Reverse Engineering Decrypting iOS applications - iOS 12 Edition As some of you may know, with the release of iOS 12.4 Apple accidentally reintroduced a vulnerability already patched on iOS 12.3. Shortly after this discovery, @Pwn20wnd released a new version
Privacy Analyzing iOS Stalkerware Applications Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target's device (usually their partner) to spy on them, snooping in as much data as they can. They
Reverse Engineering Investigating some subscription scam iOS apps For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium
Android Mobile App Sec Assemble One of the reasons why I write blog posts about mobile app sec is for future me. I don't have a good memory so these posts help me refresh techniques and steps I
iOS Tips for Mobile Bug Bounty Hunting My good friend Pete Yaworski encouraged me to join the bug bounty scene for a long time before I decided to jump in and start using my mobile app sec knowledge to ethically
iOS Reverse Engineering iOS Apps - iOS 11 Edition (Part 2) This is the second part of the "Reverse Engineering iOS Apps - iOS 11 Edition" series. In the first part of the series we learned how to setup your phone on iOS 11
iOS Reverse Engineering iOS Apps - iOS 11 Edition (Part 1) Even though there are already many, many blog posts, tutorials and even youtube videos about "reverse engineering iOS apps", every time Apple releases a new iOS version the "game"
iOS Proxy iOS 11 applications’ traffic A big part of understanding how mobile apps work is to identify the endpoints they hit on the server side and the data they send and receive. In order to inspect the mobile
CTF Reversing one thousand binaries This past week (Nov 3rd) I attended the Hackfest CTF in Quebec city, QC. This was my second CTF and was the fist time I ever found a flag. This is how I
