Advanced Frida Usage Part 6 – Utilising writers
Introduction Welcome to another blog post in our series on Advanced Frida Usage. We have covered a lot of features already but we still haven’t mentioned really important one and that is writer. Frida supports a number of different writers for different CPU architectures, such as X86Writer for x86 and ... Read More
ARM64 Reversing And Exploitation – Part 10 – Intro to Arm Memory Tagging Extension (MTE)
Hey all! In this blog, we will give a brief introduction to a relatively new security feature called MTE (Memory Tagging Extension). Even though it was announced years ago, there was no implementation of this. But recently, the Google Pixel 8 devices have implemented support for these. Memory Tagging Extension <p>So ... Read More
Mobile Malware Analysis Part 5 – Analyzing an Infected Device
In the first part of iOS Malware Detection as a part of our Mobile Malware Analysis Series, we covered how to gather forensics artifacts, what to use to do analysis and what are some interesting files on the iOS. In this part, we will simulate a couple of IOCs and ... Read More
Mobile Malware Analysis Part 4 – Intro to iOS Malware Detection
Welcome to Part 4 of the Mobile Malware Series. In this part we will cover what is iOS malware, its types, methods of gathering forensics information, as well as, taking a look at some interesting system files from the forensics perspective. In the last couple of years iOS has became ... Read More
ARM64 Reversing And Exploitation Part 9 – Exploiting an Off by One Overflow Vulnerability
Hello everyone! In this blog post, we will dive into a new vulnerability called off by one byte overflow . But before we get into the details, there are a few things you need to have in place. Familiarity with ARM64 assembly instructions. Familiarity with exploiting stack-based buffer overflow. ARM64 environment ... Read More
ipsw Walkthrough Part 2 – The Swiss Army Knife for iOS/MacOS security research
In the first part of this series, we went over the most of ipsw commands and today we will continue with the rest of them. We will see how to work with kernelcache, img4, how to interact with the USB connected device and more. extract <p>We will start with the ... Read More
ARM64 Reversing And Exploitation Part 8 – Exploiting an Integer Overflow Vulnerability
Hello everyone, In this blog, we will explore integer overflows and their potential to create issues within your software. We will provide a walkthrough of a small CTF binary to illustrate their risks. Before we begin, ensure you meet certain prerequisites below. Prerequisites <ul data-mark="-"><li><p>Familiarity with ARM64 assembly instructions.</p></li><li><p>ARM64 environment ... Read More
ipsw Walkthrough Part 1 – The Swiss Army Knife for iOS/MacOS security research
In this first blog post about ipsw tool we will see its basic uses and how it can make our life a lot easier. ipsw is a tool that can be used for *OS research, it provides a lot of functionalities related to dyld_shared_cache, DeviceTree, kernelcache, Img4, etc. which are ... Read More
Mobile Malware Analysis Part 3 – Pegasus
Application Detail Name: <code>Media Sync</code> Package: seC.dujmehn.qdtheyt SHA-256 Hash: bd8cda80aaee3e4a17e9967a1c062ac5c8e4aefd7eaa3362f54044c2c94db52a Introduction Welcome back, malware enthusiasts, to the third chapter of our Mobile Malware Analysis saga! Today, we’re diving headfirst into the world of a Pegasus/Chryasor variant that’s about as unpredictable as a rollercoaster ride. Throughout this analysis, we will be ... Read More
Advanced root detection & bypass techniques
Introduction Welcome to another blog post in our series on Advanced Frida Usage. In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent ... Read More
