Newsletter #33 - Set up a macOS Parallels Virtual Machine for security research Nov 18 2020

Hello, and welcome to issue #33!

It has been some time since the last issue of the newsletter, but here we are again. A lot of new and exciting things have been going on around the Tech world. For example, the release of Apple’s M1 Chip, and all the positive reviews. It’s a shame that I won’t be buying one just now. I had an emergency and had to get a new computer a couple of months back, so I’ll have to wait a little bit longer.

Set up a macOS Parallels Virtual Machine for security research Nov 16 2020

macOS comes with a good set of predefined security features designed to keep us safe, e.g. System Integrity Protection. These security features are great for everyday use, but they get in the way when we are trying to analyse what processes are doing, for example, attaching to a process using lldb. In this post, I’ll show you how to set up a Virtual Machine (VM) using Parallels Desktop and Disable SIP so you can use the VM as your research lab.

How to read passwords and sensitive data from the command-line using Swift Jul 17 2020

Shoulder surfing is a real threat. And we, as software developers, should strive to provide safety to our users. One way to mitigate the inadvertent exposure of sensitive data is related to how we handle the input of sensitive data in our applications. Every time the user inputs sensitive data, we should hide it from prying eyes. In this post, we’ll learn how to read passwords and passphrases on a command-line tool built using Swift.

Extracting entitlements from process memory using LLDB Mar 30 2020

One of the first steps we take when analysing a macOS (or *OS) app is to go through the entitlements to extract useful information. Usually, we search for the entitlements embedded in the application binary using codesign(1) in our Static Analysis phase. But we could also obtain the entitlements in our Dynamic Analysis phase. As you might have noticed, I like using LLDB as my dynamic analysis tool. In this post, I’m going to share how to extract the entitlements from a binary during our dynamic analysis using LLDB.

Newsletter #21 - Scanning a process' memory using LLDB Mar 26 2020

Hello, and welcome to issue #21!

How is everything going? I hope you and yours are safe. What a crazy world we are living in now, right? I guess every generation thinks they are living a period that will change history. Who knows, maybe this time the changes that will come after all this will make us change the world to be a better place.

Anyways, with everyone working remotely, the Internet has become the backbone of our society. It’s incredible how commonplace has everything related to the Internet has become. We assume everyone knows how to access any website, or even stream video.

Scanning a process' memory using LLDB Mar 23 2020

When performing dynamic analysis, a useful source of information is examining the process’ memory for specific patterns. For example, imagine we would like to obtain information about the current process’ code signature. To get this information, we could search for the specific magic ( CSMAGIC_EMBEDDED_SIGNATURE - 0xfade0cc0 you can verify it in codesign.h), and obtain where that structure is kept in memory. In this post, I’ll show you how to use the Python API provided by the lldb debugger to scan a process’ memory for patterns.

Newsletter #19 - Resigning iOS apps from an IPA for mobile security research Feb 9 2020

Hello,

Welcome to issue #19, I hope you had a good start of the month.

As you might have noticed by my latest posts, I’ve been exploring the exciting field of cybersecurity. I’ve always enjoyed understanding the base components of what makes our cyber “life” work. Understanding the base components also ties up nicely with infoSec. So this week I wanted to share with you a couple of links related to cybersecurity. I believe that being aware of security makes us better developers and cyber-citizens.

Resigning iOS apps from an IPA for mobile security research Feb 7 2020

When we are asked to perform a black-box security analysis on an iOS app, depending on the scope, we might only have access to the iOS app from the AppStore. But most of the time, the client would give us an IPA. In a black-box analysis, we won’t get access to the source code, so deploying it through Xcode to a Device for testing might be out of the question. One possible solution is to resign the app with a profile that we own and deploy it to our test device. In this post, I’ll explain how to re-sign an iOS app so we can generate an IPA that we can deploy to our test device.

Running Raspbian OS on QUEMU to learn ARM assembly Jan 19 2020

If you want to get into mobile security or reverse engineering, you’ll get to a point when you would like to have access to an ARM processor. There are many devices you could use, but one very cheap (in price not in quality) is the Raspberry pi. You can get one for about 35$, which opens up the doors to a lot of learning. But sometimes you don’t want to carry an additional device, so what to do? Well, you can run a virtual machine that is ARM-based. That is what we are going to explore in this short post, how to install Raspbian OS using QUEMU so you can create your own ARM lab.

Newsletter #16 Understanding buffer overflows using Radare2 Jan 10 2020

Hello,

I’m back, I took a small break last week, no writing and no newsletter. I hope you had a delightful end of the holiday season. I’m ready to get back to my usual routine.

I’ve been travelling across time zones lately and thinking about time. Also, it’s the end of a decade, so we should talk about that. I’m not sure if you remember the Y2K problem, it was caused by representing the year on a date using only the last two digits. That meant that 1997 was represented only as 97, all fine there, but when you get to 2,000 you’ll get 00, and you won’t know if you were talking about 1900 or 2000.