Lifehacks for hackers: Exploiting of Data Protection API
The simplest way of how to find and exploit Data Protection API misconfigurations: Install the demo version of iExplorer tool on […]
Read More →The simplest way of how to find and exploit Data Protection API misconfigurations: Install the demo version of iExplorer tool on […]
Read More →Recently, Lyhin’s Lab decided to take a more challenging application. OroCRM v4.1.6: Has 785 stars and 260 forks on Github PHP […]
Read More →I suppose you want to discover how the pre-defined mobile application interacts with the filesystem and precisely understand what happens on […]
Read More →Why Scipio ERP (v2.0.0): 240 stars on Github Apache-2.0 License Java The mentioned vulnerabilities were found and exploited by Ihor Voschyk […]
Read More →Had an online talk at Practical Cyber Security Day. Presentation: https://lyhinslab.org/media/Lyhin_MATA.pptx Self-explaining screenshot: Related reference: https://lyhinslab.org/index.php/2020/10/17/lifehacks-for-hackers-how-to-audit-mobile-apps/
Read More →We have bad news for vendors whose applications use hardcoded secrets, for example, to create and validate JSON Web Tokens within […]
Read More →In web app security, a large number of clients attack the server. In client app security, the situation is opposite – […]
Read More →Well, we pwned one more piece of software. Who cares? Nah, nobody. Alright, now user “nobody” – see how we did […]
Read More →The stablest and the most efficient way to find the brand new and very own 0-days with no lingering deployment is […]
Read More →Mobile applications should not trust other applications on the device. The new generation likes it when an organization wants them to […]
Read More →