Breaking

AndroTickler: Tickling Vulnerabilities out of Android Apps

If you attack someone, they will defend themselves, but if you tickle them, they will eventually crack open. This surprisingly applies to Android apps as well! Therefore, I created AndroTickler, not to test apps against certain attacks or examine them for specific vulnerabilities, which developers would learn to avoid. However, it helps pentesters to analyze and test apps in their own style, but in a faster, easier and more flexible way. AndroTickler is a Swiss-Army-Knife pentesting tool for Android apps. It provides information gathering, static and dynamic analysis features, and also automates actions that pentesters frequently do and highly need during their pentests. In addition, it makes use of the powerful Frida to hook to the app and manipulate it in real-time.

Continue reading “AndroTickler: Tickling Vulnerabilities out of Android Apps”

Continue reading
Breaking

Hacking 101 to mobile data

Here is a short blog post that explains how you can make your own Man-in-the-Middle (MitM) setup for sniffing the traffic between a SIM card and the backend server. This is NOT a new research but I hope this will help anyone who doesn’t have a telco background to get started to play with mobile data sniffing and fake base stations. This is applicable to many scenarios today as we have so many IoT devices with SIM cards in it that connects to the backend.
In this particular case, I am explaining the simplest scenario where the SIM card is working with 2G and GPRS. You can probably expect me with more articles with 3G, 4G MitM in future. But lets stick to 2G and GPRS for now.

Continue reading “Hacking 101 to mobile data”

Continue reading
Building

Virtualized Training Environment with Ansible

As Kai and I will be holding a TROOPERS workshop on automation with ansible, we needed a setup for the attendees to use ansible against virtual machines we set up with the necessary environment. The idea was, that every attendee has their own VMs to run ansible against, ideally including one to run ansible from, as we want to avoid setup or version incompatibilities if they set up their own ansible environment on their laptop.  Also they should only be able to talk to their own machines, thus avoiding conflicts because of accidental usage of wrong IPs or host names but also simplify the setup for the users.

Continue reading “Virtualized Training Environment with Ansible”

Continue reading
Events

Yet another edition of BlackHoodie – #BlackHoodie17

I am amazed by how this years BlackHoodie unraveled. Three days that included a pre-conference of lightening talks and two parallel tracks with a total of 64 enthusiastic members. The very spirit of BlackHoodie is nothing other than the quest to gain deep knowledge. Reverse engineering is one of the hardest fields in security. It touches on all fields of computing, starting from assembly, programming, file formats, operating systems, networks and what not. This makes it hard but an extremely fulfilling experience to spend time learning it. For me, the very idea of staring at a binary till you understand what it does is a magical feeling.

Continue reading “Yet another edition of BlackHoodie – #BlackHoodie17”

Continue reading
Events

Announcing the first 5 talks of TROOPERS18!!!!

TROOPERS17 was unlike any TROOPERS we had known before. Everything just seemed bolder, better, and beyond our expectations. From surprise speakers like the grugq (do you have a follow-up talk for #TR18 by the way?) to new speakers who are now TROOPERS family, TROOPERS17 is one for the history books!

If you were there you might be wondering to yourself, how could they possibly top it (and if you were not there check out this video from TR17)? Well, I am not going to lie, it will be a challenge. However, the high quality of talk and training submissions for this year have us feeling pretty positive about making #TR18 the “best year ever”!

With that being said I am happy to introduce the first official 5 talks of TROOPERS18!

Continue reading “Announcing the first 5 talks of TROOPERS18!!!!”

Continue reading