ad

Hacking and Cracking

Ethical Hacking - Rafayhackingarticles

Hacking and Cracking


How To Hack A Mobile Application? - Video Series

Posted: 24 Apr 2015 07:09 AM PDT



In today's world, new mobile innovations have changed the way we bank, shop, play, and communicate. This increased demand for mobile innovation is placing pressure on organizations and developers to get applications to market, quickly.

Often times this focus on feature functionality rather than application security can result in an app becoming vulnerable to malicious attacks. This lack of mobile application protection provides mobile hackers an entirely new way to exploit applications. Among the most exploitable areas for hackers to target, is the binary code of the mobile application. Binary code is the code you download from a mobile app store and is what the machine reads to execute an application. There are a number of ways "black hats" seek to exploit binary-based vulnerabilities in order to compromise applications. 


Mobile app hacking is easier and faster than ever before. Hackers are utilizing readily available tools to compromise apps in just a matter of minutes. In the videos below, Jonathan Carter from Arxan Technologies, he explains 7 common hacking techniques used to exploit mobile applications.

iTunes Code Encryption Bypass 


See how easy it is for hackers to bypass iOS encryption to progress a mobile app attack.




Android APK Reverse Engineering


Watch how hackers can easily reverse engineer binary code (the executable) back to source code and primed for code tampering




Algorithm Decompilation and Analysis 


See how "Hopper" is leveraged to initiate a static, springboard attack for counterfeiting and stealing information




Baksmali Code Modification


Learn how hackers can easily crack open and disassemble (Baksmali) mobile code.




Reverse Engineering String Analysis 



Watch how hackers use strings analysis as a core element for reverse engineering




Swizzle with Code Substitution 


Learn how hackers leverage infected code to attack critical class methods of an application to intercept API calls and execute unauthorized code, leaving no trace with the code reverting back to original form




Understanding application internal structures and methods via Class Dumps


Learn how hackers use this widely available tool to analyze the behavior of an app as a form of reverse engineering and as a springboard to method swizzling




Exclusive Updates from 'Rafay Hacking Articles'

Newsletter

The Business Case for Protecting Against Advanced Attacks: Demonstrating the ROI of FireEye as a Service to Non-Technical Executives

You understand the intricacies of today's threat landscape, and the difficulties your organization faces when attempting to prevent, investigate and remediate targeted attacks, but how do you explain that difficulty, and subsequent cost, to senior leadership? Often the best tactic is to speak to them in a language they understand: money. Click here to download
[Sponsored]

Latest News Apr 23, 2015

CSP 2015 Capture The Flag Writeup


On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participants. No one was able to solve all the challenges within the given time frame, however a day or two we noticed that a team of " ...

Android Browser Kitkat Content Spoofing Vulnerability


The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat. The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website. ...

Android Browser Cross Scheme Data Exposure + Intent Scheme Attack


tl;dr This exploit is an issue present in Android browser < 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android < 4.4. ...

Bad Meets evil - PHP meets Regular Expressions

twi

This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author's opinion on the topic. ...

Common Attacks Against Modems

0x01: Introduction to Modems

The term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through multiple Ethernet ports or an integral wireless access point. Also called as a "residential gateway", a DSL router usually manages the connection and sharing of the DSL service in a home or small office network. ...

Enterprise Workforce Single Sign-On Solution Buyers Guide and Checklist

If you are an IT Director looking for a Single Sign-On Solution for your enterprise this guide and checklist will help you make a decision. Click here to download
[Sponsored]

This email was sent to youbeeub.fbhacking123@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from Rafay Hacking Articles. If you would like to manage your newsletter preferences, please click here.

Rafay Hacking Articles | Karachi, Pakistan 44000
Contact: rafayhackingarticles@gmail.com
Unsubscribe

Exclusive Updates from 'Rafay Hacking Articles'

Newsletter

Improve Collaboration and Drive Business Growth

Discover how to solve collaboration challenges with social ERP. Click here to download
[Sponsored]

Latest News Apr 21, 2015

CSP 2015 Capture The Flag Writeup


On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participants. No one was able to solve all the challenges within the given time frame, however a day or two we noticed that a team of " ...

Android Browser Kitkat Content Spoofing Vulnerability


The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat. The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website. ...

Android Browser Cross Scheme Data Exposure + Intent Scheme Attack


tl;dr This exploit is an issue present in Android browser < 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android < 4.4. ...

Bad Meets evil - PHP meets Regular Expressions

twi

This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author's opinion on the topic. ...

Common Attacks Against Modems

0x01: Introduction to Modems

The term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through multiple Ethernet ports or an integral wireless access point. Also called as a "residential gateway", a DSL router usually manages the connection and sharing of the DSL service in a home or small office network. ...

Future Proof: Why the Cloud is Your Key to Consistent, Enduring Quality Control

Imagine yourself a few years from now. As your company adds more machines, more production lines, more facilities--even more companies--will your quality controls keep up? Or will you face growing data chaos? Click here to download
[Sponsored]

This email was sent to youbeeub.fbhacking123@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from Rafay Hacking Articles. If you would like to manage your newsletter preferences, please click here.

Rafay Hacking Articles | Karachi, Pakistan 44000
Contact: rafayhackingarticles@gmail.com
Unsubscribe