Quick Start with Frida to Reverse-Engineer Any iOS Application How to start with reverse-engineering of iOS application using the Frida toolkit. Tracing the network communication and filesystem requests of a third-party iOS application. Tips and tricks.
Security Frida's Gadget Injection in Android Application (No Root) You've got a third-party APK (Android application package), and you want to debug/trace/explore/reverse-engineer it, and you have your personal Android phone which you don't want to root. It means you need Frida's Gadget.
Security Mobile App Security Testing: Tips, Notes, iOS/Android Mobile application threat model. Tools to conduct a security analysis: mitmproxy, frida, jadx-gui, mobsf, apktool, r2, etc.
Development 18 Lines of the Powerful Request Generator with Python (asyncio/aiohttp) A simple script to generate a huge amount of requests. Python 3.7 + asyncio + aiohttp.
Security 5 Myths About Android Security: VPN, Antivirus, Password Managers, Rooting Dawn of indisputable trust to the magic of security software.
Development How to Setup QEMU Output to Console and Automate Using Shell Script SSH. Expect. Named pipe. Input/output to the host terminal. Early boot messages.
Development Build Android Kernel and Run on QEMU with Minimal Environment: Step by Step Get the Android Linux kernel named "Goldfish". Build. Get initrd or ext4 device image. Run QEMU.
Security Application Security with OWASP ASVS OWASP ASVS is a comprehensive check list of application security. You go through the check list, assess a software, report to stakeholders, improve security. OWASP ASVS is a superset of PCI DSS and OWASP Top 10.
Security AI and Machine Learning in Cybersecurity: Simply Explained AI/ML in security = misbehave detection. If you ever suffered to get through the forest of buzzwords around the artificial intelligence, then I believe I managed to help you enough with the formula above. However, let's peek under the cover a little bit more.
Security Shared Library Injection on Android 8.0 Full solution: https://github.com/fadeevab/TinyInjector One of the ways to carry out the shared library injection is to use ptrace system call (syscall). One process (a tracer) attaches
Security Accessing System Private API Through the Android Linker Namespace The Android's linker (bionic) disallows to load the most of the shared libraries from /system when the request is carried out from the executable code belonging to "classloader-namespace".
Security Android Linker Namespace: Security Flaws Namespace mechanism is introduced as a part of Project Treble starting from Android O (8.0). I'm going to show the linker namespace mechanism in details from security point of view. It's all about to resolve symbols safely, but don't be confused.
