Found it some time ago, actually for android it's not very useful, but for users with old versions of android is very useful :)
Tip
Best regards
domingo, 16 de febrero de 2014
lunes, 10 de febrero de 2014
Damn Vulnerable IOS Application | learning Apple IOS security
ABOUT - Damn Vulnerable IOS Application:
was born from the need to have a tool where a user can test their IOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.
Vulnerabilities and Challenges Include …
Insecure Data Storage
Jailbreak Detection
Runtime Manipulation
Transport Layer Security
Client Side Injection
Information Disclosure
Broken Cryptography
Application Patching
All these vulnerabilities and their solutions have been tested upto IOS 7.0.4
The app also contains a section on IOS Application Security Tutorials for those who want to learn IOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.
This app will only run on devices running IOS 7 or later. Users can download the source code and run the application on previous versions of IOS as well.
If you would like to sponsor DVIA, please use the contact form below to get in touch.
LEARN The complete list of tutorials can be found below
IOS Application Security Part 1 – Setting up a mobile pentesting platform
IOS Application Security Part 2 – Getting class information of IOS app
IOS Application Security Part 3 – Understanding the Objective-C Runtim
IOS Appllication Security Part 4 – Runtime Analysis Using Cycript (Yahoo Weather App)
IOS Application Security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App
IOS Application Security Part 6 – New Security Features in IOS 7
IOS Application Security Part 7 – Installing and Running Custom Applications on Device without a registered developer account
IOS Application Security Part 8 – Method Swizzling using Cycript
IOS Application Security Part 9 – Analyzing Security of IOS Applications using Snoop-it
IOS Application Security Part 10 – IOS Filesystem and Forensics
IOS Application Security Part 11 – Analyzing Network Traffic over HTTP/HTTPS
IOS Application Security Part 12 – Dumping Keychain Data
IOS Application Security Part 13 – Booting a custom Ramdisk using Sogeti Data Protection tool
IOS Application Security Part 14 – Gathering information using Sogeti Data Protection tools
IOS Application Security Part 15 – Static Analysis of IOS Applications using iNalyzer
IOS Application Security Part 16 – Runtime Analysis of IOS Applications using iNalyzer
IOS Application Security Part 17 – Black-Box Assessment of IOS Applications using INTROSPY
IOS Application Security Part 18 – Detecting custom signatures with Introspy
IOS Application Security Part 19 – Programmatical Usage of Introspy
IOS Application Security Part 20 – Local Data Storage
IOS Application Security Part 21 – ARM and GDB Basics
IOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB
IOS Application Security Part 23 – Defending against runtime analysis and manipulation
IOS Application Security Part 24 – Jailbreak Detection and Evasion
IOS Application Security Part 25 – Secure Coding Practices for IOS Development
IOS Application Security Part 26 – Patching IOS Applications using IDA Pro and Hex Fiend
IOS Application Security Part 27 – Setting up a mobile pentesting environment with IOS 7 Jailbreak
IOS Application Security Part 28 – Patching IOS Application with Hopper
IOS Application Security Part 29 – Insecure or Broken Cryptography
Source
was born from the need to have a tool where a user can test their IOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.
Vulnerabilities and Challenges Include …
Insecure Data Storage
Jailbreak Detection
Runtime Manipulation
Transport Layer Security
Client Side Injection
Information Disclosure
Broken Cryptography
Application Patching
All these vulnerabilities and their solutions have been tested upto IOS 7.0.4
The app also contains a section on IOS Application Security Tutorials for those who want to learn IOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.
This app will only run on devices running IOS 7 or later. Users can download the source code and run the application on previous versions of IOS as well.
If you would like to sponsor DVIA, please use the contact form below to get in touch.
LEARN The complete list of tutorials can be found below
IOS Application Security Part 1 – Setting up a mobile pentesting platform
IOS Application Security Part 2 – Getting class information of IOS app
IOS Application Security Part 3 – Understanding the Objective-C Runtim
IOS Appllication Security Part 4 – Runtime Analysis Using Cycript (Yahoo Weather App)
IOS Application Security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App
IOS Application Security Part 6 – New Security Features in IOS 7
IOS Application Security Part 7 – Installing and Running Custom Applications on Device without a registered developer account
IOS Application Security Part 8 – Method Swizzling using Cycript
IOS Application Security Part 9 – Analyzing Security of IOS Applications using Snoop-it
IOS Application Security Part 10 – IOS Filesystem and Forensics
IOS Application Security Part 11 – Analyzing Network Traffic over HTTP/HTTPS
IOS Application Security Part 12 – Dumping Keychain Data
IOS Application Security Part 13 – Booting a custom Ramdisk using Sogeti Data Protection tool
IOS Application Security Part 14 – Gathering information using Sogeti Data Protection tools
IOS Application Security Part 15 – Static Analysis of IOS Applications using iNalyzer
IOS Application Security Part 16 – Runtime Analysis of IOS Applications using iNalyzer
IOS Application Security Part 17 – Black-Box Assessment of IOS Applications using INTROSPY
IOS Application Security Part 18 – Detecting custom signatures with Introspy
IOS Application Security Part 19 – Programmatical Usage of Introspy
IOS Application Security Part 20 – Local Data Storage
IOS Application Security Part 21 – ARM and GDB Basics
IOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB
IOS Application Security Part 23 – Defending against runtime analysis and manipulation
IOS Application Security Part 24 – Jailbreak Detection and Evasion
IOS Application Security Part 25 – Secure Coding Practices for IOS Development
IOS Application Security Part 26 – Patching IOS Applications using IDA Pro and Hex Fiend
IOS Application Security Part 27 – Setting up a mobile pentesting environment with IOS 7 Jailbreak
IOS Application Security Part 28 – Patching IOS Application with Hopper
IOS Application Security Part 29 – Insecure or Broken Cryptography
Source
domingo, 9 de febrero de 2014
[How to] Unzip files in RAM memory
Is very easy unzip files, you can found many examples on internet, but here is one which works perfect for me.
Here you have a POC:
For more information about tempfile look here
Best regards
Here you have a POC:
import requests import tempfile import zipfile zip = requests.get(zip_file_url) temp = tempfile.TemporaryFile() temp.write(zip.content) temp.seek(0) zfile = zipfile.ZipFile(temp) #set password if needed zfile.setpassword('infected') for name in zfile.namelist(): ram_file = zfile.open(name).read() temp.close()For large files you can use:
import requests import tempfile import zipfile zip = requests.get(zip_file_url) temp = tempfile.TemporaryFile() content = '' for block in zip.iter_content(1048576): if not block: break content += block temp.write(content) temp.seek(0) zfile = zipfile.ZipFile(temp) #set password if needed zfile.setpassword('infected') for name in zfile.namelist(): ram_file = zfile.open(name).read() temp.close()with this don't work :(
with tempfile.TemporaryFile() as temp for block in zip.iter_content(1048576): if not block: break temp.write(block)
For more information about tempfile look here
Best regards
Suscribirse a:
Entradas (Atom)