During an assessment, we discovered a vulnerability in the LedgerSMB application, a widely-used open-source accounting software tailored for small and mid-size businesses. This vulnerability, identified in versions 1.3 to 1.9, 1.10.0 to 1.10.29, and 1.11.0 to 1.11.8,...
Introduction This blog post provides a walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications. Furthermore, this blog post is using resources from OWASP MASTG and provides a comprehensive guide that discusses about mobile...
Introduction In this blog post we will discuss the use of Corellium emulator in Penetration Testing engagements. This blog post will also provide a walktrough on how to bypass Jailbroken detection using frida and r2frida, a plugin for radare2 that allows to instrument...
Following the blogposts that identified entry & mid-level resources for the penetration testing professional we will end this series with a list of advanced resources. If you haven’t read the two previous posts, we highly recommend to do so in order to get a more...
Following the previous blogpost of this series regarding entry level resources for penetration testing, we are going to proceed with a list of referenced material focusing on web application penetration testing. Mainly, some handy Burp Extensions, resources for...
* Opinions hosted on this blog do not necessarily represent TwelveSec, nor encourage the purchase of specific products or services. Any trademarks mentioned remain the property of the respective trademark holders. Tips provided are only provided as informative in nature and should not be relied on as advice or counsel.