iOS

Certificate validation Intercepting mobile traffic iOS Mobile Application Security

Four Ways to Bypass iOS SSL Verification and Certificate Pinning

September 18, 2018

In this blog, four techniques to bypass SSL verifification and certificate pinning in iOS will be discussed.

Learn More
iOS lldb Memory

Dumping Memory on iOS 8

March 14, 2016

Back in January of 2015 NetSPI published a blog on extracting memory from an iOS device. Even though NetSPI provided a script to make...

Learn More
Android iOS Mobile application testing mobile pentesting

Top 10 Critical Findings of 2014 – Mobile Applications

May 11, 2015

In this blog post I will cover high level trends and the top 10 critical vulnerabilities we saw in 2014 during mobile applications penetration tests.

Learn More
Apple Cycript Debugging iOS Memory

iOS Tutorial – Dumping the Application Memory Part 2

March 9, 2015

Dump sensitive info from iOS app heap using Cycript in an automated way. Follow Mark's tutorial to parse a class dump of the binary.

Learn More
GDB Heap iOS Memory

iOS Tutorial – Dumping the Application Heap from Memory

January 5, 2015

Using GDB to dump the runtime heap from memory to gain access to sensitive information that should’ve been removed.

Learn More
iOS MDM Mobile Device Security

Malicious MobileConfigs

June 9, 2014

How much can you trust your devices? In this blog post, we will cover a practical attack that utilizes the iPhone Configuration Utility, a malicious Mobile Device Management (MDM) server, and a little bit of social engineering to get you data from iOS devices, HTTP and HTTPS web traffic, and possibly domain credentials.

Learn More
iNalyzer iOS Mobile Application Security Snoop-it Time Warner Cable

Reverse Engineering iOS Applications in a Fun Way

December 13, 2013

Analyzing iOS application files to manipulate objective C functions is not a trivial process. The most common way to perform reverse engineering is by class dumping ipa files to discover all the class names and methods present in an application. This can be done using Cycript.

Learn More
Boarding Pass Hacking Delta Delta Sky Priority hacking iOS iOS7 Passbook

Sky Prioritize Yourself

November 15, 2013

I've covered hacking Passbook files in the past, but I've decided that it's now a good time to cover modifying boarding passes. To start things...

Learn More
Burp Proxy email privacy Facebook iOS

Facebook Friends, Your Email Address Isn’t that Private

October 21, 2013

In this post we will focus on the contact information setting in Facebook. These settings are responsible for your email privacy, both on your profile and for your friends being able to see your email.

Learn More
Burp GameCenter hacking hacking gamecenter scores iOS iOS traffic interception

Hacking High Scores in iOS GameCenter

March 18, 2013

Want to hack your top scores in iOS GameCenter? Here's how.

Learn More
Apple Email Addresses Game Center hacking HasApple HashCat iOS iOShCat powershell SHA1

Know Your Opponent – an Inference Attack Against iOS Game Center

February 11, 2013

Lately I've been looking at iOS. After looking into the Passbook application, I started poking around with the iOS Game Center application. The iOS Game Center allows iOS users to connect with friends, play games, and compare scores for their games. Think of it as Xbox Live for iOS.

Learn More