Articles tagged 'security'
macOS comes with a good set of predefined security features designed to keep us safe, e.g. System Integrity Protection. These security features are great for everyday use, but they get in the way when we are trying to analyse what processes are doing...
Read More...
Shoulder surfing is a real threat. And we, as software developers, should strive to provide safety to our users. One way to mitigate the inadvertent exposure of sensitive data is related to how we handle the input of sensitive data in our applications...
Read More...
One of the first steps we take when analysing a macOS (or *OS) app is to go through the entitlements to extract useful information. Usually, we search for the entitlements embedded in the application binary using codesign(1)
in our Static Analysis...
Read More...
When performing dynamic analysis, a useful source of information is examining the process' memory for specific patterns. For example, imagine we would like to obtain information about the current process' code signature. To get this information, we...
Read More...
When we are asked to perform a black-box security analysis on an iOS app, depending on the scope, we might only have access to the iOS app from the AppStore. But most of the time, the client would give us an IPA. In a black-box analysis, we won't get...
Read More...
If you want to get into mobile security or reverse engineering, you'll get to a point when you would like to have access to an ARM processor. There are many devices you could use, but one very cheap (in price not in quality) is the Raspberry pi. You...
Read More...
Many people have heard about the perils of buffer overflows, but it's something different to hear about it and another to try to make one yourself and play with it. In this post, we'll explore the basics of buffer overflow and create an example to...
Read More...
When reversing a binary, sometimes it's useful to modify how the binary behaves. We can accomplish this by changing the binary itself. If we had the source code, it'd be easy, but for us, it'll require looking at the decompiled code and deciding which...
Read More...
I've been exploring reverse engineering, and it's a fascinating topic. There are many ways to analyse a binary. Usually, the analysis is divided into two types, static and dynamic. Static analysis is when you decompile the binary and read the assembly...
Read More...
This is going to be a small article on the basics of working with Assembly Language. We won't go deep into building extensive programs in assembly. The main idea of this post is to clarify the workflow for creating an assembly program and some key...
Read More...
In this post, I'll explain how to figure out where macOS stores specific preferences and how to modify them using the command line tool defaults
. Knowing where the preferences are stored and how to manage them programmatically allows us to create scripts...
Read More...