Tracing API calls in Burp with Frida
A few weeks ago I was performing a security test on a mobile banking application. The application was using a framework that provided additional obfuscation and encryption on top of the TLS connection it used to communicate with the remote server. I used Frida to intercept and dump the plaintext requests/responses before the encryption took […]
Read PostSANS Holiday Hack Challenge 2015 writeup
In December 2015, the SANS institute released the Holiday Hack Challenge 2015. A whole storyline was created around the ATNAS corporation and their nefarious plans for Christmas. The hack challenge featured a gaming component, the quest, where you were placed in the Dosis neighborhood. During the quest you are asked to solve hacking challenges and […]
Read PostSECCON 2015 – Reverse engineering Android APK 2 – 400 writeup
This is a writeup for the SECCON 2015 CTF challenge “Reverse-Engineering Android APK 2” for 400 points. The hint was: “The key is stored in the application, but you will need to hack the server.“ First, I installed the APK to get a feel of what it did, there were only two functions implemented: registering […]
Read PostWordPress < 4.1.2 Stored XSS vulnerability
WordPress 4.1.2 is available as of April 21, 2015. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site (WP blog). tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress. Introduction: MySQL […]
Read PostReverse engineering the HITB binary 100 CTF challenge
Disclaimer for legal people: “I” and “me” are nicknames in this blog post. They refer to a person who may or may not be me, myself, or I. During the HITB conference (Hack In The Box) in Amsterdam last week, a Capture The Flag challenge was organised. Six categories were available of which you could […]
Read PostIntercepting Android native library calls
Edit: at the time of writing, not many details could be disclosed as part of a responsible disclosure policy. The application in question was BlackBerry Messenger (com.bbm). BlackBerry did not respond to our findings. The full report is now available (unrevised version, including typos, mistakes, etc.). As part of a uni project, we’ve been busy […]
Read Post
Recent Comments