Dynamic Analysis

Question 1

What does PIE stand for?

Answer 1

Position Independent Executable

Question 2

What is Drozer?

Answer 2

Drozer is a client/server framework for evaluating and exploiting Android applications

• Monitors Inter-Process Communications IPC
• Formerly called Mercury Framework
• Runs in an emulator or physical device
• Does not require root

Question 3

What is Needle?

Answer 3

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so.

Question 4

What does IPA stand for?

Answer 4

iPhone Archive

Question 5

What is Smali?

Answer 5

Smali is an intermediate format disassembler designed to work with Android Dalvik executables (through the APK file).

Question 6

What is Dalvik?

Answer 6

Dalvik is a discontinued process virtual machine (VM) in Android operating system that executes applications written for Android.

Question 7

What is the seuccessor to Dalvik?

Answer 7

Android Runtime (ART)

Question 8

Name the framework that enables 3rd-party developers to make run-time patches to system functions on OS X?

Answer 8

Cydia Substrate

Question 9

Name a multi-platform runtime mobile exploration toolkit, powered by Frida?

Answer 9

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

Question 10

Name the secure storage mechanism in iOS?

Answer 10

Keychain

Question 11

Name the secure storage mechanism in Android?

Answer 11

Key Store

Question 12

iOS: Centralized Tool for conducting security assessments?

Answer 12

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so.

Question 13

What type of Needle module retreives static information from iOS applications?

Answer 13

Binary modules retrieve static information about installed iOS apps.

Question 14

What type of Needle module retreives dynamic information from iOS applications?

Answer 14

Needle Dynamic Modules retrieve dynamic information from a running iOS app.

Question 15

What does ASL stand for?

Answer 15

Apple System Log

Developers use the Apple System Log (ASL) to capture event information

Logging information should not contain sensitive information

Monitor ASL using ondeviceconsole or Xcode.

Question 16

What is SSL Kill Switch?

Answer 16

SSL Kill Switch is a blackbox tool designed disable SSL certificate validation, including certificate pinning within iOS apps. It works by overiding any delegate method, including certificate pinning routines.