Skip to the report: https://hackerone.com/reports/1372667 Background Basecamp (https://basecamp.com) provides an app which is used by businesses to store, share and collaborate either internally or with their clients. Generally, people belong to organisations, and they are able to share photos, videos, posts, and all sorts of other files through the platform. The vulnerability The…

The well discussed “fog of war” goes doubly for cyber space. By its nature, it is often opaque, difficult to attribute and prone to be both exaggerated and understated. With this in mind, this article is intended to provide a summary of what has been reported already, but is likely…

Today is the first release of a Jira plugin to allow firebase feature flags to be toggled from within a jira ticket! In this article I will be discussing how to use this plugin, and some suggestions for how it could fit into your work flow Tldr; download here https://marketplace.atlassian.com/apps/1227210?tab=overview&hosting=cloud Feature flags and CI / CD …

This is the second in a series of articles that looks at hacking & securing this app: GitHub - optiv/InsecureShop: An Intentionally designed Vulnerable Android Application built in… InsecureShop is an Android application that is designed to be intentionally vulnerable. The aim of creating this app is…github.com Hacking Let’s look at two very similar vulnerabilities; if we have a little look in AndroidManifest.

This is the first in a series of articles, we’re going to look at how to hack and then secure this app: GitHub - optiv/InsecureShop: An Intentionally designed Vulnerable Android Application built in… InsecureShop is an Android application that is designed to be intentionally vulnerable. The aim of creating this app is…github.com Attacking The first challenge is getting through the login screen: So let’s have a look in the code that’s to do with the login screen. We can see this:

And how to stop them — In the last few weeks, I’ve uncovered a number of issues in apps which I would describe as information leakage of private directory. Here’s what that means, and here’s how to stop it Intents to information leaking This can be quite a subtle bug and depends a lot on what your application does. …

Using safe to run to secure your Android apps from URL vulnerabilities — For full documentation on safe to run URL validation: https://safetorun.github.io/safe_to_run/docs/verifyurls Risks & Mitigations The risk from URLs are often subtle and hard to conclusively solve — the risks are prevalent any time that web connections or web pages are loaded from a source outside of your control. Let’s look at a few examples

When trying to attack an android application, attackers often try to circumvent some of the protections you’ve introduced into your app. For example, you might have a signature check added in order to prevent attackers from adding malware into your app and republishing it: https://safetorun.github.io/safe_to_run/docs/signature They might also reverse your…

What, why and how? — What? Emulator detection is the ability to tell when your application is running on an emulator rather than a real device, but why would you want to do this? Why? Reverse engineers, pentesters and hackers tend to like running your app on an emulator can be make it far easier reveal what…