Our Blog

Our news

All you need to know

objection – mobile runtime exploration

Reading time: ~4 min
introduction In this post, I want to introduce you to a toolkit that I have been working on, called objection....

PwnBank en route to Vegas

Reading time: ~3 min
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering....

Not-quite-triangulation using the who’s near me feature in location-aware web apps

Reading time: ~3 min
When assessing web applications, we typically look for vulnerabilities such as SQLi and XSS, which are generally a result of...

Too Easy – Adding Root CA’s to iOS Devices

Reading time: ~8 min
With the recent buzz around the iMessage crypto bug from the John’s Hopkins team, several people pointed out that you...

Advanced Cycript and Substrate

Reading time: ~9 min
Mobile assessments are always fun as the environment is constantly evolving. A recent trend has been the use of custom...

Android hooking with Introspy

Reading time: ~8 min
Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for...

Channel 4 – Mobile Phone Experiment

Reading time: ~2 min
This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile...

Hacking by Numbers – The mobile edition

Reading time: ~3 min
West Coast in the house, well actually more like an African visiting Seattle for Blackhat’s West Coast Trainings. We’ve had...

A software level analysis of TrustZone OS and Trustlets in Samsung Galaxy Phone

Reading time: ~15 min
Introduction: New types of mobile applications based on Trusted Execution Environments (TEE) and most notably ARM TrustZone micro-kernels are emerging which...

Your first mobile assessment

Reading time: ~3 min
Monday morning, raring for a week of pwnage and you see you’ve just been handed a new assessment, awesome. The...

Poking Around in Android Memory

Reading time: ~5 min
Taking inspiration from Vlad’s post I’ve been playing around with alternate means of viewing traffic/data generated by Android apps. The...

ITWeb Security Summit 2012

Reading time: ~3 min
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from...

Mobile Security – Observations from the developing world

Reading time: ~6 min
By the year 2015 sub-Saharan Africa will have more people with mobile network access than with access to electricity at...

Mobile Security Summit 2011

Reading time: ~1 min
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was...

Runtime analysis of Windows Phone 7 Applications

Reading time: ~2 min
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform...