Reverse Engineering
Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover
Even within organizations that have achieved a mature security posture, targeted NTLM relay attacks are still incredibly effective after all these years of abuse. Leveraging several of these NTLM relay primitives, specifically ...
The Critical Need to Defend Against Unauthorized Apps
Pearce Erensel | | API security, API Security - Analysis, News and Insights, Business, mobile app development, mobile app security, Repackaged Apps, Reverse Engineering
Safeguarding Security and Integrity: In today's digital landscape, mobile applications have become integral to our daily lives, offering convenience, entertainment, and essential services. However, with the rise of mobile app usage, there's ...
Uncovering RPC Servers through Windows API Analysis
IntroHave you ever tried to reverse a simple Win32 API? If not, let’s look at one together today! This article serves as a hand-holding walkthrough and documents in detail how I analyzed ...
ChatGPT and API Security
George McGregor | | api, API Keys, API security, API Security - Analysis, News and Insights, Mobile App Authentication, Mobile Security, Reverse Engineering
First of all, this blog was written by a human being! Now that that's out of the way, let's get onto our main topic for today which is to take a look ...
How to Prevent API Abuse on Mobile Apps
David Stewart | | api, API Abuse, API security, API Security - Analysis, News and Insights, Bots, Mobile App Authentication, Mobile Security, Repackaged Apps, Reverse Engineering
API abuse is a growing concern in today's digital landscape, with criminals finding new and innovative ways to exploit APIs for their own gain. According to a recent study by Salt Security, ...
Securing Mobile Gambling Platforms
David Stewart | | API security, API Security - Analysis, News and Insights, Bots, mobile app development, Mobile Security, Reverse Engineering, threats
Gambling has come a long way since the days of visiting a bricks and mortar outlet and filling in some paperwork to bet on a small set of events and outcomes. Recent ...
How Do I Protect My Flutter App?
David Stewart | | Android Security, API security, API Security - Analysis, News and Insights, MitM Attack, mobile app development, Mobile Security, Reverse Engineering
Google’s open source Flutter has quickly become one of the most popular development toolkits for building cross platform mobile applications. In this article we will examine what security is built-in to Flutter ...
What is Bot Protection?
David Stewart | | API Abuse, API Security - Analysis, News and Insights, Bots, Mobile App Authentication, Mobile Security, Reverse Engineering
If you're a mobile app developer, chances are you've heard of bot protection. Bots are programs that run automated tasks over the internet. Although criminals can use them for malicious purposes, such ...
Android Application Hacking
Deepti Sachdeva | | Android Application Hacking, Cyber Security, owasp, pentesting, Reverse Engineering, VAPT
The most widely used alternative for consumers to desktop software has evolved to be Android apps. Sensitive data is processed often by mobile applications, and this makes them a prime target for ...
How Should API Keys be Stored?
David Stewart | | API Abuse, API Keys, API Security - Analysis, News and Insights, mobile app development, Mobile Security, Reverse Engineering
Mobile app developers keep hearing that they shouldn’t store API keys in their app code but they don’t hear where they should store them. In this article we discuss the topic and ...