Guided Access Mode Bypass

As a penetration tester who specialises in mobile apps, I get good visibility of how the enterprise is adopting/using/misusing various iOS capabilities and MDM features. One trend I’ve seen increasingly, is the use of ‘Guided Access Mode‘ to lock down devices. Guided-Access Mode (GAM), for the unfamiliar, locks the device into a single app. It’s […]

Much Badoo About Nothing

This is just a short post about toying with the Badoo app for iOS, but also touches on something ever-so-slightly useful about testing the app-upgrade mechanisms of mobile apps. “Urghh more dating app hacking” I hear you say. I know, I know, this is getting old. At some point i’ll get a real hobby, I promise.

The Happn’ing

Years ago, one of the first posts I ever wrote was about my experience scripting a bot for the dating site OKCupid. It was just a PoC bashed together over a few beers with a friend. Since then (and becoming single) I’ve scripted bits and bobs for virtually every major dating site/app… its become a bit […]

Ready the Anti-BEAM Beam! Breaking the Virgin BEAM app in 12 minutes

I’ve been travelling on Virgin trains a lot recently and finally decided to take a look at their free movie-streaming app “BEAM”. Super-excited to  be about to watch Forest Gump on my journey, I found that whenever I hit play, the app’s custom video-player decided to freeze and eventually crash the app on my device of […]

SQL Injection using System Variables in MySQL

For BSides Manchester 2015, the UK pen-testing company aptly named ‘Pentest Ltd’ held a SQL injection challenge where the injection point required structuring the payload in a specific manner with MySQL voodoo to keep the payload under 90 characters, and bypass a basic WAF. I was fairly certain the lab could also be accomplished using MySQL variables, but […]

WordPress – CSRF>XSS>Shell>Profit.

I did a small penetration test in 2013/14 for a client’s WordPress site, which has since been my go-to anecdote for explaining the potential for XSS… probably because, to non-sec folk, what it achieved sounds amazing, although its really rather easy to explain how and why it worked. This is that anecdote…

The OkBot.py

For a while I was trying to do the whole online dating lark. I had some fun with it but the problem with a site like OkCupid (my poison of choice) is that you can never really tell how ‘well’ you are doing. Obviously you are doing well if you are meeting people and having fun […]