Building a New Password Generator

Password generators are client-based systems which automatically generate passwords for user authentication to websites.  They are analogous to password managers, except that the passwords are never actually stored anywhere.  A number of proposals for such schemes exist – perhaps the best known is called PwdHash (see https://www.pwdhash.com/).  Some of these schemes have been implemented – … full description “Building a New Password Generator”

[Taken] Detecting broken security in hybrid Android apps

Many modern Android applications make use of a webview – a component providing easy access to the rendering engine and JavaScript interpreter of a full browser. The content shown by a webview can be loaded from a local resource or a remote server via HTTP and integrates seamlessly with the app. Webviews are popular with developers, … full description “[Taken] Detecting broken security in hybrid Android apps”

[Taken] Disassembling x86 binaries for static analysis and reverse engineering

The Jakstab static analyser for binaries automatically disassembles x86 binaries for Windows or Linux and reconstructs a control flow graph. It is particularly effective on targets that have been obfuscated with various tricks that throw off regular disassemblers such as IDA Pro. Jakstab disassembles one instruction at a time, translates it into an intermediate language, and then … full description “[Taken] Disassembling x86 binaries for static analysis and reverse engineering”

[Taken] Predicting Debug Symbols for Closed Source Binaries

Reverse engineering binaries, whether malicious or benign, is made more difficult by the absence of debug information. Variables and functions have had their identifiers “stripped”, so reverse engineers have to manually name them during analysis based on human understanding of the code functionality. The goal of this project is to use machine learning to predict … full description “[Taken] Predicting Debug Symbols for Closed Source Binaries”