Blog

Building modern SSDLCs - Securing Software at Scale

Security in the last years was mostly focused on infrastructure protection, but application security has slowly grown in relevance and will likely continue to do so. Applications play a growing role for businesses and application specific programs are often not yet in place. What Microsoft started with an SDL - a secure development lifecycle - has not been implemented nor is it easily transferable into the modern world of agile methodologies, DevOps and increased deployment speed.

When your DNS leaks your infrastructure

I recently made a small and seemingly unimportant mistake: I tried to contact a server from a company's infrastructure but was not logged in to their VPN. Boring, you may think, happens every day. But a few hours later I was writing python code and mass-scanning the internet for DNS servers.

Story of a compromised wordpress server

What to do when your PHP server gets hacked? This is a story of a compromised linux web server I recently dealt with. New PHP files had appeared that had nothing to do with the wordpress application running on the server and for a specific user agent, all traffic was...

Hacking Android apps with FRIDA III - OWASP UnCrackable 2

Shortly after my second blogpost on Frida, @muellerberndt decided to publish another OWASP Android crackme and I was tempted to see whether I could solve it with Frida again. If you want to follow along, you need the OWASP Uncrackable Level2 APK Android SDK and Emulator (I am using an Android 7.1 x64 image)...

Hacking Android apps with FRIDA II - Crackme

After the introduction to Frida in the first part of this post, we are now bringing Frida to use for solving a little crackme. After what we have already learned about Frida, this is going to be easy (- in theory). If you want to follow along, please download the OWASP Uncrackable...

Hacking Android apps with FRIDA I

When I visited RadareCon last year, I learned about Frida, a dynamic binary instrumentation framework. And what seemed only interesting at first, turned out to be quite a lot of fun. Remember God mode in games? That’s what Frida feels like for native apps. This is a blog post about using Frida for...

Decrypting Adwind jRAT jBifrost trojan

This is a post on how to dissect the AdWind / jRAT / jBifrost Java trojan that has been around for quite a while and is still actively distributed in multiple variants. jRAT is nothing new and it has been decrypted before, but it’s still an interesting excercise. I retreived...

Practical OSINT with recon-ng

How it works I recently had the chance to compile a (semi-)passive OSINT (Open Source Intelligence) report for a client. I used recon-ng as a basis for gathering information and automatically querying multiple sources of information, so here is a blog post about it. OSINT means that you try to figure out...

Securing a linux standalone webserver: 8 basic steps

This blog post should help you to set up some basic security measures on your stand-alone webserver. It focuses on a typical LAMP stack and open source security solutions, but should in principle be applicable to other linux web servers and database setups as well. I’m going to give a...