Collaborate Disseminate
Information security and privacy are consistently hot topics after Edward Snowden revelations of NSA’s global surveillance that brought the world’s attention towards data protection and encryption as never before.
Moreover, just days after Windows 1… Continue reading Subgraph OS — Secure Linux Operating System for Non-Technical Users
a class variable like this:
@property (strong, nonatomic) NSString *privateValue;
Can someone read the value of that variable while it´s in memory? I can´t find anything about this on the apple docs and I also lack the understanding.
Ca… Continue reading Can someone read a iOS class variable from outside the app?
Abstract
Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection. This relatively low profile sibling of server-side template injection can be combined with an Angular sandbox escap… Continue reading XSS without HTML: Client-Side Template Injection with AngularJS
Abstract
Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection. This relatively low profile sibling of server-side template injection can be combined with an Angular sandbox escap… Continue reading XSS without HTML: Client-Side Template Injection with AngularJS
I had a conversation with @anger32 who states that zeroing a physical memory page frame when passing the page backed by that frame to another process is not the responsibility of OSes like Windows and Linux (though they do th… Continue reading Reading physical memory frame previously owned by another process to read contents of its memory page
I have created a web application that among other things allows users to write, compile and execute code (Java, C#). The application creates a Docker container for every user where compilation and code execution takes place. I have taken t… Continue reading Docker as a sandbox for untrusted code
I’ve seen plenty of ink spilled by now about how Docker is not sufficiently isolated to allow arbitrary containers to be run in a multi-tenant environment, and that makes sense. “If it’s root in Docker, consider it root in the host machine… Continue reading What are the potential security problems running untrusted code in a Docker container as a non-root user?
I am relatively new to mobile application security. Currently I am supposed to audit an android application which uses a webview to display some static FAQ page in an activity.
The webview in question has javascriptenabled as true for so… Continue reading injecting javascript in webviews in Android
I am new to iOS so I do have only limited knowledge about iOS in general. For self learning purposes, I would like to know several things as I am quite confused after searching the web.
I do know that that there is a sandbox… Continue reading iOS: sandbox of an iphone app
It there a reliable method of “monitoring” system calls under Linux?
There is strace for example to monitor system calls and signals. Is there a way for a process to dodge out of strace? If yes, is there another reliable, se… Continue reading Monitoring system calls (in a reliable and secure way)