TrustedSec Security Blog

2023 Resolutions for Script Kiddies

January 17, 2023

Introduction 2022 was a tough year. It seemed like no one was safe. Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Okta, Uber—and those were just some of Lapsus$’s breaches. What’s a Script Kiddie to do to be better protected in 2023? Another year in the books, and it was another big year for cybersecurity. While 2022 did…

Read

Looting iOS App’s Cache.db

December 1, 2022

Insecure By Default Mobile application assessments diverge somewhat from normal web application assessments as there is an installed client application on a local device to go along with the backend server. Mobile applications can often work offline, and thus have a local store of data. This is commonly in the form of SQLite databases stored…

Read
Android Hacking Lab on the TrustedSec Security Blog

Set Up an Android Hacking Lab for $0

October 13, 2022

With the ever-increasing demand for mobile technology, it seems like there is an app to do just about anything you can think of, right on your cell phone. From banking to mobile gaming and even controlling the RGB lights installed in your home office, everything is interconnected now. With the rise of this functionality also…

Read

Update: The Defensive Security Strategy

September 9, 2021

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Introducing iHide: A New Jailbreak Detection Bypass Tool

September 2, 2021

Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check out the code and build/install it yourself if you prefer. Once installed, iHide will add…

Read

More Options for Response Modification -With ResponseTinker

March 25, 2021

As the web application footprint migrates client-side, tools to thoroughly analyze and test client behavior are becoming increasingly important. Burp Suite has made some great strides in this direction with their browser-based enhancements to crawling and scanning, but when it comes time to really dig into the particulars for research, we are still very much…

Read

Setting the ‘Referer’ Header Using JavaScript

September 29, 2020

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense…

Read

Fuzzing the Front End!

September 8, 2020

So, who is testing the client-side components of Single Page Applications (SPAs)? What are you doing exactly, dropping a few cross-site scripting (XSS) polyglots into boxes like you used to do with “<ScRiPt>alert(123)</sCrIpT>” for traditional apps back in 2001?  Are you mostly holding out hope that all big problems will be in the back-end APIs?…

Read

A Discussion on Serverless Application Vulnerabilities

August 6, 2020

The main advantage of utilizing serverless architecture, such as Amazon Web Services (AWS), is that it is a great way to build applications without having to manage the infrastructure. The provider will provision, scale, and maintain the servers to run applications, databases, and storage systems. Naturally, this offloads the risk of server-side insecurities to the…

Read
frida blog post graphic

Mobile Hacking: Using Frida to Monitor Encryption

July 9, 2019

This post will walk you through the creation of a Frida script that will be used to demonstrate the usage of the Frida Python bindings. The Frida script will be used to monitor encryption calls and capture details about the encryption type and keys in use. We will learn how to send messages from Frida…

Read
  • Browse by Category

  • Clear Form