Peter Coddington

CEO

240-258-2100 :: pcoddington@parabal.com

• PaRaBaL was founded in 2009 and is located in the Research Park of University of Maryland, Baltimore County. UMBC has a strong computer curriculum.

• Full Apple – iPhone – iPad Exploitation Training Lab.• PaRaBaL offers one of kind one week training.• PaRaBaL is driven to create and build iPhone and iPad security

and applications for the Intelligence and DOD agencies in the US.

• PaRaBaL is an SBA-certified HUBzone company.• PaRaBaL is the first company to be awarded an iPhone security

training contract – see press release on our web site.• PaRaBaL is facility cleared with cleared personnel to assist the

government with mobile security and applications to deliver information to mobile platforms.

About PaRaBaL

• PaRaBaL started in the iPhone space teaching iPhone security to the Intelligence Community.

• Understanding the Architecture & File System• Reverse Engineering• Understanding/Attacking iPhone/iPad Apps & Secure Coding Practices• Using the iPhone/iPad as an attack platform & iPhone/iPad forensics• The PaRaBaL training lab is 100% Apple products including iPhone,

iPads & iMacs along with emulators for the respective devices.• Only full Apple lab with supporting software for ethical hacking on the

East Coast.• Assembled a cadre of experts in the area of iPhone/iPad security and

iOS understanding.

iOS Security and Exploitation Training

We show how to alter databases in the iPhone to retain deleted and altered texts, address entries and other databases, and apply the alterations to non-jailbroken iPhones

PaRaBaL Security Lab Example: File System – SQLite Databases

Plist files are XML files that house app setting, session information, keychain data. Plist can be altered to increase performance, and alter app functionality.

PaRaBaL Security Lab Example: File System – Plist files

This app is designed to show how content from the address book can be sent to a designated server when a user taps “Upload Score” (i.e., if they’re playing a game and record a high score)

PaRaBaL Security Lab Example: Address Book Exploitation

We show how to check what apps are transmitting using a proxy and Wireshark.

PaRaBaL Security Lab Example: Address Book Exploitation

After showing this exploit for almost a year which allows apps to submit this functionality and receive approval. This year apps offering this “functionality” are being exposed.

PaRaBaL Security Lab Example: Address Book Exploitation

This xcode-based app is designed to spoof the user’s location. It is able to constantly change the location of the device to a different area.

PaRaBaL Security Lab Example: Geo-location Spoof App

We examine an app using IDA Pro for unused sections of binary code where we inject a payload to exploit the traffic of the iPhone.

PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection

This include intro to ARM assembly, and assembly instruction conversion to binary.

PaRaBaL Security Lab Example: Reverse Engineering and Binary Code Injection

With the increased processing power of an iPhone, we use Ruby, mobile terminal, and Metasploit to execute network exploitation on the road.

PaRaBaL Security Lab Example: iPhone as a Mobile Attack Device

PaRaBaL Secure App Development for DoD• Companies & organizations are moving to a broad range of mobile

devices in the workforce. • As iOS devices become more prominent in the workforce so do security

concerns for iOS based applications.• PaRaBaL’s extensive background in exploitation and security makes

our development team the ideal choice for secure development of internal apps.

PaRaBaL iPad & iPhone Security Consulting• Offer consulting services that entail designing a holistic mobile

security solution and plan for your organization:• Four step process to get the organization completely secure in

regards to iOS devices that are in use within the workplace.

• Teach how to protect mobile iOS devices from vulnerabilities that have been exploited by people with malicious intent.

• Teach in-depth secure coding practices as well as ethical hacking exercises within the iOS platform.

• Create and develop new and customized apps for iOS devices catered specifically towards the customer’s needs.

• Offer training to employees on how to use their iOS devices without compromising company data and interests.

PaRaBaL

Peter Coddington

240-258-2100

pcoddington@parabal.com

www.parabal.com

5523 Research Park Dr.

Suite 325

Catonsville, MD 21228