In this article we will look at all the things you need to do to set up a pentesting platform on iOS 8 and be comfortable with using all the tools.
Jailbreaking your device
If your device is running iOS 8.1 or earlier, you can use pangu to jailbreak your device. […]
This technique is used in scenarios where critical information such as Social Security Number (SSN) or Personal Identification Number (PIN) is otherwise not easily available.
Basically, web injects is a technique of injecting unauthorized web content into incoming HTTP response data.
The web page content manipulation is possible through browser […]
Cyber security is of paramount importance nowadays, since there are ongoing threats jeopardizing our overall web experience. Malware and hackers have been getting more sophisticated, and there have been more difficulties in trying to keep all the dangers at bay.
This is why it is a great thing to become […]
Why are malware authors so interested in banking malware? Simply because this is where the money is! Nowadays, banking malware, specifically banking Trojans, are reaching alarming new levels of sophistication. Each day, new names and new variations are constantly being introduced into the wild to thwart detection by antivirus […]
With just a few days until the end of 2014, it’s time to analyze what’s happened in the last twelve months. I would like to analyze with you the main events that have characterized the security threat landscape in 2014 and try to make predictions for 2015.
2014: Reviewing my […]
With the assumption that readers have read Part 1 of this topic, this article will contain the other part of this article, i.e. what benefits an attacker gets from flux networks, why it is difficult to detect flux networks in your environments, and recommended ways to detect a fast […]
It’s a real bummer when people spend a lot of their money on AAA PC games only to not be able to play them. Major publishers like EA, Activision, and Ubisoft are pushing their own online services, requiring their PC and console games to connect to their servers for […]
During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals.
As we can imagine, these sets of common instructions could be used first to locate and later to analyze and/or to identify general threats: embedded or injected […]
A VPN (Virtual Private Network) enables connections between clients and servers from multiple different internal networks across a public network (like the Internet) as if the nodes were located in the same private network. Since the communication is transferred across the public network, it must be properly encrypted to […]
Hopefully you are familiar with Assembly language and have some little knowledge on how to use reverse engineering tools such as Debuggers, Disassemblers, PE Analyzers, etc.
This article will only concentrate on the RSA cryptosystem and how to reverse it to get a valid key for your name. We will […]
Years of discussion on the right to have a free and open Internet have not yet solved the matter, and the issue is still a subject of heated debate for stakeholders: users, telecommunications companies and governments. The discussion revolves not only around the ability of government to control information […]
In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the app if an emulator is detected. We will then see how an attacker can easily bypass these checks by using some […]
In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and […]
The rapid diffusion of mobile technology and the convergence of numerous services that use the paradigms, including social networking, cloud computing and payment, are urging IT and security industries to develop new solutions for the user authentication.
Passcodes, PINs and thumbprints are a few samples of mechanisms that could be […]
The term “jailbreaking” refers to circumventing security measures of a mobile operating system with the aim to install unauthorized software. The term originates from the very first hacks on iPhones. The purpose of these hacks was to break the jailed environment of iPhones, which imposed restrictions on what […]
In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. […]
The rising intensity of POS threats has created a precarious environment for retailers looking to protect their customers’ financial and personal data. POS systems are increasingly becoming a soft target for hackers, which is why it’s more important than ever to consider the security of these machines and the […]
In my last piece, I explained how Nintendo’s experiences with piracy and copy protection helped shape the current video game industry, where Sony has been a major player for nearly twenty years now. Technologies like the 10NES lock-out chip didn’t just help Nintendo and authorized thirdparty developers, they also […]
When I was a little girl, I loved playing Where in the World is Carmen Sandiego? and Where in Time is Carmen Sandiego? When my father bought me the MS-DOS versions of those games, I thought it was really cool that each game came with a reference book, The […]
In this part of the Website Hacking series we are going to take a look at how to minimize damages from XSS attacks considering our web application can at some point become vulnerable to this type of attacks (HttpOnly cookies are going to be discussed). We are going to […]