Update: The Defensive Security Strategy

September 9, 2021
By in Application Security Assessment, Leadership, Mobile Security Assessment, Penetration Testing, Security Program Assessment, Security Program Management, Security Remediation, Security Testing & Analysis, Social Engineering, Table-Top Exercises, Vulnerability Assessment

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Introducing iHide – A New Jailbreak Detection Bypass Tool

September 2, 2021
By in Application Security Assessment, Hardware Security Assessment, Mobile Security Assessment, Penetration Testing, Security Testing & Analysis, Social Engineering

Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check out the code and build/install it yourself if you prefer. Once installed, iHide will add…

Read

More Options for Response Modification -With ResponseTinker

March 25, 2021
By in Application Security Assessment, Mobile Security Assessment, Security Testing & Analysis

As the web application footprint migrates client-side, tools to thoroughly analyze and test client behavior are becoming increasingly important. Burp Suite has made some great strides in this direction with their browser-based enhancements to crawling and scanning, but when it comes time to really dig into the particulars for research, we are still very much…

Read

Setting the ‘Referer’ Header Using JavaScript

September 29, 2020
By in Application Security Assessment, Mobile Security Assessment, Penetration Testing, Research, Security Testing & Analysis

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense…

Read

Fuzzing the Front End!

September 8, 2020
By in Application Security Assessment, Mobile Security Assessment

So, who is testing the client-side components of Single Page Applications (SPAs)? What are you doing exactly, dropping a few cross-site scripting (XSS) polyglots into boxes like you used to do with “<ScRiPt>alert(123)</sCrIpT>” for traditional apps back in 2001?  Are you mostly holding out hope that all big problems will be in the back-end APIs?…

Read

A Discussion on Serverless Application Vulnerabilities

August 6, 2020
By in Application Security Assessment, Mobile Security Assessment

The main advantage of utilizing serverless architecture, such as Amazon Web Services (AWS), is that it is a great way to build applications without having to manage the infrastructure. The provider will provision, scale, and maintain the servers to run applications, databases, and storage systems. Naturally, this offloads the risk of server-side insecurities to the…

Read
frida blog post graphic

Mobile Hacking: Using Frida to Monitor Encryption

July 9, 2019
By in Mobile Security Assessment, Security Testing & Analysis

This post will walk you through the creation of a Frida script that will be used to demonstrate the usage of the Frida Python bindings. The Frida script will be used to monitor encryption calls and capture details about the encryption type and keys in use. We will learn how to send messages from Frida…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form