1 00:00:06,400 --> 00:00:07,560 - So that's one of the things 2 00:00:07,560 --> 00:00:09,680 that we are doing at pen testing. 3 00:00:09,680 --> 00:00:11,100 You actually have to keep in mind, 4 00:00:11,100 --> 00:00:12,130 some of these devices 5 00:00:12,130 --> 00:00:14,670 that you may actually be able to enumerate 6 00:00:14,670 --> 00:00:17,090 whenever you do reconnaissance in the network, 7 00:00:17,090 --> 00:00:18,610 whenever you do your scanning, 8 00:00:18,610 --> 00:00:21,070 and that perhaps are actually vulnerable to something, 9 00:00:21,070 --> 00:00:24,320 they may actually be managed by an MDM. 10 00:00:24,320 --> 00:00:26,680 So try to actually find ways 11 00:00:26,680 --> 00:00:28,983 that you can then bypass or even block, 12 00:00:29,995 --> 00:00:33,720 the communication between the MDM and the mobile device. 13 00:00:33,720 --> 00:00:35,870 So of course, that's easier said than done, 14 00:00:35,870 --> 00:00:37,588 but there may there may be ways 15 00:00:37,588 --> 00:00:40,046 that you can analyze the communication of 16 00:00:40,046 --> 00:00:43,660 that that device is actually allowed to do or not to do. 17 00:00:43,660 --> 00:00:44,981 So you can actually do this 18 00:00:44,981 --> 00:00:48,580 by actually monitoring the device activity, 19 00:00:48,580 --> 00:00:50,370 or perhaps you say, okay, 20 00:00:50,370 --> 00:00:52,990 this device perhaps is actually communicating 21 00:00:52,990 --> 00:00:55,090 that I'm seeing this type of transactions 22 00:00:55,090 --> 00:00:57,680 to some API in the internet 23 00:00:57,680 --> 00:01:01,920 and this MDN is actually allowing that to happen. 24 00:01:01,920 --> 00:01:03,976 So now you actually have a footprint 25 00:01:03,976 --> 00:01:08,350 and an attack surface that you can actually further explore. 26 00:01:08,350 --> 00:01:10,310 So for example, if that API 27 00:01:10,310 --> 00:01:12,153 perhaps is actually doing WeCrypto, 28 00:01:14,060 --> 00:01:16,560 you probably can take advantage of a vulnerability 29 00:01:16,560 --> 00:01:18,770 to hijack that transaction, for example, 30 00:01:18,770 --> 00:01:22,090 or an API abuse vulnerability 31 00:01:22,090 --> 00:01:24,730 that may actually be relevant in that case, 32 00:01:24,730 --> 00:01:26,280 but always keep in mind 33 00:01:26,280 --> 00:01:29,660 that a lot of organizations now are actually using MDM 34 00:01:29,660 --> 00:01:32,410 to actually manage those devices, monitor them, 35 00:01:32,410 --> 00:01:33,490 and also patch them. 36 00:01:33,490 --> 00:01:35,100 So it's getting a little bit harder 37 00:01:35,100 --> 00:01:39,170 to actually do some of the bypasses nowadays, 38 00:01:39,170 --> 00:01:40,490 but definitely it's possible not, 39 00:01:40,490 --> 00:01:43,660 actually not only look at the infrastructure here, 40 00:01:43,660 --> 00:01:46,090 but what the devices actually communicating 41 00:01:46,090 --> 00:01:47,943 outside of the company as well.