What is the Keychain?

Keychain is essentially the safest place on your phone in terms of storing data. It is used by developers to store passwords, certificates, identities, or other keys in many forms. It is quickly adopted and many developers already understand how important it is to keep the most sensitive data in a place that was made exactly for this purpose. As good as it sounds, this doesn’t mean that using a keychain makes your application 100% safe. (Not so) Commonly made mistakes during the development process like using a deprecated API or not updating the app for a long time may…


LPE in macOS
LPE in macOS

MacOS infrastructure

Apple devices have been present in the companies for a long time. Wherever there is a need to deploy iOS applications, testers and programmers have to use Macs. UX/UI designers and movie editors use Macs for apps that have only Apple versions. It is also worth noting that Macs are introduced to companies as the managers and directors want to use them as well. While Windows infrastructure in big companies is usually mature and well-tested, Macs infrastructure is usually no man’s land. After digging in some huge networks we observed a lot of ugly hacks and bad scripting exposing the…


Some time ago I got stuck in the USA because of the COVID-19. After coming back to Poland with the “evacuation flight” I had to undergo mandatory quarantine for 14 days. Every day the Polish Police was visiting me and checking if I’m sitting at home and don’t go outside. As we all expected it was a big overhead to the Police since they had to visit every day each quarantined person. My friends told me that I can install an official government app that reports my location everyday. After the installation, the user has to complete an everyday task…


Using iOS biometrics features like Touch ID and Face ID is a really convenient way to authenticate a user before performing sensitive actions. These actions, of course, depend on apps’ features. Usually, we test apps that use TouchID/FaceID to log in and to confirm financial actions (e.g. wire transfer). But, do these checks can be treated as 100% secure?

The answer is of course not. Biometrics checks are performed on your device, and like any others ‘client-side checks’ can be bypassed if attacker can control the application/device. In this blog post, I want to show you how easy that hack…


Security is a topic that should be considered also by iOS developers. Since the platform cannot be treated as 100% secure, devs and security division need to create a separate threat model for mobile applications.

For all the years when iOS exists, many different types of application vulnerabilities have been discovered. They can result in a real risk and should be covered at first! After it is done, in most cases, the fire has been extinguished.

However, if you are responsible for developing high risk application you will be probably interested in reaching a higher app resiliency. Before attackers…


Topic overview

During pentests performed by SecuRing we sometimes deal with applications that interact with hardware. Quite often they need custom drivers which may result in serious consequences. The biggest threats include the fact that drivers are usually run in a kernel space. That means not less than gaining root and full control of the victim’s machine when you take over the driver! For some people that may be obvious, since exploiting drivers is as old as the invention of SQL Injection.

Before the “Web server drivers” era, exploiting drivers on a machine was usually used for local privilege escalation. You needed…


Security awareness usually leads to hardening our machines, infrastructure, teaching others and generally improving our environment. We, both as private persons and employers buy software that we rely on. We trust WAF’s, network security software, anti-malware apps, but do we actually test them? Would you fully validate the input coming from trusted anti-malware software hosted on your server? The case that will be described here happened for real during the pentest that I performed with SecuRing team.

What Metadefender is?

OPSWAT Metadefender logo

Cloud-based data sanitization (Content Disarm & Reconstruction), vulnerability detection and multi-scanning with options for free and commercial users

So, Metadefender allows you to…


In this short blog post I will present you why alphanumeric password is much more secure than using biometrics. At my home, as a totally n00b, I was able to clone my finger that bypassed TouchID. To be honest in my case, effectiveness was about 10%-15% — but like I wrote before, it was my first time and I didn’t have any professional tools. Before I start, I want to credit Łukasz Bobrek & Paweł Kuryłowicz from SecuRing that showed me their research. These guys compiled the knowledge from iPhone 5s Touch ID hack in detail and much of time…


This is a write-up that summarizes a pratical part of the presentation that I gave on AppSec EU 2018 in London.


Quicklook is a super cool mechanism allowing you to quick check file contents without opening it in specialized application. When you press the space bar on for instance *xlsx file, you can see following preview without having MS Excel installed.

While reading *OS Internals Volume I (that I highly recommend btw) I stopped on Quicklook chapter. I found out that Quicklook registers com.apple.quicklook.ThumbnailsAgent XPC service that is responsible for creating thumbnails database and storing it in /var/folders/…/C/com.apple.QuickLook.thumbnailcache/ directory. It means that all photos that you have previewed using space (or Quicklook cached them independently) are stored in that directory as…

Wojciech Reguła

Web apps / iOS / macOS security & blogger — https://wojciechregula.blog

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store