SensePost | Blog

using a cloud mac with a local ios device

Reading time: ~17 min

Posted by Leon Jacobs on 28 May 2022

Categories: Cloud, Corellium, Mobile, Pentest, Ssh, Usbfluxd

Doing iOS mobile assessments without macOS around is not exactly fun. This can be for many reasons that include code...

Android Application Testing Using Windows 11 and Windows Subsystem for Android

Reading time: ~18 min

Posted by Michael Higgo on 16 November 2021

Categories: Android, Windows, Mobile, Objection, Windows 11, Windows subsystem for android, Wsa, Wsl

With the release of windows 11, Microsoft announced the Windows Subsystem for Android or WSA. This following their previous release,...

on ios binary protections

Reading time: ~11 min

Posted by Leon Jacobs on 02 March 2021

Categories: Ios, Mobile, Objection, Binary

I just got off a call with a client, and realised we need to think about how we report binary...

Android Application Specific Proxies, Easy Mode

Reading time: ~7 min

Posted by Szymon Ziolkowski on 29 January 2021

Categories: Android, Mobile, Objection

In this post I want to share two things. First, a quick primer on how you would you go about...

Multiple Android User Profiles

Reading time: ~6 min

Posted by Szymon Ziolkowski on 29 June 2020

Categories: #4poland, Android, Mobile

I was recently on a mobile assessment where you could only register one profile on the app, per device. To...

objection – mobile runtime exploration

Reading time: ~4 min

Posted by Leon Jacobs on 11 July 2017

Categories: Ios, Mobile, Tools

introduction In this post, I want to introduce you to a toolkit that I have been working on, called objection....

PwnBank en route to Vegas

Reading time: ~3 min

Posted by chris on 20 June 2016

Categories: Android, Blackhat, Conferences, Ios, Mobile, Training

Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering....

Not-quite-triangulation using the who’s near me feature in location-aware web apps

Reading time: ~3 min

Posted by Dane Goodwin on 27 March 2016

Categories: Mobile, Tin-foil-hat

When assessing web applications, we typically look for vulnerabilities such as SQLi and XSS, which are generally a result of...

Too Easy – Adding Root CA’s to iOS Devices

Reading time: ~8 min

Posted by Dominic White on 23 March 2016

Categories: Certificates, Ios, Mitm, Mobile, Rogue-ap

With the recent buzz around the iMessage crypto bug from the John’s Hopkins team, several people pointed out that you...

Advanced Cycript and Substrate

Reading time: ~9 min

Posted by etienne on 18 March 2016

Categories: How-to, Ios, Mobile

Mobile assessments are always fun as the environment is constantly evolving. A recent trend has been the use of custom...

Android hooking with Introspy

Reading time: ~8 min

Posted by symeon on 10 March 2016

Categories: Android, Howto, Mobile, Blackbox, Hooking

Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for...

Channel 4 – Mobile Phone Experiment

Reading time: ~2 min

Posted by glenn on 06 February 2014

Categories: Mobile, Programming

This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile...

Hacking by Numbers – The mobile edition

Reading time: ~3 min

Posted by etienne on 19 August 2013

Categories: Mobile, Pentest, Training

West Coast in the house, well actually more like an African visiting Seattle for Blackhat’s West Coast Trainings. We’ve had...

A software level analysis of TrustZone OS and Trustlets in Samsung Galaxy Phone

Reading time: ~15 min

Posted by behrang on 04 June 2013

Categories: Mobile, Programming, Python

Introduction: New types of mobile applications based on Trusted Execution Environments (TEE) and most notably ARM TrustZone micro-kernels are emerging which...

Your first mobile assessment

Reading time: ~3 min

Posted by etienne on 20 May 2013

Categories: Mobile, Pentest, Training

Monday morning, raring for a week of pwnage and you see you’ve just been handed a new assessment, awesome. The...

Poking Around in Android Memory

Reading time: ~5 min

Posted by etienne on 11 February 2013

Categories: Memory analysis, Mobile, Programming

Taking inspiration from Vlad’s post I’ve been playing around with alternate means of viewing traffic/data generated by Android apps. The...

ITWeb Security Summit 2012

Reading time: ~3 min

Posted by Charl van der Walt on 08 May 2012

Categories: .za, Community, Conferences, Local, Mobile, Sap

This year, for the fourth time, myself and some others here at SensePost have worked together with the team from...

Mobile Security – Observations from the developing world

Reading time: ~6 min

Posted by Charl van der Walt on 06 March 2012

Categories: Press release, Rambling, Threat modelling, Mobile

By the year 2015 sub-Saharan Africa will have more people with mobile network access than with access to electricity at...

Mobile Security Summit 2011

Reading time: ~1 min

Posted by saurabh on 01 November 2011

Categories: Conferences, Mobile, Research, Reversing, Tools

This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was...

Runtime analysis of Windows Phone 7 Applications

Reading time: ~2 min

Posted by behrang on 14 September 2011

Categories: Conferences, Mobile, Research, Uncon, Windows phone

Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform...

Our Blog