Prototyping And Reverse Engineering With Frida by Jay Harris

Watch on YouTube Slide Material Demo 1 // Run within REPL Process.getCurrentThreadId() Process.enumerateModulesSync() Interceptor.attach(ptr(Module.findExportByName(null, "rand")), {onLeave: function(retval){retval.replace(0x00)}}) Demo 2 - frida-trace frida-trace -i "*" my_process frida-trace -i "*rand*" -i "read" exercise Demo…

Intro to Android Hacking with Frida

Watch on YouTube NIN: 头50min 可以略过, 作者尝试用 emulator 玩 frida,不过失败了. frida -U --no-pause -f com.your.app frida -U -l script.js com.your.app Java.perform(function(){ console.log("debug"); Java.enumerateLoadedClasses({ "onMatch": function(){ console.log(className); }, "onComplete": function(){ } }); }); ADB related adb…

Test Driven Security in the DevOps pipeline - AppSecUSA 2017

Watch on YouTube 1. zap docker pull owasp/zap2docker-weekly docker run -t owasp/zap2docker-weekly zap-baseline.py -t https://bugzilla.mozilla.org bandit NIN: Bandit is a tool designed to find common security issues in Python code. Ref: openstack/bandit: Github $ bandit -r ~/src/github.com/Kinto/Kinto Security Group Testing…

Having fun while analyzing mobile applications by Álvaro Felipe Melchor

Watch on [YouTube](https://www.youtube.com/watch?v=Hi4wUSXqtB4) 讲座中还提及了rabin2, frida的操作方式. $ unzip DamnVulnerableIOSApp.zip // to see different binaries within fileformat $ rabin2 -A binary // to extract those binaries $ rabin2 -x DamnVulnerableIOSApp DamnVulnerableIOSApp.fat/DamnVulnerableIOSApp.arm_32.0 created DamnVulnerableIOSApp.fat/DamnVulnerableIOSApp.arm_64.1 created $ r2 DamnVulnerableIOSApp.fat/DamnVulnerableIOSApp.arm_…

BalCCon2k17 - MacLemon and Hetti - SSH From Zero to Hero workshop

BalCCon2k17 - MacLemon and Hetti - SSH From Zero to Hero workshop Watch on YouTube vim ~/.ssh/config Host workshop HostName ssh-host01.example.com Port 22 User balccon0 IdentityFile ~/.ssh/mykey Host * AddKeysToAgent yes // AddKeysToAgent ask IdentitiesOnly yes ForwardAgent no // current connection number w | wc -l // upload key ssh-copy-id -i…