31Dec, 2013

WP8 App Security – Part 3 XAP File

This is the third part of a series on testing WP8 Apps. The first post introduced you to the WP8 platform and the second post had you install the prerequisites. This post will focus on the XAP file and side loading it onto your device or emulator. Side loading is the act of installing an […]

30Dec, 2013

WP8 App Security – Part 2 Prerequisites

This is the second post of a series on WP8 App Security and is focused on setting up the environment where you will test WP8 apps. You should already have a basic understanding of how the WP8 platform works. We will focus on the prerequisites for the tools and methods required to test WP8 apps. […]

30Dec, 2013

WP8 App Security – Part 1 WP8 Platform

In this post and series we will dive into the process and methods used to test the security of Windows Phone 8 (WP8) app. Let’s say you are tasked with performing a security assessment, ethical hack, vulnerability assessment, or a penetration test of a WP8 app, where do you begin? This is where! WP8 Platform Before […]

30Dec, 2013

Preparing iOS 7 to test iOS apps

Now that evad3rs released evasi0n to jailbreak iOS 7 we may begin testing iOS apps on iOS 7! This post will cover the steps and tools to set up your jailbroken iOS 7 device for testing mobile apps. From the Cydia app on the device, search and install the following: OpenSSH MobileTerminal BigBoss Recommended Tools […]

26Dec, 2013

Hotmail & Basic Auth on iOS Mail App

Continuing my exploration of iOS Apps, I setup an email account with the iOS Mail App and Hotmail. The iOS Mail App will use whatever protocol it is configured to use to retrieve and send email. In this case, I chose Microsoft Hotmail. To capture traffic and see what is going back and forth, I […]

01Nov, 2013

iOS Stocks App

Following this week’s hype of HTTP Request Hijacking presented at RSA Europe 2013, I began experimenting with iOS apps that use HTTP instead of HTTPS. In this post I will summarize the presented attack vector and focus on the iOS Stocks App. Summary of HTTP Request Hijacking HTTP Request Hijacking should only work on apps […]

18Apr, 2011

NTFS on Apple OS X

Apple Mac OS X 10.6 Snow Leopard has the capability of native NTFS support. In other words, you do not need NTFS-3G or any other third party application to be able to write to your NTFS storage media. However, you do have to enable it. Here is how: In Terminal, type diskutil info /Volumes/volume_name, where volume_name is […]

06Apr, 2011

SSL Renegotiation DOS FAQ

Frequently Asked Questions related to SSL Renegotiation Denial of Service Q. What is the difference between SSL and TLS? A. SSL and TLS is the same thing. For trademark reasons when SSL became an open standard it had to change its name from SSL to TLS. TLS 1.0 is essentially SSL 3.1 – it even […]