Mobile Penetration Testing

Apple iOS General Guidance

Jailbreaking Before you start: You’ll need an Apple ID/ Apple Developer Account via and I believe that Impactor needs a full developer account at this point. unc0ver Jailbreak for iOS 11.0 – 12.2 Cydia Impactor: Unc0ver.ipa: Installing Unc0verMake sure you create a backup in iTunes and/or iCloud before doing this, just to be safe Steps: Using […]

Mobile Penetration Testing

Mobile App Testing 101

Rooting Android & Jailbreaking iOS Android ​​​​​​​It is recommended to use an android device to test the application. If you cannot get one, then you can use an Android VM. Alternatively, you can configure an Android device. There are lots of guides on the Internet to root an Android device. A guide for Google Pixel rooting […]

Network Attack Tools

Port Forwarding in RTS

Adding Additional Port Forwards During Existing Session A little trick to setup further port forwards within a current SSH session is to press “<shift> <enter> ~ c” simultaneously and then supply the relevant command. Setting Up Multiple RDP Connections On the AWS box (connecting to deployed Kali): Edit the AWS instance .ssh/config to set up […]


Mac Application Penetration Test

Trying to build a Mac Application Penetration Test Checklist…. How to Check if a macOS App is Notarized Version: macOS 11.7.1 You can check if a macOS application is notarized by using the spctl command-line utility. spctl evaluates if the system allows execution, installation, and other operations on files. The first example is an app […]

Web App Attack

JWT Attacks

JSON Web Token (JWT) is the proposed Internet standard, RFC 7519, for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed using a private secret or a public/private key. Let’s take a deeper dive into decoding and manipulating JWTs. This is a […]