllabus

IOS users Scan to Connect to the AppSec California Wireless Network Open the URL in Safari
Architectures: - Client Server Model - Email/URL/Application enrollment -One Time Application Profiles typically deployed from
Direct USB Connection -iPhone Configuration Utility
Post Deployment Exploitation -Wireless Attack
Post Deployment Exploitation -Application Attacks Custom Applications
Post Deployment Exploitation -So you have credentials... Single Factor VPN (PPTP) - Internet facing authentication
Preventions -Start with clean phones, then

Taught by

OWASP Foundation

Reviews

Start your review of Malicious MDM: Exploiting iOS MobileConfigs for Device Control

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.