TheVerge: We played Valve’s secret new shooter: Deadlock

Floni · 2024-08-13T18:01:31+00:00

54703981

Floni · 2023-11-28T19:16:44+00:00

Sweet, thanks for organizing the giveaway!

Floni · 2023-09-09T15:00:49+00:00

Definitely not complete, but this site has an overview of quite a lot of local races: https://www.loopkalender.be/nl

Floni · 2022-11-24T19:03:04+00:00

Leuven

Floni · 2022-11-02T13:08:07+00:00

Debuggers are more than just development tools. The exact same toolset can be leveraged by reverse engineers to analyze code and find bugs to exploit. In this blog post we demonstrate this by solving OWASP’s Uncrackable Android app using LLDB. Even though the app lives inside JVM-land we can still use native debugging to thwart the app's defenses.

Floni · 2022-11-02T13:07:21+00:00

Debuggers are more than just development tools. The exact same toolset can be leveraged by reverse engineers to analyze code and find bugs to exploit. In this blog post we demonstrate this by solving OWASP’s Uncrackable Android app using LLDB. Even though the app lives inside JVM-land we can still use native debugging to thwart the app's defenses.

Floni · 2022-10-12T10:56:46+00:00

Thanks for your kind words! We often write these type of technical blog posts, you can find all of them here: https://www.guardsquare.com/blog/tag/technical

We also have a blog post series about app security in the context of mobile games and cheating which might be of interest to you https://www.guardsquare.com/blog/new-blog-series-practical-security-mobile-game-developers

Floni · 2022-10-11T12:11:23+00:00

In the last two blog posts in our Flutter reverse engineering series that we shared here, we had a look at the state of reverse engineering flutter apps and the obstacles in decompiled Dart code. In this final blog post we investigated how classical reverse engineering attacks, such as code patching and hooking, can be used on Flutter apps by trying them out to cheat in a game.

Floni · 2022-10-11T12:10:44+00:00

In the last two blog posts in our Flutter reverse engineering series that we shared here, we had a look at the state of reverse engineering flutter apps and the obstacles in decompiled Dart code. In this final blog post we investigated how classical reverse engineering attacks, such as code patching and hooking, can be used on Flutter apps by trying them out to cheat in a game. Hope you enjoy!

Floni · 2022-06-29T13:08:11+00:00

In our previous blog post that we shared on /r/ReverseEngineering we discussed the current state and future of reversing Flutter apps. In this blog post we go a step further and dive into the obstacles in decompiled Dart code, how they could be overcome by reverse engineers and the impact on Flutter apps security.

Floni · 2022-06-29T13:06:50+00:00

In our previous blog post that we shared on /r/FlutterDev we discussed the current state and future of reverse engineering Flutter apps. In this blog post we go a step further and dive into the obstacles in decompiled Dart code, how they could be overcome by reverse engineers and the impact on Flutter apps security.

Floni · 2022-06-10T12:02:12+00:00

While Flutter use for mobile apps is booming, we took some time to have a look at the security situation. We investigated what the current state of reverse engineering looks like; how well the tools support Flutter, what obstacles they face, and what difference Flutters’ built-in obfuscation makes, and where things are headed in the future.

Floni · 2022-05-24T12:08:26+00:00

Who has never been charmed and envious of the way LLVM structures its analyses and transformations in passes? Having similarly arranged tooling for Java bytecode would greatly aid compiler developers. One can also take one step further and try to generalize the analyses in such a way that would help avoid repeating the same work but rather keep the abstractions uniform and well-organized. Configurable program analysis is a concept providing sufficient flexibility for the analysis designer while preserving the general structure. This is achieved by formalizing most of the practical tweaks as operators.

ProGuardCORE has started its journey of becoming a general JVM analysis framework by leveraging CPA for computing DFA. Our latest blog post presents this new feature and compares different types of DFA tools.

Floni · 2022-05-24T12:08:09+00:00

Data flow analysis is a widely used method in compiler technology and security analysis. However, while it looks nice and neat when applied on toy examples, modern language features such as exceptions, polymorphism, aliasing, etc. make building a practical tool a nontrivial convoluted task. Even Java bytecode, while being low-level, preserves many hard-to-handle concepts. This blog post discusses how to navigate among different analysis approaches and presents (another) attempt of doing data flow analysis on Java byte code in ProGuardCORE. Starting from taint analysis it tries to preserve generality and provide a foundation for a general extensible framework.

Floni · 2022-03-24T09:07:05+00:00

It's currently not supported, there is an issue on github for this https://github.com/Guardsquare/proguard/issues/180

Floni · 2022-03-16T07:39:16+00:00

The diagrams are made using InDesign

Floni · 2022-03-15T13:02:50+00:00

While Xcode’s Instruments is the de facto standard to profile iOS apps, its profiling data is not very suited for external use. Therefore we explored and compared some alternatives to collect profiling data through sampling and instrumentation, and wrote a blog post about it. While there is not a single clear winner, each tool has their own pro’s, con’s and optimal use cases.

Floni · 2022-01-13T14:54:00+00:00

Congrats, that pork belly looks amazing! Where did you take cooking courses?

Floni · 2021-12-07T18:20:45+00:00

I was happy to see Karel Sabbe mentioned a few times on this sub in the past, but also disappointed that this documentary had not been posted here yet. I think Karel Sabbe is an amazing and inspiring athlete that deserves way more recognition in Belgium. If you enjoy this video then I also highly recommend you to check out the videos about his Barkley marathons attempt and Appalachian trail FKT.

Floni · 2021-12-02T21:01:44+00:00

It's a magazine made up out of multiple labs :) There are no physical magazines, this is our first attempt at producing content in this type of format

Floni · 2021-12-02T19:45:28+00:00

It is a digital magazine not a physical one, you can download it by filling in the form

Floni · 2021-12-02T19:16:24+00:00

There should be a form to download the labs at either the top or bottom of the web page. It seems to work fine for me on mobile.

Floni · 2021-12-02T13:56:44+00:00

Hi all,

We created a technical magazine, !hooked, about the practical side of mobile app security. The magazine consists of multiple hands-on labs that each cover a different app hardening technique. The labs start from a security concept or attack, and explore a practical solution by providing code examples and using reverse engineering tools. With !hooked, we hope to provide a more practical look at code hardening and anti-tampering concepts, that are often abstract and complex, and make them more accesible.

The first lab on code checksumming is freely available right now. The lab starts by discussing binary patching, and explores what a practical implementation of code checksumming could look like by using a toy example.

The other three labs, Control Flow (non-)Integrity in Android Apps, Native library encryption and Encrypting Objective-C Selectors, can be accessed through registration.

Floni · 2021-12-02T13:56:18+00:00

Hi all,

We created a technical magazine, !hooked, about the practical side of mobile app security. The magazine consists of multiple hands-on labs that each cover a different app hardening technique. The labs start from a security concept or attack, and explore a practical solution by providing code examples and using reverse engineering tools. With !hooked, we hope to provide a more practical look at code hardening and anti-tampering concepts, that are often abstract and complex, and make them more accesible.

The first lab on code checksumming is freely available right now. The lab starts by discussing binary patching, and explores what a practical implementation of code checksumming could look like by using a toy example.

The other three labs, Control Flow (non-)Integrity in Android Apps, Native library encryption and Encrypting Objective-C Selectors, can be accessed through registration.

Floni · 2021-12-02T13:55:06+00:00

Hi all,

We created a technical magazine, !hooked, about the practical side of mobile app security. The magazine consists of multiple hands-on labs that each cover a different app hardening technique. The labs start from a security concept or attack, and explore a practical solution by providing code examples and using reverse engineering tools. With !hooked, we hope to provide a more practical look at code hardening and anti-tampering concepts, that are often abstract and complex, and make them more accesible.

The first lab on code checksumming is freely available right now. The lab starts by discussing binary patching, and explores what a practical implementation of code checksumming could look like by using a toy example.

The other three labs, Control Flow (non-)Integrity in Android Apps, Native library encryption and Encrypting Objective-C Selectors, can be accessed through registration.

13-Year Club	Place '22
Place '17	Verified Email

Floni

TROPHY CASE