In the book we looked at specific examples of vulnerabilities. My goal was to cover as many classes of issues as possible, though of course I could not cover every possible issue you might encounter on your pentests. As you continue your penetration testing career, you will need to take what you have learned and…»Read the full article
In my book chapters about exploit development, I note that finding bad characters is outside of the scope of the chapters and just give the readers the bad characters list. With only four exploit development chapters in the book, there is just so much I can cover. My editors asked me to provide a…»Read the full article
This capture the flag game and accompanying class is designed with security beginners and those who are new to CTFs in mind. The vulnerabilities will range from blank passwords to custom buffer overflow vulnerabilities. Choose the instructor of your choice and work with the rest of the students to defend servers built by the other…»Read the full article
One of the features of SPF is being able to take a compiled Android APK and refactor it to include the SPF Agent. Details of how to do this in SPF are in the SPF User manual Backdooring APKs section. The resulting app looks and feels like the original app, but with some…»Read the full article
I’ve been messing with SMS for hidden out of bounds communication since 2011. My earlier work involved a backdoored device driver:
Demo Video: Background SMS Demo Whitepaper: Transparent Botnet Command and Control for Smartphones over SMS PoC Code: botPoCrelease-android.c Slides: Shmoocon 2011 Slides
This post assumes basic knowledge of using the Smartphone Pentest Framework (SPF). Specific required knowledge is referenced in the User Manual as it is referenced.