Intrepidus Group

Monthly Archives: September 2011

OWASP Mobile – Top 10 Risks at AppSec USA

Posted: September 27, 2011 – 2:09 pm | Author: | Filed under: Conferences, Mobile Security

As one of the project leaders for the OWASP Mobile Security Project, it behooved me to help present, nay unveil the Release Candidate of the OWASP Top 10 Mobile Risks at OWASP AppSec USA 2011. Along with two of the other project leaders — Jack Mannino, of nVisium Security, and Mike Zusman, of Carve Systems […]

ARM, Pipeline and GDB, Oh My!

Posted: September 22, 2011 – 12:19 am | Author: and | Filed under: ARM

This post off will start with an important question. Look at Listing 1 below; after executing the instruction located at main+12, what values will be stored in r0 and r1? Take a moment to consider this. My first (albeit incorrect) answer was that r0 would have 0x000083bc (main+8) stored in it and that r1 would […]

A Brave New Wallet – First look at decompiling Google Wallet

Posted: September 21, 2011 – 10:12 am | Author: | Filed under: android, Humor, Mobile Security, NFC, Reverse Engineering, RFID, software security

For the record, I welcome our new contactless payment overlords. I truly see the value in having the ability to make a payment transaction with our mobile devices. This opens up an opportunity to make these transactions more secure, give customers a better user experience, and also give them more control over payment options. Sure […]

Pentesting WP7 apps (Part I)

Posted: September 16, 2011 – 11:30 am | Author: | Filed under: Reverse Engineering, Tools, WP7

With over 30,000 apps in the marketplace within a year of launch, Microsoft’s Windows Phone 7 platform seems to grabbing consumer attention slowly but steadily. Though the installed user base is nowhere close to that of Android or iOS, Gartner’s predictions notwithstanding, in the last few months we’ve seen an increasing interest from companies on […]

Finding Which Root CAs You Actually Use

Posted: September 2, 2011 – 10:23 am | Author: | Filed under: PKI, ssl, Tools

With all the recent talk about fake SSL certs issued by root-level Certificate Authorities at Comodo and DigiNotar and so forth, I thought it’d be interesting to run a little experiment. One thing that these compromises have highlighted is the huge number of root certificate authorities in modern operating systems and browsers. But how many […]

rot13? Can’t bring that weak stuff up-in-here!

Posted: September 1, 2011 – 5:21 pm | Author: | Filed under: Administriva, bugs, Humor

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 24799 items have been purified.