Encoder for Android: сomplete software anatomy


Until recently, based on the results of surveys and personal experience, I had the impression that users believe that the value of data stored on a device greatly exceeds the cost of the device itself. Why until recently? Well, the current US dollar exchange rate means that I haven't seen such surveys among new iPhone users :).

Read full article →

Android 6.0 permissions in protection and attack


Everyday, new vulnerabilities are discovered in mobile devices that can be exploited by intruders. They can send an SMS to a pay-per-call number, they can collect and sell a large database of contact details, and they can also compromise a specific individual. Successful exploitation of a vulnerability requires that a whole range of conditions are met. There is another way, however! Provide the user with a really useful application (a game with birds), whose manifest contains a list of device information that we are interested in. In this article, we will look at ways of obtaining and saving important information from an Android device.

Read full article →

The Forest Is Under Control. Taking over the entire Active Directory forest


Active Directory is a phenomenon that comes about quite often during the security testing of large companies. It is all too common to come across not a single domain in a single forest, but rather a more interesting structure with more branches. So today we are going to focus on how to perform reconnaissance and study forest structures. We will also look at possibilities for increasing privileges. Then we will conclude by compromising an enterprise's entire forest!

Read full article →

Avian influenza. Review of *nix vulnerabilities in 2015


According to cvedetails.com, more than 1,305 vulnerabilities have been found in the Linux core since 1999. Sixty-eight of these were in 2015. Most of them don't cause many problems (they are marked as Local and Low), and some may cause problems only if they are attached to certain applications or OS settings. In reality these numbers are not that big, but the core is not the entire OS. There are also vulnerabilities found in GNU Coreutils, Binutils, glibs and, of course, user applications. Let's take a look at the most interesting of the bunch.

Read full article →

Chromium Alloy. How to forge a hacking tool from a browser


The phrase "hacking utilities" has gradually come to acquire a negative meaning. Antivirus software teams curse them out, and users look down on them, placing them on a par with potential threats. But one can perform an audit and other relatively significant tasks simply from the browser, if it is prepared properly. In this article we take a look at the respective add-ons to Chrome, but one can find similar additions for Firefox as well.

Read full article →

Jailbreaking for dummies. What to do after a device has been cracked


So you've decided to jailbreak your device, downloaded a proper utility from the website pangu or taig, connected your smartphone to your computer, and launched the application. After several reboots, a message was displayed on the screen confirming the jailbreak's success and the Cydia application was installed on the device. It seems that everything worked fine, but what's next? If you've ever asked yourself this question, this article is for you.

Read full article →