Counter-Forensics. Protecting your smartphone against the Five Eyes

Date: 28/12/2019

Author:

The Editorial Board decided to publish this material after reviewing a large number of articles in various periodicals, including technical ones. All these publications, with no exceptions, repeat the same trivial recommendations: “use a complex screen lock code”, “enable the fingerprint scanner”, “disable Smart Lock”, “make use of two-factor authentication”, and the most sarcastic recommendation for many Android users: “update your OS”. No doubt, all these steps make sense, but are they sufficient to make your phone secure? We believe not.

Read full article →

Ghidra vs. IDA Pro. Strengths and weaknesses of NSA’s free reverse engineering toolkit

Date: 28/12/2019

Author:

In March 2019, the National Security Agency of the US Department of Defense (NSA) has published Ghidra, a free reverse engineering toolkit. A couple of years ago, I had read about it on WikiLeaks and was eager to lay hands on the software used by the NSA for reverse engineering. Now the time has come to satisfy our curiosity and compare Ghidra with other tools.

Read full article →

FUCK 2FA! Bypassing two-factor authentication with Modlishka

Date: 28/12/2019

Author:

Underground forums are full of offers to hack an account or two (or sell you the login credentials of some ten million accounts if you like). In most cases, such attacks involve phishing (sorry, social engineering) and use fake authentication pages. However, this method is ineffective if the user gets pushed a prompt or receives a text message with a six-digit verification code. I am going to demonstrate how to breach the two-factor authentication system by hacking a Google account belonging to one of this magazine’s humble editors.

Read full article →