Summary A critical design flaw was discovered in the JWT authentication implementation used by ParentCommApp, an iOS app developed by Ednovation. The app includes a hardcoded shared secret key use...

Summary A critical security vulnerability was discovered in ParentCommApp — an iOS mobile application used by preschools and parents for communication within the Ednovation ecosystem. The vulnera...

Given a deceptively “simple” mememaker3000.html file weighing in at 2.5MB and packed with obfuscated JavaScript—don’t panic! At first glance, the file might feel like a cosmic joke on developers, b...

Given a .yara file with hundreds of conditions, we need to dive deep to recover each character and reconstruct the hidden Yara rules. This is indeed a pleasant challenge—or am I wrong? Challenge d...

We recently came across a silly executable that appears benign. It just asks us to do some math… From the strings found in the sample, we suspect there are more to the sample than what we are seein...

Dive into my journey through the Flare-On 11 CTF Challenge! I tackled all 10 challenges this year, and in this series, I’ll break down my thought process, strategies, and discoveries. Whether you’r...

Welcome to the iOS Application Security Lab: Run Time Dynamic Library Injection Challenge. This challenge focuses on a fictitious app called Run Time , which tracks the steps while running. Your ob...

In this post, we will reverse the Youtube app to know how to add custom playback speed and understand why it does not work straight forward. Disclaimer This post is for educational purposes only...

In this post, we will reverse an app using the StoreKit framework and bypass In-app purchases (IAP) features. This case’s quite special as the app will force the user to purchase the app as a free ...

In this post we will continue to enhance Medium tweak. We will learn how to create a preference bundle and hook into Settings.app to configure default claps. If you have not read part 1 yet, I sugg...