iOS Tutorial – Dumping the Application Memory Part 2
In my previous blog, iOS Tutorial – Dumping the Application Heap from Memory, I covered how to dump sensitive information from the heap of an iOS application using GDB. This time we will be covering how to use Cycript to accomplish the same goal but using the class-dump-z output to specifically pull out properties or […]
iOS Tutorial – Dumping the Application Heap from Memory
Using GDB to dump the runtime heap from memory to gain access to sensitive information that should’ve been removed.
Open Source Frameworks – How secure are they?
How many of your projects include open source software? Maybe it is better to call it free software. As a person who has spent time in the corporate world, I get the idea of using open source software. Much of it is free or at very low cost. However, is it secure and how do […]
“Detective control testing during penetration tests” Scott Sutherland Guest Blogs for Secure360
If you can't wait until the Secure360 conference to see Scott Sutherland's “Attack all the Layers! Again!” presentation or take his class, “Introduction to Penetration Testing” well then here's a guest blog he did for Secure360 to help tide you over… Detective control testing during penetration tests
Karl Fosaaen Guest Blogs for Secure360
NetSPI Senior Security Consultant Karl Fosaaen recently wrote a couple of guest blogs for the upcoming Secure360 2014 Conference blog, you can find them here: 5 Must-Have Web Application Penetration Testing Strategies 5 Must-Have Network Penetration Testing Strategies If you enjoy these, be sure to make it out to Secure360 this year as Karl will […]
Magic Bytes – Identifying Common File Formats at a Glance
When assessing an application, one may run into files that have strange or unknown extensions or files not readily consumed by applications associated with those extensions. In these cases it can be helpful to look for tell-tale file format signatures and inferring how the application is using them based on these signatures, as well as […]
Function Hooking Part I: Hooking Shared Library Function Calls in Linux
When assessing an application for weaknesses in a linux environment, we won’t always have the luxury of freely available source code or documentation. As a result, these situations require more of a black box approach where much of the information about the application will be revealed by attempting to monitor things such as network communications, […]
Biometrics in the age of Pastebin
Let’s go back in time to June, 2012. LinkedIn was compromised and 6.5 million password hashes were released to the internet. Everyone changed their password (right?) and it wasn't *that* big a deal. Now, let’s jump forward in time, to sometime when biometric authentication becomes more common. In this new era, LinkedIn gets compromised, and […]
Great, you use CA SiteMinder, but you broke it!
CA SiteMinder is a secure Single Sign-On (SSO) and Web access management product that is used to authenticate users and control access to web applications and portals. Your company may be considering purchasing SiteMinder or a similar product, or may have already deployed a solution like SiteMinder in your environment. Out of the box, CA SiteMinder […]