Messenger Group Call DoS for iOS
Messenger is used by hundreds of millions of people globally, and as of December 2023, it has adopted end-to-end encryption (E2EE) by default for chats and calls. However, when a group chat is crea...
Messenger is used by hundreds of millions of people globally, and as of December 2023, it has adopted end-to-end encryption (E2EE) by default for chats and calls. However, when a group chat is crea...
In part one and part two we looked at how to visualize Android native execution in Ghidra. That’s really useful but there is another significant portion of Android, the Java layer, which does not h...
TL;DR: This write-up covers the tools and methods used to visualize iOS code execution. The techniques for visualizing native and Objective-C execution are demonstrated using TrollInstallerX. The t...
In my previous blog I wrote about using LLDB with Voltron to debug native Android binaries; I found this to be the most comparable to GDB with the popular GEF extension and it worked quite well for...
In part one of this series I described how to visualize Android application code execution using Dragon Dance + Frida + Lighthouse + Ghidra. Though there is one big hang-up, what if you don’t have ...
Decompilers are essential when reverse engineering Android applications and binaries; unfortunately with static analysis it’s up to the reverse engineer to determine which of these complex paths to...
There are many reasons you may want to extract iOS applications; one in particular is reviewing security and privacy aspects with an analysis tool such as Ghidra. Unfortunately, unlike .apk files f...
With the (new?) M1 Macbooks I’ve been experimenting with conducting security assessments on Apps within Android emulators which benefit from the native Arm architecture. Unfortunately as of Android...