The Birth of the DinoSec Blog
And the story continues... Almost four years ago we founded the Taddong Security Blog, replacing our first information security blog, RaDaJo, originally created about four years before. So, it seems...
View ArticleOWASP Vulnerable Web Applications Directory (VWAD) Project
For about two years (Oct 2011 - Oct 2013) I have been maintaing the "Hacking Vulnerable Web Applications Without Going To Jail" blog post, adding new vulnerable web applications you can use to put in...
View ArticleRemoving the Android Device Lock from any Mobile App
Shameless plug: I will be teaching the 6-day SANS SEC575 training, "SEC575: Mobile Device Security and Ethical Hacking", in AbuDhabi, UAE (Apr 26, 2014 - May 1, 2014) and Berlin,Germany (Jun 16-21,...
View ArticleDinoSec Challenge 0: What is the name of this dinosaur?
At the end of last year, during the CCN-CERT conference, I challenged the audience when I reached my speaker bio slide. There, I showed "my picture" and how I "look like" nowadays as a member of...
View ArticleDinoSec Challenge 0: Solution and Winners
This article provides details about the solution and winners of "DinoSec Challenge 0" (... and also explains how you can ruin a challenge trying to publish a nice blog post with images that fit on the...
View ArticleiCamasu
For the iOS updates security research I presented at both RootedCON and Area41 this year (more details will be published in an upcoming blog post... still waiting for a fix!), I processed and analyzed...
View ArticleiOS: Back To The Future
UPDATE (September 17, 2014): Apple has addressed the "iOS: Back to the Future" vulnerability in iOS 8 and it has been identified with CVE-2014-4383.Apple mobile devices based on the iOS platform, such...
View ArticleBypassing iOS Lock Screens: A Comprehensive Arsenal of Vulns
UPDATED: Up to iOS 8.1 (Oct 20, 2014)The iOS mobile platform has been subject to numerous lock screen bypass vulnerabilities across multiple versions. Although Apple strives to fix these...
View ArticleAttacking Wi-Fi Clients: Introduction
During the last decade, an uncountable number of articles, whitepapers and presentations have been published about Wi-Fi security, hacking, attacks and defenses. Most of that research, including attack...
View ArticleiOS: Back To The Future II
Last year I disclosed publicly the "iOS: Bact to the Future" vulnerability affecting iOS Apple devices, from version 5.x up to version 7.x (the video of the presentation is available in Spanish, and...
View ArticleiOS Passcode Recovery with iPhone Data Protection Tools (Using Yosemite)
Shameless plug: During the first half of this year I will be teaching the 6-day SANS SEC575 training, "SEC575: Mobile Device Security and Ethical Hacking", in Amsterdam, Netherlands (May 11-16, 2015),...
View ArticleWhy Do Wi-Fi Clients Disclose their PNL for Free Still Today?
Shameless plug: Don't miss this year 2015 RootedLab, a great opportunity to learn and practice effective client Wi-Fi attacks (& defenses) though a new updated hands-on workshop full of tips and...
View ArticleThe Birth of the DinoSec Blog
And the story continues... Almost four years ago we founded the Taddong Security Blog, replacing our first information security blog, RaDaJo, originally created about four years before. So, it seems...
View ArticleOWASP Vulnerable Web Applications Directory (VWAD) Project
For about two years (Oct 2011 - Oct 2013) I have been maintaing the "Hacking Vulnerable Web Applications Without Going To Jail" blog post, adding new vulnerable web applications you can use to put in...
View ArticleRemoving the Android Device Lock from any Mobile App
Shameless plug: I will be teaching the 6-day SANS SEC575 training, "SEC575: Mobile Device Security and Ethical Hacking", in AbuDhabi, UAE (Apr 26, 2014 - May 1, 2014) and Berlin,Germany (Jun 16-21,...
View ArticleDinoSec Challenge 0: What is the name of this dinosaur?
At the end of last year, during the CCN-CERT conference, I challenged the audience when I reached my speaker bio slide. There, I showed "my picture" and how I "look like" nowadays as a member of...
View ArticleDinoSec Challenge 0: Solution and Winners
This article provides details about the solution and winners of "DinoSec Challenge 0" (... and also explains how you can ruin a challenge trying to publish a nice blog post with images that fit on the...
View ArticleiCamasu
For the iOS updates security research I presented at both RootedCON and Area41 this year (more details will be published in an upcoming blog post... still waiting for a fix!), I processed and analyzed...
View ArticleiOS: Back To The Future
UPDATE (January 25, 2015): New details regarding "iOS: Back to the Future II" released.UPDATE (September 17, 2014): Apple has addressed the "iOS: Back to the Future" vulnerability in iOS 8 and it has...
View ArticleBypassing iOS Lock Screens: A Comprehensive Arsenal of Vulns
UPDATED: Up to iOS 14.0.1 (Oct 15, 2020)The iOS mobile platform has been subject to numerous lock screen bypass vulnerabilities across multiple versions. Although Apple strives to fix these...
View Article
More Pages to Explore .....