Pieces0310

取证须让证物说话,莫妄以自我心证来给案情下定论.切忌画靶射箭,为找而找. 取证的根基仰赖经验与判断,在IT各领域的经验愈丰富,愈能看出端倪. 取证须善用工具,但不过度依赖工具.工具只能帮你缩小可能范围,但无法告诉你答案,仍需靠人进行分析判断.

首页 新随笔 联系 订阅 管理

随笔分类 -  App Analysis

摘要:When it comes to intercepting encrypted transmission packets, people usually think of bypassing "Certificate Pinning".Besides, there is a amazing tool 阅读全文
posted @ 2025-01-26 19:35 Pieces0310 阅读(40) 评论(0) 推荐(0) 编辑

摘要:If you don't intend to set up an App Lock for specific apps, is there a simpler way to achieve the same goal? The answer is certainly yes, and that is 阅读全文
posted @ 2024-03-31 20:14 Pieces0310 阅读(48) 评论(0) 推荐(0) 编辑

摘要:An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone X irrespective of whether they run iOS 12 or iOS 13 and make 阅读全文
posted @ 2019-12-19 23:16 Pieces0310 阅读(554) 评论(0) 推荐(0) 编辑

摘要:前言: 这篇其实是上一篇的中文版,因为有同学希望我直接提供中文版,因此才又有了这一篇出现~ 我的几位朋友问我有关中间人攻击风险的相关问题,因此他们也想了解如何验证App是否潜藏着风险. 以一款受欢迎的App”X”为例,若此App未达到证书绑定(Certificate Pinning)的要求,我们势必 阅读全文
posted @ 2018-03-09 22:42 Pieces0310 阅读(323) 评论(0) 推荐(0) 编辑

摘要:Some friends of mine they worry about the risk of Man-in-the-middle so they ask me how to verify the potential risk of some Apps. Take a popular shopp 阅读全文
posted @ 2018-03-08 23:31 Pieces0310 阅读(478) 评论(0) 推荐(0) 编辑

摘要:有个朋友喜欢玩手游,尤其是"钢甲鐡拳",常见他玩的不亦乐乎.他昨天问了我一个问题,他说他喜欢把机器人战斗的画面录下来并上传视频,好让自己及其它人欣赏战况. 但他的问题在于,不论是用iTools的实时桌面或其它工具来录像,不但画面会有点模糊不清,甚至过程中都会lag,造成录下的视频内容不流畅,他非常的 阅读全文
posted @ 2017-12-28 22:36 Pieces0310 阅读(1166) 评论(0) 推荐(0) 编辑

摘要:在检测App的过程之中,总会遇到比较棘手的,以”侦测是否遭破解的装置”为例,便会是个不好处理的状况.当App具备侦测装置是否已遭Root时,一旦发现装置已遭破解,便会停止运行,等于是只准安装及运行在未Root的装置之上. 有人会说,那就装可以”反反制”的App,来欺骗特定App是运行在非Root的装 阅读全文
posted @ 2017-07-25 23:12 Pieces0310 阅读(306) 评论(0) 推荐(0) 编辑

摘要:My friend Carrie'd like to know "Garena 传说对决" violates any mobile risks such as insecure data storage or sensitive data disclosure . Let's take a look 阅读全文
posted @ 2017-04-28 11:11 Pieces0310 阅读(335) 评论(0) 推荐(0) 编辑

摘要:A case about suspicious malware App. A forensic examiner capatured some pcap files and he'd to know where the desitnation is. Let me show you how to s 阅读全文
posted @ 2017-04-17 22:40 Pieces0310 阅读(387) 评论(0) 推荐(0) 编辑

摘要:A friend of mine claimed that someone stole her personal data via hacking certain App. She installed that App several months ago and registered an acc 阅读全文
posted @ 2017-04-08 23:17 Pieces0310 阅读(608) 评论(0) 推荐(2) 编辑

摘要:It's reported that FB Messenge is the most secure App for instant messaging service. Let's see if FB messenger is secure enough or not. I'll evaluate 阅读全文
posted @ 2016-10-31 15:30 Pieces0310 阅读(442) 评论(0) 推荐(0) 编辑

摘要:Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smar 阅读全文
posted @ 2016-10-02 10:35 Pieces0310 阅读(358) 评论(0) 推荐(0) 编辑

摘要:What will you do when you conduct a malware analysis on a smartphone? You will focus on running processes or services, and also you'll capture memory 阅读全文
posted @ 2016-09-24 15:32 Pieces0310 阅读(320) 评论(0) 推荐(0) 编辑

摘要:先前为大家说明了如何对App的HTTPS通讯进行中间人攻击,听起来很吓人吧~表示若是使用手机的网银或购物等App,便有可能暴露在风险之中。 会发生HTTPS遭受拦截的主要原因是客户端的App未对服务器端的SSL证书进行验证所致。如此一来,有心人士便有了可趁之机,借由中间人攻击手法,分别对客户端的Ap 阅读全文
posted @ 2016-08-06 08:57 Pieces0310 阅读(609) 评论(0) 推荐(1) 编辑

摘要:最近App安全受到不小的關注,有人問我,說某某App不安全,究竟是真的還假的啊...所謂有被攻擊的風險,是不是危言聳聽,只是為了嚇人來著的? 現在就來為各位說明一下,是怎麼個不安全法.就來說說攻擊是怎麼回事吧~ 对付HTTPS可采用SSL劫持的手法,也就是SSL证书欺骗攻击。攻击者为了获得HTTPS 阅读全文
posted @ 2016-07-28 22:20 Pieces0310 阅读(1285) 评论(0) 推荐(0) 编辑

摘要:现代人早已脱离不了智能手机,几乎人手一机,常见人边走边滑,着实危险。大家用手机App购物,用网银App付费,用股票App下单炒股,太方便了所以成了家常便饭。 没错,就是因为太方便,所以大多只会留意好不好用,而鲜少有人会去留意是否够安全。当然了,所谓够不够安全其实牵涉到许多方方面面,包括网络传输、加密 阅读全文
posted @ 2016-06-18 10:46 Pieces0310 阅读(642) 评论(2) 推荐(0) 编辑

摘要:各位可曾有过使用智能手机App在网络商店购物的经验,想必是有的,那你/妳会不会担心不够安全呢?有人会说放心吧,购物网站有使用SSL/TLS加密传输,我们就来聊聊HTTPS好了. 客户端与服务器端的交握过程是这样的,client发出request,而server在收到request后,会将自身信息以证 阅读全文
posted @ 2016-06-12 14:49 Pieces0310 阅读(375) 评论(0) 推荐(0) 编辑

摘要:A friend of mine asked me help him to examine his Android 5.0 smartphone. He did not say what's wrong with his phone, and he just wonder why his wife ... 阅读全文
posted @ 2015-09-22 22:55 Pieces0310 阅读(649) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示