Entries by Israel

How to edit Char Sequence objects in net beans

In Net beans 8, during debugging (in my case, smali debugging), you cannot change char sequence variables, they are shown as read-only strings. An example of usage is Android text-elements (EditText) whose value is stored in Obj.mText.mText in a char sequence. The following screenshot, shows a Tree view, but you cannot change the field in […]

Negative Subtracting – Bypass the Protection

Introduction to negative subtracting We all know about the negative subtracting issue. For example, if I transfer money to you, it is reduced from my account and added to your account. The code looks something like: Myaccount.value = myaccount.value – transfer.amount Youraccount.value = youraccount.value + transfer.amount Now, what happens if I transfer a negative value […]

IOT – Compiling Brillo Easily

Google published the first version of Brillo, and as IoT researchers, the first thing that we want to do is to quickly compile and run it in order to get a feel for it, investigate it and learn as much as possible about the system…   At the beginning of our work we made some […]

Android 5.x Application-Security-related updates

Hi I just copied and summarized the security-related changed in Android 4.4, 5.0 and 5.1. Enjoy guys!    Custom permission Android 5.0 prevents the installation of apps if they define a custom permission that is already defined by an existing resident app.   Web view The WebView default behavior was changed to block mixed content. Please […]

ADB – Common commands

What is ADB (Android Debug Bridge) The ADB shell is a bridge between your computer and the Android device, which may be a physical device or an emulator.   How to install ADB ADB comes with Android SDK, but you can also find it alone. Inside the AppUse VM we have installed and prepared it […]

The reason why your exploit does not work

This post will explain to you, why it is that in Java most of the command line injection vulnerabilities in most common cases could not be exploited with: && dir ; ls   There are two options for running a command: Send the whole command to the OS shell (CMD or /bin/sh) and let Java […]

SSL Vulnerabilities Analyzer 1.1 published

Hi people After a few months of work and research we have updated the SSL Analyzer tool to version 1.1. So, here is a description about the SSL Analyzer and who should use it. What is it? This tool was created for penetration testers and for site administrations who want to check if their server allows […]

Domain hijacking & Range attack by cPanel

cPanel navigates the requests that are sent to the server to the correct account according to domain. Of course, the account owner must declare that the domain belongs to him. In order to ensure that the domain does, in fact, belong to him, cPanel offers two options (without EPP code): 1. To refer the domain […]

Order my lecture in DefCon group

DC9723 is an Israeli DefCon group (currently the only one), which meets once monthly on the third Tuesday of each month. Each meeting consists of two lectures about Hacking \ Information security. I will be giving the first lecture in the next meeting, the subject being HTML5 security. The lecture in fact deals with HTML5 […]