Research & Threat Intel Archives

OWASP iOS crackme tutorial: Solved with Frida

In this post I explain step-by-step how I solved the OWASP Mobile Security Testing Guide (MSTG) Crackme Level 1 using Frida (and how I then automated it).

Read Now >

Spearing data in mobile memory: Building a better R2Frida memory search

NowSecure Researcher Francesco Tamagni recently made significant improvements to R2Frida’s memory-search capabilities, and he answered some questions about those updates and how they make R2Frida (an integration of the Frida and Radare open-source tools/frameworks) even better.

Read Now >

Cloudflare ‘Cloudbleed’ bug impact on mobile apps: Data sample of potentially affected apps

Learn what the Cloudflare “Cloudbleed” bug is, how it impacts mobile apps, and review a list of 200 of the 3,500 most popular iOS apps that may be affected.

Read Now >

Building the best open-source mobile app security testing tool: Q&A with the creators of Frida and Radare

Imagine a man confined in a room and observed by a researcher over video surveillance. Imagine that the surveillance cameras can also, at any time, zoom in-and-out to scrutinize the atoms, molecules, cells, tissues, organs, or organ systems that make up the man.

Read Now >

Android Dirty COW patch and exploiting vulnerable devices without root

Android Dirty COW patch released On Monday, Google announced putting the Dirty COW vulnerability (CVE-2016-5195) out to pasture with the 2016-12-05 patch level in the December 2016 Android Security Update. That’s welcome news for owners of Google Nexus and Pixel devices. Of course even with the patch from Google, the long standing problem of Android

Read Now >

Call me maybe: Exploiting iOS WebViews to force automatic FaceTime calls

An attacker can exploit iOS WebViews to make automatic calls to an attacker-controlled phone number OR FaceTime address. Our research has found that FaceTime URL (facetime://) handlers are frequently overlooked in iOS applications. The oversight allows an attacker to potentially capture a video or snapshot of the affected user by directing them to a webpage from within a vulnerable WebView.

Read Now >

Research & Threat Intel

OWASP iOS crackme tutorial: Solved with Frida

Spearing data in mobile memory: Building a better R2Frida memory search

Cloudflare ‘Cloudbleed’ bug impact on mobile apps: Data sample of potentially affected apps

Building the best open-source mobile app security testing tool: Q&A with the creators of Frida and Radare

Android Dirty COW patch and exploiting vulnerable devices without root

Call me maybe: Exploiting iOS WebViews to force automatic FaceTime calls

Webinars

Best Practices

Resources

Solutions

Industries

Customers

Resources

Company

Labs

Skip links

Research & Threat Intel

Footer

Solutions

Industries

Customers

Resources

Company

Labs