877.791.9571 |

About the Author:

Prateek Gianchandani, a recent IIT graduate, has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups. You can contact him at prateek.searchingeye@gmail.com and on twitter @prateekg147 or you can visit his personal website at highaltitudehacks.com
iOS-App-Security07082013

iOS Application Security Part 36 – Bypassing certificate pinning using SSL Kill switch

In this article, we will look at how we can analyze network traffic for applications that use certificate pinning. One of the best definitions I found of certificate pinning […]

wifite10272014

Wifite Walkthrough part 2

In this article, we will look at cracking access points using WPA-PSK or WPA2-PSK using Wifite.

If you have used tools like airodump-ng, aircrack-ng etc to crack WPA access points […]

wifi

Wifite Walkthrough part 1

In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless pentesting would […]

iDB-icon08272014

iOS Application Security Part 35 – Auditing iOS applications with iDB

In this article, we will look at another cool utility named iDB for pentesting iOS applications.

Before that, i would like to apologize for coming up late with this article. […]

iOS-04212014

iOS Application Security Part 34 – Tracing Method calls using Logify

In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important in deducing the flow […]

iOS-04212014

iOS Application Security Part 33 – Writing tweaks using Theos (Cydia Substrate)

In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper […]

iOS32-03252014

iOS Application Security Part 32 – Automating tasks with iOS Reverse Engineering Toolkit (iRET)

While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the […]

IOS-31-03192014

IOS Application Security Part 31 – The problem with using third party libraries for securing your apps

In this article, we will talk about why we shouldn’t completely rely on using third party libraries for securing our apps. Usually, some of the things we try to […]

iOS-Application

IOS Application Security Part 30 – Attacking URL schemes

In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to […]

dvia-02252014

Getting started with Damn Vulnerable iOS Application

In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrote to […]

Broken_01292014

IOS Application Security Part 29 – Insecure or Broken Cryptography

In this article we will look at an example of Insecure or Broken Cryptography which is a common vulnerability found in most IOS applications. This vulnerability occurs when the […]

hopperapp01272014

IOS Application Security Part 28 – Patching IOS Application with Hopper

In Part 26 of this series, we looked at how we can use IDA Pro and Hex Fiend to patch an IOS application and modify its implementation. Patching an […]

iOS-App-Security-09242013

IOS Application Security Part 27 – Setting up a mobile pentesting environment with IOS 7 Jailbreak

In this article we will look at how we can set up a mobile pentesting platform on our device with the new IOS 7 jailbreak. There has been quite […]

AppSecurityTest02182013

Security Predictions for 2014

As the year 2013 draws to a close, we decided to make some predictions for the most popular Security Trends in 2014. Here is what we think are the […]

IOSfilesystem

IOS Application Security Part 26 – Patching IOS Applications using IDA Pro and Hex Fiend

,

In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code rather than changing […]

IOSfilesystem

IOS Application Security Part 25 – Secure Coding Practices for IOS Development

In this article, we will look at some of the best practices an IOS developer should follow in order to make sure that their application is not easily exploitable […]

iPhonejailbroken11252013

IOS Application Security Part 24 – Jailbreak Detection and Evasion

In this article, we will look at the checks a developer can incorporate in his application to check whether the device on which the application is running is jailbroken […]

iOS-Application

IOS Application Security Part 23 – Defending against runtime analysis and manipulation

In the previous articles, we have looked at how we can use debuggers and tools like Cycript to do runtime analysis and manipulation of IOS Applications. We have looked […]

IOSfilesystem

IOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB

In this article, we will look at how we can use GDB to perform runtime analysis of IOS applications. In the previous articles, we have looked at how we […]

iOS-App-Security07082013

IOS Application Security Part 21 – ARM and GDB Basics

All the IOS devices released uptil now are based on the ARM architecture. All the Objective-C code that we write while developing IOS applications is first converted into ARM […]