Articles
Ostorlab Nuggets in June issue 5
Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and moreā¦.
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.
5 things every mobile security professional should know about WebViews
This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.
Ostorlab detects Dependency Confusion
Dependency Confusion is a new attack with high severity impact. This article is an overview of the vulnerability as well as other supply chain attacks.
Finding superhuman XSS polyglot payloads with Genetic Algorithms
The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.
News and Updates of Week 8
This weeks is marked by multiple high profile data breaches affecting Cashalo, Npower, Kia, T-Mobile and Clubhouse.
Ostorlab adds Web Security Scanning to its arsenal
Ostorlab is adding Web Security Scanner to its arsenal with novel approaches to vulnerability discovery.
Release of a new analysis environment to aid manual assessment
New Analysis Environment with access to disassembly, decompiled source, call trace, function tagging and many other features.
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.
Autonomous Security: Pushing Security Automation to the Next Level
The article introduces the term Autonomous Security in the context of security scanning and defines 5 tiers of maturity.
