#- Computer Forensic Science and IT Security Professional. ⠠⠵

domingo, maio 17, 2015

The Eighth Latin-American Network Operations and Management Symposium (LANOMS 2015) João Pessoa, PB, Brazil October, 2015 Promoted by Federal University of Paraiba - UFPB Technically Co-Sponsored by the IEEE Communications Society, the Brazilian Computing Society, and IFIP W.G 6.6

LANOMS is the major Latin-American event dedicated to discussing the many issues related to the operations and management of computer networks. LANOMS has been held in odd-numbered years since 1999 and purses the tradition of the NOMS and APNOMS events. The 8th edition will be held on October 01-03, 2015 in João Pessoa, PB. The technical program of LANOMS 2015 will include sessions on the latest technical advances in all aspects of the operation and management of networks, services, applications and distributed systems in general. Accepted papers will be published in the IEEExplore digital library.

Topics of interest that will be given special attention include:

1) Management Technologies
* Monitoring techniques
* Event correlation and root cause analysis
* Integrated control and management
* Performance and fault management
* Configuration and accounting management
* Resource inventory, planning, and allocation
* Service management and Service-oriented architectures
* Semantic modeling and management
* Biologically-inspired management systems and techniques
* Quality-of-Service (QoS) management
* Security management
* Mobility management
* Energy management
* Cross-layers management

2) Management for Networks, Services and Operational Experience
* Software Defined Networks (SDN)
* Smart Cities, Smart Grids
*  Internet of Things (IoT)
* Future Internet
* Content Distribution Networks (P2P, CDN, ICN)
* Virtual and Overlay Networks
* Data Centers, Storage Area Networks
* Cyber-Physical Systems
* Wireless and Mobile Networks (Ad-Hoc, Mesh, Sensor, Vehicular)
* Smart Devices and Home Networks
* Broadband Access Networks
* Cognitive Radio Networks
* IP/MPLS Networks
* Optical Networks
* Heterogeneous Networks
* Cloud Services (IaaS, PaaS, SaaS)
* IT Service Management
* Multimedia and Data Services
* QoE-Centric Management
* Service Discovery, Migration and Orchestration
* Resource Provisioning and Management
* Hosting and Virtualized Infrastructures
* OTT Service Management
* Management as a Service

3) Advanced Approaches for Management
* Theory (control, optimization, economic) for management
* Self-* and autonomic aspects of management
* Virtualization and its role in management
* IT process management
* Distributed, decentralized, and scalable management
* Policy and role based management
* Business impact analysis
* Economic models for management
* Programmable, active, and adaptive management
* Resilience, dependability, and survivability
* Evaluation and benchmarking of management systems and technologies
* Legal and ethical issues

Important Dates
* Paper submission: June 07th, 2015
* Author notification: July 12th, 2015
* Camera ready due: August 8th, 2015

Submission Instructions
Only original papers (not published or under review elsewhere) should be submitted. Both regular papers (8-page limit) and short papers (4-page limit) will be accepted. The format is IEEE 2-column for conference proceedings. All submissions must be made electronically through JEMS (https://jems.sbc.org.br/).

General Chairs:
Fernando Matos (UFPB)
Augusto Neto (UFRN)

Program Committee Chairs:
José Neuman (UFC)
Aldri Santos (UFPR)

Application chair:
Edmundo Madeira (UNICAMP)

Keynotes Chair:
Michele Nogueira (UFPR)

Publication Chairs:
Eduardo Cerqueira (UFPA)
Eduardo Grampin  (U. Republica)
Leandro Villas (UNICAMP)

Publicity Chair:
Carlos Becker Westphall (UFSC)

Local Organization:
Eudisley dos Anjos (UFPB)
Josilene Aires Moreira (UFPB)
Giórgia de Oliveira Mattos (UFPB)
Lincoln David (UFPB)

Technical Program Committee:
Aldri dos Santos (UFPR, BR)
Ariel Sabiguero (U. República, UR)
Artur Ziviani (LNCC, BR)
Carlos Westphall (UFSC, BR)
Eduardo Cerqueira (UFPA, BR)
Edmundo Monteiro (U. Coimbra, PT)
Eduardo Grampin (U. Republica, UR)
Fatima Duarte-Figueiredo (PUC Minas, BR)
Fábio Luciano Verdi (UFSCar, BR)
Hector Cancela (U. Republica, UR)
Javier Baliosian  (U. Republica, UR)
Jenny Torres (EPN, EC)
Jó Ueyama (USP, BR)
Joan Serrat (U. P. Catalunya, ES)
José Souza (UFC, BR)
José Marcos Nogueira (UFMG, BR)
Kleber Cardoso (UFG, BR)
Leandro Villas (UNICAMP, BR)
Lisandro Zambenedetti Granville (UFRGS, BR)
Luciano Paschoal Gaspary (UFRGS, BR)
Mauro Tortonesi (U. Ferrara, IT)
Michele Nogueira (UFPR, BR)
Nazim Agoulmine (U. Evry, FR)
Pablo Rodríguez-Bocca (U. República, UR)
Paulo Simoes (U. Coimbra, PT)
Pedro Casas (FTW, AT)
Stênio Flávio de Lacerda Fernandes (UFPE, BR)

Fonte: http://www.lanoms.org/2015/index.html

sábado, maio 16, 2015

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and this process requires a lot of effort and time. Mobile Security Framework can be used for effective and fast security analysis of Android and iOS Applications. It supports binaries (APK & IPA) and zipped source code.

The static analyzer is able to perform automated code review, detect insecure permissions and configurations, and detect insecure code like ssl overriding, ssl bypass, weak crypto, obfuscated codes, improper permissions, hardcoded secrets, improper usage of dangerous APIs, leakage of sensitive/PII information, and insecure file storage. The dynamic analyzer runs the application in a VM or on a configured device and detects the issues at run time. Further analysis is done on the captured network packets, decrypted HTTPS traffic, application dumps, logs, error or crash reports, debug information, stack trace, and on the application assets like setting files, preferences, and databases. 

This framework is highly scalable that you can add your custom rules with ease. A quick and clean report can be generated at the end of the tests. We will be extending this framework to support other mobile platforms like Tizen, WindowsPhone etc. in future.

Static Analysis - Android APK

android-1 android-2

Static Analysis - iOS IPA

Sample Report: http://opensecurity.in/research/security-analysis-of-android-browsers.html


  • Python 2.7
  • JDK 1.7 or above
NOTE: iOS IPA Binary Analysis requires MAC.

How to Use

Configuring Static Analyzer

Tested on Windows 7, 8, 8.1, Ubuntu, OSX Marvicks
Install Django version 1.8
pip install Django==1.8
Specify Java PATH
Go to YodleeMobSec/settings.py and provide the correct Path to your Java Installation in the line that contains JAVA_PATH=

if platform.system()=="Windows":
    JAVA_PATH='C:/Program Files/Java/jdk1.7.0_17/bin/'  # Use "/" instead of "\" while setting the path.
    JAVA_PATH='/usr/bin/' #For OSX and Linux
To Run
python manage.py runserver
Open your browser and navigate to
You can upload your APK/Zipped Android Source Code/IPA/Zipped iOS Source Code to perform Security Analysis.

Configuring Dynamic Analyzer



v0.8.4 Changelog

  • Improved Android Static Code Analysis speed (2X performance)
  • Static Code analysis on Dexguard protected APK.
  • Fixed a Security Issue - Email Regex DoS.
  • Added Logging Code.
  • All Browser Support.
  • MIME Type Bug fix to Support IE.
  • Fixed Progress Bar.

v0.8.3 Changelog

  • View AndroidManifest.xml & Info.plist
  • Supports iOS Binary (IPA)
  • Bug Fix for Linux (Ubuntu), missing MIME Type Detection
  • Check for Hardcoded Certificates
  • Added Code to prevent from Directory Traversal


  • Thomas Abraham - For JS Hacks on UI.
  • Anto Joseph (@antojosep007) - For the help with SuperSU.
  • Tim Brown (@timb_machine) - For the iOS Binary Analysis Ruleset.
  • Abhinav Sejpal (@Abhinav_Sejpal) - For poking me with bugs and feature requests.
fonte: https://github.com/ajinabraham/YSO-Mobile-Security-Framework