Realtime iOS Filesystem Monitoring – Installing and Using filemon.ios
For the longest time a big struggle with doing mobile application assessments on iOS has been monitoring applications as they drop files to the file system. There were definitely ways to do this but...
View ArticleExploring The Top Mobile Software Security Vulnerabilities: #1 Insecure Data...
An article I did on our Fortify On Demand Blog (cross-posted): Here at Fortify On Demand our engineers assess countless mobile apps. Being on both sides of the fence (static analysis and blackbox...
View ArticleDefeating iOS Jailbreak Detection
This blog is a cursory breakdown of defeating less advanced jailbreak detection code. There are several ways to employ jailbreak detection in a security conscious mobile application. Many of...
View ArticleDumping Class Information for Encrypted iOS Applications
This article will outline using runtime hacking to dump classes of iOS applications even if the application is still encrypted. (cross-posted from my blog at Fortify On Demand) One big step in...
View ArticleWeb Shells for All!
I tweeted to ask the twitter peoples about their fav lazy web shells, as well as posted my favs (see content below!): Pentestmonkey’s REVERSE php shell:...
View ArticleCreating a iOS7 Application Pentesting Environment
Now that you have your shiny new Evasion7 jailbreak running it’s time to set up the environment for application testing! Getting in Since mobile substrate is not working yet we will focus on...
View ArticleRecon-ng: creating a dynamic resource script for subdomain discovery
Recon-ng is awesome. Recon-ng supports the use of resource scripts to automate the console. While having a resource script template for recon-ng is nice, it’s cumbersome to have to change the template...
View ArticleOMG He Haxx! : an introduction to the game hacking framework
I like games… I also like hacking. Some of the most prolific apps these days are video games. They are sponsored, scrutinized, monetized, and celebrated, just like many sports. They handle clients,...
View ArticleNew posts incoming
I have a tendancy to not bring over content I’ve created from work articles over to my personal blog, hence why no updates for such a long time. I’ll be correcting that over next week. See ya soon.
View ArticleBypassing web application firewalls using HTTP headers
(Originally Posted in 2015 on the HP blog, Written by me) Web application firewalls (WAF’s) are part of the defense in depth model for web applications. While not a substitute for secure code, they...
View Article
More Pages to Explore .....