AppSec-Labs | Application Security

Frida CheatSheet for Android

25/07/2017 /0 Comments/in Android, General, Hacking /by Israel

How to edit Char Sequence objects in net beans

27/01/2016 /1 Comment/in Android, General, Hacking, Mobile /by Israel

In Net beans 8, during debugging (in my case, smali debugging), you cannot change char sequence variables, they are shown as read-only strings. An example of usage is Android text-elements (EditText) whose value is stored in Obj.mText.mText in a char sequence. The following screenshot, shows a Tree view, but you cannot change the field in […]

Negative Subtracting – Bypass the Protection

05/01/2016 /1 Comment/in Hacking /by Israel

Introduction to negative subtracting We all know about the negative subtracting issue. For example, if I transfer money to you, it is reduced from my account and added to your account. The code looks something like: Myaccount.value = myaccount.value – transfer.amount Youraccount.value = youraccount.value + transfer.amount Now, what happens if I transfer a negative value […]

IOT – Compiling Brillo Easily

06/12/2015 /2 Comments/in General, IOT, Tools /by Israel

Google published the first version of Brillo, and as IoT researchers, the first thing that we want to do is to quickly compile and run it in order to get a feel for it, investigate it and learn as much as possible about the system… At the beginning of our work we made some […]

Android 5.x Application-Security-related updates

31/03/2015 /0 Comments/in Android, General /by Israel

Hi I just copied and summarized the security-related changed in Android 4.4, 5.0 and 5.1. Enjoy guys! Custom permission Android 5.0 prevents the installation of apps if they define a custom permission that is already defined by an existing resident app. Web view The WebView default behavior was changed to block mixed content. Please […]

ADB – Common commands

28/05/2014 /0 Comments/in Android, General, Mobile /by Israel

What is ADB (Android Debug Bridge) The ADB shell is a bridge between your computer and the Android device, which may be a physical device or an emulator. How to install ADB ADB comes with Android SDK, but you can also find it alone. Inside the AppUse VM we have installed and prepared it […]

The reason why your exploit does not work

24/03/2014 /0 Comments/in General, Hacking /by Israel

This post will explain to you, why it is that in Java most of the command line injection vulnerabilities in most common cases could not be exploited with: && dir ; ls There are two options for running a command: Send the whole command to the OS shell (CMD or /bin/sh) and let Java […]

SSL Vulnerabilities Analyzer 1.1 published

28/12/2012 /0 Comments/in General, Tools /by Israel

Hi people After a few months of work and research we have updated the SSL Analyzer tool to version 1.1. So, here is a description about the SSL Analyzer and who should use it. What is it? This tool was created for penetration testers and for site administrations who want to check if their server allows […]

Domain hijacking & Range attack by cPanel

27/02/2012 /0 Comments/in General, Hacking /by Israel

cPanel navigates the requests that are sent to the server to the correct account according to domain. Of course, the account owner must declare that the domain belongs to him. In order to ensure that the domain does, in fact, belong to him, cPanel offers two options (without EPP code): 1. To refer the domain […]

When Crypto Goes Wrong – Presentation

16/09/2011 /0 Comments/in General, Presentations /by Israel

Slides from erez’s “When Crypto Goes Wrong” presentation at yesterday’s OWASP Israel 2011 conference. When Crypto Goes Wrong – Presentation

About Israel

Entries by Israel