Labs

Take a look at our tools, presentations, and policies.

Patching BL/BLX instructions in ARM

We are often looking at ARM binaries in our favorite disassembler as we work on mobile applications and "Internet of Things" devices. As we worked on this binary we discovered a particular branch instruction that we wanted to modify. If you are familiar with the X86...
Owning a device with a single jump

Owning a device with a single jump

Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...

Network monitoring with nmap

Network monitoring with nmap

Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...

Android Hard Coded Secrets

Android Hard Coded Secrets

One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I'll try to use a bit of light threat modeling and risk...