Unpacking Flutter hives

Intro When analyzing the security of mobile applications, it's important to verify that all data is stored securely (See OWASP MASVS-STORAGE-1). A recent engagement involved a Flutter app that uses the Isar/Hive framework to store data. The engagement was unfortunately blackbox, so we did not have access to any of the source code. This especially … Continue reading Unpacking Flutter hives →

Is the Google search bar enough to hack Belgian companies?

In this blog post, we will go over a technique called Google Dorking and demonstrate how it can be utilized to uncover severe security vulnerabilities in web applications hosted right here in Belgium, where NVISO was founded. The inspiration for this security research arose from the observation that many large organizations have fallen victim to … Continue reading Is the Google search bar enough to hack Belgian companies? →

Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating

In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64 app. I had a lot of fun reversing the app and in the process I learned a few cool new techniques which are discussed in this writeup. This is mostly a beginner guide which explains step-by-step how you … Continue reading Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating →

Malware-based attacks on ATMs – A summary

Introduction Today we will take a first look at malware-based attacks on ATMs in general, while future articles will go into more detail on the individual subtopics. ATMs have been robbed by criminal gangs around the world for decades. A successful approach since ~ 20 years is the use of highly flammable gas, which is … Continue reading Malware-based attacks on ATMs – A summary →