Page 1 of 7

Extracting entitlements from process memory using LLDB Mar 30 2020

One of the first steps we take when analysing a macOS (or *OS) app is to go through the entitlements to extract useful information. Usually, we search for the entitlements embedded in the application binary using codesign(1) in our Static Analysis...

Read More...

Scanning a process' memory using LLDB Mar 23 2020

When performing dynamic analysis, a useful source of information is examining the process’ memory for specific patterns. For example, imagine we would like to obtain information about the current process’ code signature. To get this information, we...

Read More...

Resigning iOS apps from an IPA for mobile security research Feb 7 2020

When we are asked to perform a black-box security analysis on an iOS app, depending on the scope, we might only have access to the iOS app from the AppStore. But most of the time, the client would give us an IPA. In a black-box analysis, we won’t get...

Read More...

Host naming organisation for your local lab Jan 28 2020

There are many fields in Computer Science, and tech in general, where you’ll want a lab with multiple VMs, containers, or even physical devices running various services. When learning networks, it’s useful to have a local lab. Another example is when...

Read More...

Running Raspbian OS on QUEMU to learn ARM assembly Jan 19 2020

If you want to get into mobile security or reverse engineering, you’ll get to a point when you would like to have access to an ARM processor. There are many devices you could use, but one very cheap (in price not in quality) is the Raspberry pi. You...

Read More...

Understanding buffer overflows using Radare2 Jan 6 2020

Many people have heard about the perils of buffer overflows, but it’s something different to hear about it and another to try to make one yourself and play with it. In this post, we’ll explore the basics of buffer overflow and create an example to...

Read More...

Using Radare2 to patch a binary Dec 28 2019

When reversing a binary, sometimes it’s useful to modify how the binary behaves. We can accomplish this by changing the binary itself. If we had the source code, it’d be easy, but for us, it’ll require looking at the decompiled code and deciding which...

Read More...

Using LLDB for reverse engineering Dec 20 2019

I’ve been exploring reverse engineering, and it’s a fascinating topic. There are many ways to analyse a binary. Usually, the analysis is divided into two types, static and dynamic. Static analysis is when you decompile the binary and read the assembly...

Read More...

Let's write some assembly code in macOS for Intel x86_64 Dec 12 2019

This is going to be a small article on the basics of working with Assembly Language. We won’t go deep into building extensive programs in assembly. The main idea of this post is to clarify the workflow for creating an assembly program and some key...

Read More...

Understanding Disk Images by building a macOS Catalina ISO image for VirtualBox [macOS] Dec 4 2019

Having a virtual machine running macOS opens up a lot of opportunities for learning. If you are into security, you can set up a VM for your security lab. Or if you want to learn networking or kernel debugging, it is also helpful to use a VM. The other...

Read More...