by Danny Rosseau | Aug 30, 2019 | Android, Labs, Mobile, Techniques
One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I’ll try to use a bit of light threat modeling and...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
by Jonathan Wrightsell | Aug 21, 2019 | Labs, Techniques, Tools
When reverse engineering a binary application, at its lowest practical layer, the reverse engineer is looking at CPU-specific assembly language. In order to fully understand the application, the reverse engineer would need to understand those lower layers, instruction...
by Meador Inge | Aug 7, 2019 | Labs, Techniques, Web
In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon’s CloudFront is an example of a popular CDN. These CDNs can take advantage of HTTP Caching to reduce latency for a global pool of end users....
by Austin Ralls | Apr 30, 2019 | Interactive, Labs, Techniques
Interested in testing your hacking skills? Click here to skip to the Wargame — By Austin Ralls At Carve, we help secure a variety of Unix-like systems, from cloud servers to IOT devices to on-prem installations. A core defense in depth practice is privilege...
by Ángel Suárez-Bárcena Martín | Feb 1, 2019 | Labs, Techniques
Kaitai Struct is a general-purpose declarative language for describing binary data structures. With it we can parse binary file formats, in-memory data structures, network packets, etc. The target format to be parsed is first described in the Kaitai Struct language...
