Security Why embedding secrets in mobile apps is not a good idea This is a somewhat complicated topic to cover, but I'll try to go into detail on why, generally, this is not a good idea and you should avoid embedding secrets
Reverse Engineering Decrypting iOS applications - iOS 12 Edition As some of you may know, with the release of iOS 12.4 Apple accidentally reintroduced a vulnerability already patched on iOS 12.3. Shortly after this discovery, @Pwn20wnd released
Privacy Analyzing iOS Stalkerware Applications Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target's device (usually their partner) to spy on them, snooping in as much data as
Reverse Engineering Investigating some subscription scam iOS apps For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's
Android Mobile App Sec Assemble One of the reasons why I write blog posts about mobile app sec is for future me. I don't have a good memory so these posts help me refresh techniques
iOS Tips for Mobile Bug Bounty Hunting My good friend Pete Yaworski encouraged me to join the bug bounty scene for a long time before I decided to jump in and start using my mobile app sec
iOS Reverse Engineering iOS Apps - iOS 11 Edition (Part 2) This is the second part of the "Reverse Engineering iOS Apps - iOS 11 Edition" series. In the first part of the series we learned how to setup your phone
iOS Reverse Engineering iOS Apps - iOS 11 Edition (Part 1) Even though there are already many, many blog posts, tutorials and even youtube videos about "reverse engineering iOS apps", every time Apple releases a new iOS version the
iOS Proxy iOS 11 applications’ traffic A big part of understanding how mobile apps work is to identify the endpoints they hit on the server side and the data they send and receive. In order to
CTF Reversing one thousand binaries This past week (Nov 3rd) I attended the Hackfest CTF in Quebec city, QC. This was my second CTF and was the fist time I ever found a flag. This is how I found it. The challenge began with a vague message "Reverse
