Tag Archives: pentest

Hacking with mobile devices PART IV (FINAL)



Collecting data at a remote site requires that we remove it somehow – if we have a continuous connection, such as a reverse shell, then we can collect the data real time. However, if we deposit our mobile device with the intention of concealing it for an extended period of time, then we need to worry about a few issues as follows:
1. Preventing discovery of our collected data while on-site
2. Providing concealment during the duration of the event
3. Extracting the data safely


If we use mobile devices to collect and transmit data, we should be selective in our choices of devices and ensure that they are capable of encrypting any data at rest or in motion. Earlier models of most mobile devices are incapable of full disk encryption, which puts the device and us at risk if discovered and forensically examined; we, therefore, need to look for devices that will allow us to keep our
activities secret or provide a mechanism for covering our tracks if discovered.

Data at Rest

The newer mobile devices claim to provide something similar to full disk encryption. Although the ability of these devices to be able to protect data against forensic analysis is questionable, the devices are getting better at addressing the security of data at rest. We can do a few additional tasks to encrypt data at rest on our mobile devices to increase our comfort level about our hacking data.
Naturally, we cannot encrypt scripts that we need to run during our collection or attack phases; however, once we have collected the data, we can encrypt the data using strong passwords. The program gpg is one method of securing a file through symmetric encryption. It is possible to encrypt a file with the GNU Privacy Guard (GNU PG) application, which can be installed on a jailbroken iPod touch.
Continue reading

Phone Pen Testing Tools without Jailbreaking


Although you can get almost any security tool imaginable if you jailbreak your iPhone, I was curious what was out there for non-jailbroken iPhones. Given that my iPhone is setup to be my primary home and work device, I don’t want risk jailbreaking it. I’ve searched around on iTunes and across the interwebs for anything we could find and below is a list of what I came up with so far. To make the list more manageable we’ve tried to categorise them per the ISSAF framework. If an app fell into more then one group, we placed it in the earliest phase. With some exceptions I also didn’t include ones that haven’t been updated in the last year.

Continue reading

Iphone as a pentesting device


Tested on the iPhone 4S running IOS 7 jailbroken by using evasion7

I wanted to talk about using a iDevice (ios 7)as a pen testing device . But first, why should I do that?

Well, first off ,
Its portable
Not noticeable
it looks cool
its pretty fast
IOS == Unix
It can easily be used with the pineapple
Let’s move on , so how do you make your iDevice into a pentesting device ?
First you need jailbreak your iDevice (eg ; Evasion7)
Continue reading

%d bloggers like this: