Programming
Poking Around in Android Memory
Taking inspiration from Vlad’s post I’ve been playing around with alternate means of viewing traffic/data generated by Android apps.
The technique that has given me most joy is memory analysis. Each application on android is run in the Dalvik VM and is allocated it’s own heap space. Android being android, free and open, numerous ways of dumping the contents of the application heap exist. There’s even a method for it in the android.os.Debug library: android.os.Debug.dumpHprofData(String filename). You can also cause a heap dump by issuing the kill command:
T-Shirt Shell Competition
For our internal hackathon, we wanted to produce some shirts. We ran a competition to see who could produce a reverse shell invocation most worthy of inclusion on a shirt. Here are the submissions, which may be instructive or useful. But first; the winning t-shirt design goes to Vlad (-islav, baby don’t hurt me, don’t hurt me, no more):
Funny story; the printer left out the decimal points between the IP, so we had to use a permanent marker to put them back. Oh, also, many of these were originally taken from somewhere else then modified, we don’t claim the full idea as our own. Anyway, onto the shells!
Solution for the 44Con Challenge
Last week, we published our 44Con “SillySIP” Challenge for free entry to our BlackOps training course at the 44Con conference this year. We’d like to thank all those who attempted this challenge.
$queue->add($beatbox_drumroll);
The winner, who responded with the first correct answer, is Ben Campbell. As a result, he gets to hang out with our trainers on a free BlackOps training course.
Congratulations Ben! We look forward to meeting you (in person) at the BlackOps training.
44Con Challenge
In a similar fashion to the BlackHat challenge held earlier this year, we’re giving away a free ticket to our BlackOps course at this year’s 44Con. As a penetration tester, knowledge of an issue is not enough when one needs to demonstrate risk to a client. Furthermore, when large numbers of potential targets are involved, it becomes crucial that effective attacks are packaged and automated to allow for mass-pwnage.
Solution for the BlackHat Challenge
We had published a network protocol analysis challenge for free entry to our BlackHat 2012 Vegas training courses and received seven correct answers. We’d like to thank those who attempted this challenge and hope that they find it useful.
The winner, Peter Af Geijerstam managed to respond first, with the correct answer. As a result, he wins a free place on any of our Hacking By Numbers courses. Here is a brief solution for it:
BlackHat Challenge
This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a decade now. To celebrate this, we thought we’d give away a free ticket to any of our courses on offer at this year’s BlackHat Briefings in Las Vegas.
With data breaches happening almost on a monthly basis these days, everyone is turning to encryption in order to protect their information. Bob, a rather tech-savvy gentleman, works for a FTSE 100 company and they’ve written their own secure message implementation. You’ve been tasked to perform a penetration test and noticed that after compromising their shared document server, an internal web application leaked the source code used by the company for the client and the server.
Preflighting Application Error (0xE800000*) on iPhones
For those writing apps for the iPhone, you have a good chance of bumping into the highly annoying preflighting application error:
Ralf Rottmann of [24100.net] has a [pretty comprehensive post on how to fix this] (the problem resides in xcode not corerctly tagging the applications BundleID)
Lets hope it does better than netsec.reddit..
Introducing [http://www.reddit.com/r/ReverseEngineering/]
(like its name suggests, a reddit thats all about Code RE..)
Another time sink-hole..
A while back some of us discovered and subsequently lost days to “The Python Challenge“. Well.. prepare to write off a little more time, and check out “Project Euler“. From its about page:
”
What is Project Euler?
Project Euler is a series of challenging mathematical/computer programming problems that will require more than just mathematical insights to solve. Although mathematics will help you arrive at elegant and efficient methods, the use of a computer and programming skills will be required to solve most problems.
MSDN Mag – Security Edition is out..
The November edition of MSDN magazine [is available] and is another security issue.. The articles look interesting, and if you look closely you should notice articles by infosec rockstars like mike howard, damien hasse and the occasional member of LSD..
Grab it while its hot…