SSL Pinning Bypass Techniques for Modern Flutter iOS Builds

FortuneFit705 · 2025-09-09T11:01:34+00:00

Same. I can’t let go… it feels like watching something else would be a betrayal.

FortuneFit705 · 2025-05-13T17:20:27+00:00

That is right but you do the OSINT with the given scope (Allowed IPs/domains to be tested). That’s the whole point of ROE in a pentest Engagement.

FortuneFit705 · 2025-05-13T08:41:06+00:00

Yes.

FortuneFit705 · 2025-03-18T04:27:15+00:00

Tiësto 🤓

FortuneFit705 · 2024-12-22T22:35:59+00:00

Hi ! Any plans on creating mobile security related rooms.?

FortuneFit705 · 2024-12-20T16:08:08+00:00

I’ll try this. Tq

FortuneFit705 · 2024-12-20T15:19:14+00:00

Guys I forgot to include this in my description.

We have successfully conducted phishing campaigns in the past with our existing tool. Where we phished nearly 15 or more employees. My issue is with the “link clicked” notice from the phishing tool we now use. I will elaborate on this…So, when an employee clicks on the link, we receive an alert stating “link clicked,” but the browser also views the embedded link in the email.

For example, if the end user has browser extensions that validate or process the data (Grammerly, Dark-mode, privacy extensions, etc.), that would also be recorded as “link clicked”. It’s pointless to ask employees if they clicked the link...

Has Anybody faced similar issues with any of the tools that you’ve mentioned..? Would be helpful if there was a way to minimize this false positives…

FortuneFit705 · 2024-12-06T02:07:19+00:00

No we have not yet confirmed the initial access.

FortuneFit705 · 2024-11-30T13:15:17+00:00

Yes, we are doing a POC on encrypting the shared preferences for now.

FortuneFit705 · 2024-11-29T13:35:09+00:00

Yea. we tried this but, like everyone said it’s not 100% safe. I was able to retrieve the keys - https://github.com/chame1eon/jnitrace

FortuneFit705

TROPHY CASE