ADVTOOLS will be at Hack In Paris 2012, from June 18th to June 20th, for a special training: iOS Applications - Attack and Defense, presented by Sebastien Andrivet. Learn the secrets of the iOS platform, how to attack iOS applications and how to correctly implement secure iPhone and iPad apps. This training will start with a short introduction about security concepts and iOS. It will be then highly practical: you will learn how to take the control of your iOS device, how to intercept communications, how to reverse engineer applications and find security defects. Then in the second part of the training, you will learn how to correctly implement secure iOS applications: what are the most common security mistakes and the corresponding solutions. The training will conclude with some advanced hacking techniques. All participants will have a chance to win an iPad by participating to a small contest at the end of this training.

Read more...

We were at HashDays 2011 (Lucerne) for two presentations.

Read more...

We were at Soft-Shake 2011, the cocktail of computing backgrounds: java, agility, Microsoft technologies and mobility. We present "Attacking iPhone and iPad applications".

Read more...

We have published on GitHub ADVsock2pipe, our tool to connect a TCP socket to a Windows named pipe. We have developped initially this tool to connect tcpdump running on an iPhone with Wireshark running on Windows 7 but it can be used in various situation. ADVsock2pipe is a free software released under GPLv3 licence.

Read more...

We were on June 17 at Hack In Paris for our presentation "Pentesting iPhone & iPad Applications". With live demonstrations of actual iPhone applications, we show some elements of this kind of penetration testing. Of course, due to time constrains, we talk only about some aspects. In particular, we talk only supercially about extracting and decrypting applications because it was already the subject of other presentations.

Read more...

Cryptool is a free, open-source e-learning application. It introduces users to the field of cryptography. Version 2 embeds a number of plugins but during penetration testing, we often need to URL-decode text. In order to use such decoding directly into Cryptool 2, we have created a small URLencode plugin.

Read more...

On February 17 2001, ADVTOOLS will be at the OWASP Chapter Meeting 2011 at Yverdon (HEIG-VD). We will present "0-days: the devil is in plug-ins": Content management systems like WordPress and Joomla! integrate some security features. But what about plug-ins, these extensions that are responsible of the success of these systems? Are they as sure as the system itself or can they be used as an vector of attack? This presentation will give some elements of answer thank to demonstrations and the presentation of some 0-days.

Read more...

Presentation of some attacks.

Read more...