Showing posts from June, 2022

Detecting Linux Anti-Forensics Log Tampering

  When forensically examining Linux systems for malicious intrusion, responders often rely on the following three artefacts to determine logins and logouts: /var/run/utmp – currently logged in users /var/run/wtmp – current, past logins and system reboot  /var/log/btmp – bad login attempts  Of course, these artefacts are not all you can forensically investigate for malicious access (there are other artefacts you can examine), however, these will be the focus of this anti-forensics blog post.  In this post, I will walk through two methods of removing and tampering with these aretfacts to delete the malicious logins you want to hide. The first method removes the log line completely from the file through overwriting the binary file, the second method focuses on altering the hex of the file but is more obvious to detect. I will then walk through a simple way of detecting both methods based on timestamps that you can check. If timestamps are king – then I’ll be his queen! Method 1 – Nulling

Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains

  Welcome back my masochistic kings and queens... This is PART 2 of how to reverse engineer and exploit iOS binaries.  Check out part 1 of How to Reverse Engineer and Patch iOS Applications here . By the end of this blog post you will be able to reverse engineer an arm64 iOS binary and exploit it in two ways – first through a buffer overflow, and then through a ROP chain. Once again, I will walk you step-by-step through the following: Building and compiling your own iOS binary  Reverse engineering the binary  Calculating the runtime function addresses without disabling ASLR  Buffer overflow attack ROP chain exploitation  We will only be using FREE tools because I don’t like to spend money on nerd things. Therefore, for this blog post/tutorial, I have compiled and built you an iOS binary that you can use and abuse. I have also included the source code on GitHub for all my evil cheaters out there!!! Don’t think for a second that I don’t know you exist :P. Download the exercise binary “do

How to Reverse Engineer and Patch an iOS Application for Beginners: Part I

So you want to reverse and patch an iOS application? I got you >_< This blog is focused on reversing an iOS application I built for the purpose of showing beginners how to reverse and patch an iOS app. No fancy tools are required (IDA O.o), it's just you, me & a debugger <3 The app is a simple, unencrypted Objective-C application that just takes in a password and the goal of this is to bypass the password mechanism and get the success code. This blog post will focus on reversing/debugging the application and will not cover aspects of static analysis. The reason I wanted to write this is because I realised this topic is confusing for a lot of people and I wanted to try and write a blog that attempts to explain it in a more beginner-friendly way.  Originally, I planned this content to be a TikTok video, but I am sick of TikTok’s community guidelines and rules against any “offensive” security content. So… as a result, I’m probably going to be writing more blogs now.  The