Publications

July 2013, Digital Whisper, issue #44 (Hebrew)

The Danger of HTML Files () by Israel Chorzevski

April 2013, presentation at HITB SecConf Amsterdam (English)

iNalyzer - No More iOS Blackbox Assessments () by Chilik Tamir

November 2012, Whitepaper (English)

Introduction to Advanced Data Security Analysis in iOS Application Using iNalyzer () by Chilik Tamir

November 2012, Digital Whisper, issue #37 (Hebrew)

Introduction to Advanced Data Security Analysis in iOS Application Using iNalyzer () by Chilik Tamir

Virus Monthly Pass () by Shackrack

September 2012, Digital Whisper, issue #35 (Hebrew)

SSL Weakness' () by Israel Chorzevski

September 2012, AppSec Labs website

iNalyzer by Chilik Tamir

AppSec Labs iNalyzer is a framework for manipulating iOS applications, tampering with parameters and methods; no sources needed! AppSec Labs iNalyzer targets closed applications, turning a painful Black Box into an automatic Gray-Box effort.

August 2012, AppSec Labs website

SSL Vulnerabilities Analyzer by Israel Chorzevski

The SSL Vulnerabilities Analyzer is designed for website owners and security testers. The tool takes a domain and/or IP address, tests the encryptions and algorithms supported by them and analyzes the results in a graphic form, reporting problematic encryption methods.

July 2012, AppSec Labs website

AppUse by Erez Metula & Chilik Tamir

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs.

May 2012, AppSec Labs website

BELCH 1.0.13 by Chilik Tamir

Belch is a binary protocol pen-testing tool. It is used to aid in automation of testing AMF and Java-Serialization applications.

Belch performs on the fly transformation of binary data to human readable XML format. It was tested successfully against AMF version 3 and Java Serialization applications. Belch can be used as a translation peer for any Automatic scanner integrating automatic testing to the binary communication. Belch has been tested with various scanners such as BurpSuite, Accunetix, AppScan, Sqlmap etc.

July 2011, Hackin9 EXTRA, p.22-27

MANAGED CODE ROOTKITS () by Erez Metula

This article provides an introduction to the concept of Managed Code Rootkits (MCR) – application level rootkits implemented at VM runtime level, as described in the book Managed Code Rootkits, authored by Erez Metula, by Syngress Publish

January 2011, Digital Whisper, issue #16 (Hebrew)

MANAGED CODE ROOTKITS () by Erez Metula

June 2010, SQLMAP automatic SQL injection and database takeover tool

SOAP and Web-Services Patch for sqlmap by Chilik Tamir

Patch for SQLmap that enables it to scan web-services

March 2010, Packet Storm

Lenovo Privilege Escalation by Chilik Tamir

Lenovo laptops running the Hotkey Driver and Access Connections software versions 5.33 and below suffer from a privilege escalation vulnerability. Full exploitation details provided.

March 2009, whitepaper

.NET Framework Rootkits: Backdoors inside your framework () by Erez Metula

* Name:
* Email:
* Phone:
Company:

Application Security

Research

Our Latest Tools

New Tool Launch - Belch 1.0.13

Check it out!! (click here)

New Android Penetration Testing Platform-

Our Books

Managed Code Rootkits

by Erez Metula

Contact Us

You are here