Chinese Police and CloudPets slides, video and interview

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.NOTE: In 2020, a new talk will substantially improve this one to include an interesting third app and better explain the other ones. In late 2019, I had the privilege of giving a talk …

Hacking Mandated Apps – Part 8: Password Leak via API! [ MSTG-AUTH-1 ]

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] …

Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ]

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] …

Hacking Mandated Apps – Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ]

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] …

Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ]

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies …

Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ]

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: …

Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ]

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw …

Hacking Mandated Apps – Part 2: Translating APKs

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.If you missed Hacking Mandated Apps – Part 1: Intro please start there for background 🙂 Translating APKs in beautiful exotic languages As explained in the intro, the team did not get access to the sources …

Hacking Mandated Apps – Part 1: Intro

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.NOTE: This was all coordinated work with human rights activists, vulnerabilities were reported, findings public, and talk (below) given! 🙂 Is monitoring your children something your country’s government asks you to do? Do you feel …

Why Automation is not enough: 14 Proven Threats Attackers Don’t Want You To Know

Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.With so many automated tools around it is no wonder that many organizations choose to automate some aspects of security testing. There is value in doing this, especially when we refer to fuzzing supervised …