Carlos Holguera
Carlos Holguera
https://twitter.com/leonjza/status/1495445380292558857?t=o7MgyV0wjMTQe2CLPrie4w&s=19
What about mentioning https://github.com/reddr/LibScout in 0x05i -> ## Checking for Weaknesses in Third Party Libraries (MSTG-CODE-5) ? Let's verify its effectiveness first before including it.
By including the URL of the intended website within the SMS, it would mean websites and apps could automatically detect and read a 2FA SMS message, inputting the data. This...
https://developer.android.com/about/versions/13/behavior-changes-all#copy-sensitive-content
Upgrade section "Bypassing Jailbreak Detection" in https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md#jailbreak-detection-mstg-resilience-1 TODO: - simplify - remove hopper (and images), use radare2 instead - remove cycript, use frida instead - or simply reduce all to...
@vadimszzz has written a nice document including an overview of the iOS platform which is located in the following section: https://github.com/vadimszzz/iOS-Internals-and-Security-Testing#ios-platform-overview We can use this to enhance our current chapter....
Add references to https://learnfrida.info/ which extends the MSTG Dynamic Binary Instrumentation (DBI) testing techniques. In Document/0x08-Testing-Tools.md, create a section right before "#### Frida for Android" and call it "#### Frida...
Google will discontinue SafetyNet API in favor of Play Integrity API https://developer.android.com/google/play/integrity/migrate We should update the SafetyNet section accordingly.
Research and analyze security impact: https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device At least mention it in Fundamentals / Basic Security testing (0x06b).