Posts

Advanced iPhone Hacking with iNalyzer

/2 Comments/in , , , /by

The slides from my OWASP Israel 2012 talk “Advanced iPhone Hacking with iNalyzer” have been uploaded and are available here.

iNalyzer iPhone testing tool that was presented in the talk can be downloaded directly from Here (You will need Graphviz Dot and Doxygen installed on your PC/Laptop )
Here is an Installation Video (currently no Sound..)
iNalyzer Installation and usage

Here is a small demo of iNalyzer Vs. iSafePlay
iNalyzer Vs. iSafePlay
Enjoy,
Chilik

Domain hijacking & Range attack by cPanel

/0 Comments/in , /by

cPanel navigates the requests that are sent to the server to the correct account according to domain. Of course, the account owner must declare that the domain belongs to him. In order to ensure that the domain does, in fact, belong to him, cPanel offers two options (without EPP code):

1. To refer the domain DNS to the DNS storage server.

2. To create a randomly-named file on the domain, created by cPanel, which is unique per-user.

cPanel assign domain options

I will go into some detail regarding the first option.

Read more

When Crypto Goes Wrong – Presentation

/0 Comments/in , /by

OWASP-Moves-RSA-Conference-Training-Class-Across-the-Street-421783-2

Slides from erez’s “When Crypto Goes Wrong” presentation at yesterday’s OWASP Israel 2011 conference.

When Crypto Goes Wrong – Presentation