Court of Analysis and Testing

source: https://me.me/i/when-you-make-a-meme-in-europe-but-you-use-22778509 Disclaimer: This blog post is heavily based on https://www.youtube.com/watch?v=ofTts7jlC2Y&t=177s created by Lukas Stefanko. I strongly suggest you guys check his youtube videos it contain many great android security study cases that you can learn free Background: Who doesn't know VPN, right?! It is a wonderful program that lets us maintain the confidentiality of our identity and information while surfing the internet. It is fast and more importantly is "FREE!" there are tons of free VPN applications that you can download in play store and use it in a click of a button. The workflow is also not really that difficult to understand: Source: https://blog.sucuri.net/2020/03/vpn-secure-online-work-environment.html Pay attention to the above figure, this diagram explains the difference in our connection when using a VPN and not using VPN. When using a VPN before we connect to ...

When I was scrolling through my twitter feed 2 weeks ago I noticed that azeria just release new material on her website and it's about ROP in ARM. As you know we talk a lot about ROP in several posts on ARM buffer overflow thus I think this could be a good opportunity for me to learn the basic again about ROP again and without a second thought, I took my favorite notebook, click the link and start learning(check it out in link ). The author also put some challenges about how to construct ROP exploitation in an ARM architecture to test our skills and in this post, I will show you how I approach these challenges. When you boot up the qemu emulator you can find the two binary in the challenges directory Note: Before you continue this post make sure you turn off ASLR mode in the QEMU emulator Challenge1: 1st approach(Without ROP)    At the first challenge, we got 32 bit ARM binary, not stripped and the PIE protection is on. Basically, PIE enables the program ...