Capturing and Decrypting HTTPS Traffic From iOS Apps Using Frida

Recently, I came across a blog by Andy Davies that detailed how to capture and decrypt HTTPS traffic from iOS apps using Frida. Unfortunately, the script he shared didn’t work for me, likely because my device was unable to load the libboringssl.dylib library into memory in time. As a result,… Read more »

Intercepting and Modifying Swift Strings: A Hands-On Guide with Frida

Introduction A few days ago, while testing an iOS application designed for handling payments, I discovered an intriguing aspect of its data handling process. Before transferring sensitive data, the application invoked a function that returned a string containing these sensitive values. This revelation led me to question whether it was… Read more »

Exploring r2frida: A Powerful Tool for Mobile Security Analysis

In the ever-evolving field of cybersecurity, staying equipped with the right tools is crucial for effective security analysis and vulnerability assessment. One such indispensable tool for mobile security researchers is r2frida. This blog post will delve into what r2frida is, its features, and how it can be leveraged for mobile… Read more »

Mobile Security: Harnessing AFL++ for Fuzz Testing

In today’s blog, I’ll show you how to set up AFL++ for fuzzing native libraries (JNI) on Android. This can help uncover new bugs, thereby increasing the attack surface. AFL++ (American Fuzzy Lop Plus Plus) AFL++ (American Fuzzy Lop Plus Plus) is an advanced and enhanced version of the original… Read more »

Attack wordpress abusing xmlrpc

      Nessun commento su Attack wordpress abusing xmlrpc

In today’s blog, we will explore XMLRPC and its exploitation within a WordPress application. What is XML-RPC? XML-RPC in WordPress functions as an API, short for “application program interface”. This interface empowers developers creating mobile apps, desktop apps, and various services to interact with your WordPress site. Through the XML-RPC… Read more »

Evasion of Jailbreak Detection Using LLDB

      Nessun commento su Evasion of Jailbreak Detection Using LLDB

Greetings, everyone! In today’s blog, I’ll lead you through the process of bypassing jailbreak detection using LLDB. Let’s explore LLDB, a crucial debugger in the realm of iOS development. Learn how LLDB equips developers to scrutinize and influence code execution during debugging, providing valuable insights into variables, registers, and more…. Read more »

Frida: Engaging with the User Interface of an iOS Application

Introduction Greetings, dear readers! In today’s blog, we’re about to embark on an exciting journey into the world of iOS app interface manipulation. Our focus will be on enhancing the user interface of iOS applications created with SwiftUI, and we’ll add an extra layer of intrigue by accomplishing this with… Read more »

A Comprehensive Review of the eMAPTv2 Course and Exam

Introduction Hello, everyone. This is a comprehensive review, I’ll be sharing insights into the eMAPTv2 course and exam. I’ll discuss study tips, exam preparation, prerequisites, and key details about the certification. Additionally, I’ll provide tips for successfully passing the exam. Overview The eLearnSecurity Mobile Application Penetration Testing (eMAPT) certification is… Read more »

Red Team Emulation vs Red Team Operation

      Nessun commento su Red Team Emulation vs Red Team Operation

In the dynamic landscape of cybersecurity, traditional defensive measures are no longer sufficient to protect organizations from sophisticated threats. In response, cybersecurity professionals are turning to proactive strategies like Red Teaming to identify vulnerabilities, assess defenses, and enhance overall security posture. In this blog post, we’ll explore the key differences… Read more »

Understanding Server-Side Template Injection (SSTI) and Its Role in Web Application Security

Introduction In the realm of web application security, Server-Side Template Injection (SSTI) stands as a formidable threat that can expose vulnerabilities in even the most well-constructed applications. This blog post delves into the mechanics of SSTI, its potential risks, and how developers can safeguard their applications against this security menace…. Read more »

Part2: Intro to Aws Penetration testing

In the upcoming blog post, we’ll employ Cloud Goat to simulate a scenario where we escalate privileges for an IAM user. In order to configure the environment, we must execute the following command:: python3 cloudgoat.py create iam_privesc_by_rollback Once the new user is created, we can locate the relevant information such… Read more »

Part1: Intro to Aws Penetration testing

      Nessun commento su Part1: Intro to Aws Penetration testing

Introduction As the world of technology continues to evolve, businesses are increasingly adopting cloud services to streamline operations and enhance efficiency. Among the top cloud service providers, Amazon Web Services (AWS) has emerged as a frontrunner, offering a comprehensive suite of tools and services to cater to diverse business needs…. Read more »

Amass

      Nessun commento su Amass

Introduction Amass is an open-source reconnaissance tool that helps collect information on a target. It focuses on domain information gathering and network mapping to identify potential vulnerabilities. Amass can be used in various contexts such as cybersecurity research, network security assessment, and business risk management. In this blog, we will… Read more »

Pithus Mobile Threat Intelligence Tool

Understanding Pithus Mobile Threat Intelligence Tool Pithus Mobile Threat Intelligence Tool is a mobile security solution that offers real-time detection and mitigation of mobile threats. The solution is designed to provide comprehensive mobile threat intelligence that helps organizations identify and address mobile security risks. The solution uses machine learning algorithms… Read more »

MITRE ATT&CK

      Nessun commento su MITRE ATT&CK

Introduction The MITRE ATT&CK framework is a comprehensive knowledge base of tactics and techniques used by cyber attackers during various stages of a cyber attack. The framework is maintained by the MITRE Corporation, a not-for-profit organization that operates federally-funded research and development centers (FFRDCs). In this article, we will discuss… Read more »

NIST Framework

      Nessun commento su NIST Framework

Introduction The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. Its main mission is to promote innovation and industrial competitiveness in the country by advancing technology, developing standards, and providing technical support to industry, government agencies, and other stakeholders. In… Read more »

Patch an iOS application with frida

Patching an iOS application with Frida involves injecting custom code into the application’s runtime to modify its behavior. Tools like Hopper, Ghidra, and others can typically be used to modify an application’s opcode and patch it but this is another topic. Demo In the upcoming demonstration, we will be patching… Read more »

iOS: Dylib injection

      Nessun commento su iOS: Dylib injection

This blog will demonstrate how to modify an existing application and inject a kind of backend via dylib injection.Dylib injection, also known as library injection, is a technique used in software development and reverse engineering where a dynamic library (dylib) is injected into the address space of a running process.In… Read more »

How to tamper the Deutsche Bank iOS app

      Nessun commento su How to tamper the Deutsche Bank iOS app

Disclaimer This article does not give you permission to hack, tamper with, or alter any aspect of the application. I do not accept responsibility for any illicit activity you engage in. The bug was notified to those directly involved via the bugcrowd platform even if the latter did not give… Read more »

Hooking an iOS app with Theos

      Nessun commento su Hooking an iOS app with Theos

Installation on Jailbroken device The first step is to connect to the jb device via ssh after that execute the following commands: mkdir /opt export THEOS=/opt/theos git clone –recursive https://github.com/theos/theos.git $THEOS Download an SDK for your device and place it inside /opt/theos/sdks  Hook an iOS app with Theos This demo… Read more »

Hook a Swift app with Frida

      Nessun commento su Hook a Swift app with Frida

As usual, the first step is to perform the static analysis, for this step you can use the tool that you prefer. For this example, we will hook the function $s8SiftDemo14ViewControllerC13checkPassword8passwordSbSS_tF and change its return value. var check = Module.getExportByName(null, “$s8SiftDemo14ViewControllerC13checkPassword8passwordSbSS_tF”)Interceptor.attach(check,{ onLeave(retVal) { return retVal.replace(0x1) }}) Also if the password… Read more »

Hook an iOS app with Frida

      Nessun commento su Hook an iOS app with Frida

To get a better understanding of the application, the first step is to perform static analysis. We can use tools such as hopper, ghidra, etc. var isThePasswordCorrect = ObjC.classes.ViewController[“- isThePasswordCorrect:”]Interceptor.attach(isThePasswordCorrect.implementation,{ onEnter: function (args) { var password = new ObjC.Object(args[2]) console.log(“Password submit:” + password.toString()) }, onLeave(retVal){ return retVal.replace(0x1) }}) In the… Read more »

iOS 16 makes your app launch super fast!

      Nessun commento su iOS 16 makes your app launch super fast!
iOS16

WWDC22 state of the union prometteva molte migliorie per migliorare i tempi di avvio dell’applicazione. with apps like Lyft or Airbnb launching almost twice as fast thanks to improvement in the dynamic linker. Questo miglioramento deriva dalla velocizzazione dei controlli di protocollo. iOS 16 migliora il tempo di caricamento di… Read more »

THM: CyberHeroes

      Nessun commento su THM: CyberHeroes

Dear friends, today I will show you how to resolve the CyberHeroes challenge tryhackme. Let’s start with a service/port scan Initial scanning   nmap -sC -sV -p- -Pn $IP It is evident that there is a web service running on port 80 after some dir busting the only interesting part is… Read more »

OSCP: A review of the course and exam

      Nessun commento su OSCP: A review of the course and exam

  Hey everyone, I just wanted to let you know that I passed the OSCP exam with 100 points  In just a few words, I would like to share my experience with you Background: Aside from my computer science degree, I also have a number of cyber security certifications, including… Read more »

PROVING GROUNDS: Black Gate

      Nessun commento su PROVING GROUNDS: Black Gate

Service Discovery nmap -sS -sV -sC $IP Since an old version of Redis runs on port 6379, is it possible to use the following exploit to get a reverse shell on the target machine Exploit Redis The first step is to setup a listener handler. It’s possible to use netcat,… Read more »

Hack the box: Baby RE

      Nessun commento su Hack the box: Baby RE

Hello dear friends and welcome back, today I want to show you how I did resolve the Baby RE from hack the box. The binary is a 64bit ELF and it required to insert the key in a way to get the flag. The next step is to execute the… Read more »

Review: Computer & Internet Security An Hands-on Approach

Hello to all, today I wanted to point out a very interesting book that could be of interest to all computer security enthusiasts, the book in question is computer & internet security a hands-on Approach by Wenliang Du. Lately, I have read a lot of interesting books about the cybersecurity… Read more »

iOS14 Widgets con WidgetKit

      Nessun commento su iOS14 Widgets con WidgetKit
widget fitness

Al keynote di WWDC20, Apple ha annunciato iOS 14 con nuove straordinarie funzionalità, tra le tante troviamo i Widget nella schermata principale. Oggi scopriremo come aggiungere widget alla tua app! Innanzitutto, dovrai scaricare alcuni software beta. Tieni presente che si tratta di beta sviluppatore e avrai bisogno di un account… Read more »

Android Diva Series: Input validation issues Part 2

Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Input validation vulnerability Part 2 We will use this input point to get some internal file file:////data/data/jakhar.aseem.diva/uinfo-808817149tmp Fanntastic we completed this exercise

Android Diva Series: Insecure Data Storage Part 4

  Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 4. So first of all, we have to store some value For this exercise, we will use jadx and adb So what we will do is to analyze the… Read more »

Android Diva Series: Insecure Data Storage Part 3

      Nessun commento su Android Diva Series: Insecure Data Storage Part 3

Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 3. So first of all, we have to store some value For this exercise, we will use adb adb devices -l adb connect ipDevice adb shell cd /data/data/jakhar.aseem.diva ls -la… Read more »

CTF Vulnhub: Prime 1 Walkthrough

      Nessun commento su CTF Vulnhub: Prime 1 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Prime:1machine. Description This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam. This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP… Read more »

Android Diva Series: Insecure Data Storage Part 2

      Nessun commento su Android Diva Series: Insecure Data Storage Part 2

Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 2. For this exercise, we will use adb and db browser for sqlite. So first of all, we have to store some value After that we connected to our virtual… Read more »

Android Diva Series: Insecure Data Storage Part 1

Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 1. For this exercise, we will use  adb, first at all fill the text fields   after that connect adb to the device adb connect ip get a shell adb… Read more »

Android Diva Series: HardCoding Issues Part1

      Nessun commento su Android Diva Series: HardCoding Issues Part1

Hello dear friends and welcome back for another Android Diva series blog, today we will resolve HardCoding Issues part 1 For this exercise we will use jadx. Drag and drop the Apk file into Jadx then select HardcodeActivity file and fantastic we found the key vendorsecretkey  

Android Diva Series: Installation and Insecure log exercise

Hello dear friends, today we will start a new series based on Android penetration testing. We will go to analyze the diva application. WHAT IS DIVA? DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. We are releasing the Android version of Diva. We thought… Read more »

CTF: Android UnCrackable-Level1

      Nessun commento su CTF: Android UnCrackable-Level1

Hello, dear friends today I’ll show you how to resolve the CTF  Uncrackable – Android Level1. First, we need to install the application in order to understand what it does and how it works adb install UnCrackable-Level1.apk mmm interesting there is a root detection, so now we will use jadx… Read more »

Inject Frida inside an ipa file

      Nessun commento su Inject Frida inside an ipa file

Hello dear friends and welcome back for another mobile security blog, today I’ll show you how to inject frida inside an ipa application. So for todo that we need to install some tools: iOS Deploy brew install node npm install -g ios-deploy If you want to know more about this… Read more »

Frida: Demo 1 How to Hack an Android Application

Hello dear friends, and welcome back for another mobile application security blog, today I’ll show you how to bypass a login form with Frida. For this exercise, I did prepare an easy android Application that you can download from this link. After the download run the app on gennymotion emulator…. Read more »

CTF Vulnhub: Hackme 1 Walkthrough

      Nessun commento su CTF Vulnhub: Hackme 1 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve hackme: 1machine. Description ‘hackme’ is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently, privilege escalate as root. The lab was created to mimic the real-life environment. ‘hackme’… Read more »

How to install Frida on genymotion

      Nessun commento su How to install Frida on genymotion

Hello dear friends, and welcome back of another mobile application security blog, on the previous article I did show you how to install Frida on iOS device and how to install frida client, today I’ll show you how to install frida on Android simulator (genymotion). For this example, I use… Read more »

How to install Frida on iOS device without Jailbreak

Hello dear friends, today I’ll show you how to “install” frida on iOS device without Jailbreak it, but first of the thing what is frida? Frida it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps. The first step is… Read more »