Page 2 of 5

How to install class-dump-z on your iOS device

Class dump-z used for dumping class information from an iOS application. this binary isn’t available for the windows Operating system.

Step 1: Get a Shell on Device

Step 2 :  Navigate to the https://code.google.com/p/networkpx/wiki/class_dump_z

get the latest url : E.G – http://networkpx.googlecode.com/files/class-dump-z_0.2a.tar.gz

Step 3 : Download the binary

Wget file

Step 4 : Extract the downloaded archive file

Unzip the file

Step 4 : Navigate inside the folder iphone_armv6 and copy the class-dump-z executable into /usr/bin directory. This will make sure you can run class-dump-z from anywhere on the device.

Copy the file

Step 5 :-  Once you have copied the executable,just type class-dump-z, you have successfully config class-dump-z binary in your iOS device. 

class dump z

How to SSH from PC/Mac to iOS device via usbmuxconnectbyport

If you want to make a connection via a USB Tunneling device. this can fast speed, you and it will be smooth work environment rather than WIFI.

Prerequisite – Your iOS device should be jailbroken

Step 1 :- Download the usbmuxconnectbyport from Here

USB Tunneling communication protocol ‘usbmux’ (between the iDevice with iTunes)

Step 2 :-  Extract the folder, Navigate to the folder & verify the syntax itnl

Step 3 :-  bind the local default port

Step 4 :-

Step 5 :- Now you device is successfully connect.

Git Cheat-box

git cheat box

Its a cheat-sheet for various commands of git!

Android Mobile Application Offensive Security Workshop

At last moment speaker appearance for the #NullHumla session on Android Mobile App Offensive Security workshop (covering #Webview #Smalipatching #ReversingBinary #Activityabusing #Drozerexploitation)  Here

• Introduction to Android & Android Security Architecture
• Android Permission model
• Application Sandboxing
• Setting up Android Emulator
• Setting up a Mobile Pentest Environment
• Reverse Engineering – Understanding, patching and debugging smali code
• Investigating app permissions through manifest file
• Bypassing Android Permissions
• Introduction to Drozer
• Using Drozer to find and exploit vulnerabilities
• Dynamic and static analysis of the application
• Classification of vulnerabilities based on “OWASP Top 10 Mobile Risks”

Get Presentation :- Here   Vulnerable Apk(s) :- Here

Jail break your iOS 8.3 device

This tool is Windows only for now, so you’ll either need a Windows computer, you can use a virtual machine if you are planning to do via Mac / Linux. I used a virtual machine for jailbreaking my device.

Another noteworthy point is that the TaiG 2.1.0 update also fixes the Cydia Substrate compatibility issue as well as resolves another redundant issue, wherein users were getting stuck at 20% during the jailbreak process.

Step 1: Download and extract TaiG 2.1 from Taig Downloads page

Direct Link :-  Here

Step 2: Disable Find My iPhone and Passcode lock on your device

Step 3: Connect your device to your computer

Step 4: Run the TaiG 2.0 tool and it should detect your device

Step 5: Uncheck the 3K assistant, but keep Cydia checked

Step 6: Click Start

Jailbreak ios device

Step 7: Wait until the jailbreak completes. If you see storage full errors, just ignore those

Step 8: Once the jailbreak completes, find the Cydia app on your Home screen and launch it

That’s all there is to it. This jailbreak works with iOS 8.1.3 through iOS 8.3.

Semi Jailbreak available for iOS 8.3

The-Jailbreak

Now iOS 8.3 Jailbreak ( Semi) available for all iOS device models such as iPhones, iPod touches and iPads.

You can easily install the Semi Jailbreak app manager and Cydia to your iOS 8.3 devices using this Semi Jailbreak online process, SemiJB is a very easy process. It only takes 2-3 minutes to complete and your device 100% safe with this.

Step 1 – Please confirm that your device software version is iOS 8.3. This guides and online tools have specially developed for iOS 8.3 jailbreak. You can check your iOS software version from this path.

About iphone

Tap the settings icon, then go to the  general and and about, Then check the iOS version, it should be the iOS 8.3

Step 2 – Then open the Safari browser on your iOS device  You must use the safari browser for this process, You cannot use the Google chrome or any other browser to do the semi JB

Step 3 – Then search this webpage using Google, You can search this page using following terms   “Jailbreak iOS 8.3”   “iOS 8.3 jailbreak”   “Jailbreak 8.3”   Then scroll down to find the link of this webpage.

Jailbreak

Tap the “Jailbreak iOS 8.3 – Pangu8” link  You must pass the iOS 8.3 JB news pages  to find the Semi Jailbreak iOS 8.3 web page

Step 4 – Go to this page and tap the “start Jailbreak” button. Then it takes some time to complete the process. Don’t close the Safari browser or don’t open any other app among this process

Start Jail break

Step 5 – After the JB process it must take you to your settings to install the SemiJB application.   Otherwise please redo the process again.

Process

Step 6 – After the installation of SemiJB app you can install the default Semi JB app manager and web based Cydia application just one click

Jail broken SuccessfullyThank you – http://pangu8.com

Android Reverse Engineering

Love to test Android apps? Finding vulnerabilities through reverse engineering has always been fun moment for hackers, be it ethical or unethical. Take a look now.

Android Reverse Engineering Arsenals

Android Reverse Engineering Arsenals

Join me at OWASP AppSec Eu 2015!

The AppSec Europe 2015 conference will be a premier gathering of Information Security leaders, also it is going to have a research part.

Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.

On the research side OWASP’s AppSecEU Research will give you an excellent chance to present your cutting edge research, including a paper for the proceedings.

The conference will be held from May 19-22, 2015 at the Amsterdam RAI. The venue is easy to reach by both public transport or by car and has ample parking facilities on and outside its site. Amsterdam RAI is situated 8 minutes from Amsterdam’s city centre and 15 minutes from Schiphol Airport.

conference_default_1

RAI International Exhibition and Congress Centre

1070 MS Amsterdam
Amsterdam, Netherlands 1078 GZ

 

Android Mobile Application offensive Security Null Chennai Humla

Here is the Agenda :-

• Introduction to Android
• Android Architecture
• Android Security Architecture
• Android Permission model
• Application Sandboxing
• Setting up Android Emulator
• Setting up a Mobile Pentest Environment
• Bypassing Android Permissions
• Application Analysis
• Reverse Engineering
• Introduction to Drozer
• Using Drozer to find and exploit vulnerabilities
• Traffic Interception (Active and Passive) of Android Applications
• OWASP Top 10 for Android Setting up the Test Environment:

Disclaimer: Training shall be done on Virtual image of device.

List of Software and Hardware Requirements

1 Any operating System
2 Android (Rooted) >= 2.3 (* Android device is optional)
3 Minimum 2 GB RAM and 70 GB free Hard Disk space
4 Administrative Privileges access over the machine
5 External USB Access Allowed
6 Virtual Box
7 Genymotion
8 Android Tamer Virtual box / Appie Box (Provided at session)

Presentation deck : Here

Vulnerable APK Download :  Here

Aha we design better, cheaper, faster and vulnerable mobile Apps!

The growing consumer demand for smartphones applications, including banking, trading, e-commerce. Stakeholders needs to accept that forthcoming era will be mobile computing centric w.r.t corresponding hugh apps development. As per Gartner prediction, mobile app projects will outnumber PC projects 4-to-1 by middle of 2015.

As we know mobile apps spreading faster than any other consumer technology in history. It’s not surprising that securing mobile apps, particularly around consumer privacy, is moving onto the front page. This needs to be done with highly disciplined mobile apps security expert with mature threat handling matrix, a great toolkits, and experienced mobile applications testers. The Mobile applications often deal with personal identifiable information, credit cards and other sensitive data including IMs & mail client from giant enterprises.

I shall be talking pointers which denotes why mobile application hasty development suffering w.r.t security.

Session difficulty level: In-depth talks at barcampbangalore

© 2017 Abhinav Sejpal

Theme by Anders NorénUp ↑