Ostorlab: Mobile App Security Testing for Android and iOS

Tag

instrumentation

Enhancing PostMessage XSS Detection with Proxy Object Instrumentation

The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.

Alaeddine Mesbahi


            Thu 04 April 2024

Engineering

Swift Under the Microscope: Practical Dynamic Instrumentation

Article on Swift Dynamic Instrumentation. The article explains the steps to perform dynamic analysis of Swift-based application, covering name mangling, Swift ABI & extraction of function arguments in Swift.

Abderrahim Haddadi


                  Mon 11 March 2024

Product

Ostorlab Nuggets in June issue 5

Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….

Anne


                  Thu 27 May 2021

Security

Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB

This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.