[EN] A-Z: GWTUpload - DoS

GWT is a Java web framework and GWTUpload is a library extending it with easier file upload. We found a vulnerability allowing to abuse the upload process and cause a denial-of-service of a web application.

Read More

[EN] A-Z: FreedroidRPG - save game

FreedroidRPG is an open source hack and slash game. In other words, it’s a Diablo clone available on Linux. I became interested in how the game handles untrusted user input, but as it’s a single player game supplying malicious input is limited. So I decided to analyze the parser of saved games and whether it may be somehow abused. I found a few memory corruption vulnerabilities and a way to execute arbitrary code.

Read More

[EN] LogicalTrust Named Top Cybersecurity Consultant

LogicalTrust is excited to announce our newest award: Top Cybersecurity Consultant! As a small firm located in Wroclaw, Poland with over 16 years of experience, we specialize in keeping your business and information safe (penetration tests, security audits, security awareness). Did you know that cybersecurity costs the global economy $2.9 million per minute? Don’t get stuck trying to take your identity back, contact us today!

Read More

[EN] A-Z: Documents - hacking web app inside iOS app

Documents is an iOS file manager app developed by Readdle. It has an HTTP server feature, which allows easy file transfer between the device and a computer in a local network. It’s also very interesting from the security perspective because we can expect a wider attack surface than in a typical mobile application. Running an HTTP server may expose the application to many kinds of web-related attacks.

Read More

[EN] A-Z: PrBoom-plus (part I)

PrBoom-plus is a Doom source port based on PrBoom (which itself is based on other projects). It supports Windows, Mac, Linux and BSD systems. As I’m a Doom fan by myself I decided to get PrBoom-plus and analyze it from security perspective.

Read More

[EN] A-Z: B - Pain in the as

What’s as?

as is a pretty standard assembler widely used in the UNIX world. Probably no further explanation is needed. It reads assembler code and produces compiled objects, no magic in here.

Read More

[EN] A-Z: A is for Alpine

A-Z project

Some time ago we got the idea to select projects alphabetically, pick a project for each letter from a to z and find at least one bug in it. We don’t have a strict plan, rules or deadlines. We treat it is a freestyle battle and we just test whatever we want to. Our goal is to try different approaches including many flavours of fuzzing, code review, static analysis, dynamic analysis, divination etc. We’re going to write not only about what worked for us, but also about our failures. We plan to issue posts on each letter randomly, so here’s the first post for the letter A!

Read More

[EN] BLE mobile application independent access

Bluetooth Low Energy (BLE) is a wireless standard, widely used to communicate Android and iOS mobile applications with devices of many kinds. These include home security, medical and other which may exchange sensitive data or perform sensitive operations. It’s critical to establish a secure communication using a proper pairing mode. However, despite the fact that MitM attacks will be prevented, the mobile device may be a weak link and expose the BLE peripheral to some sort of attack.

Read More

[PL] Smalidea - debugowanie aplikacji Android bez kodu źródłowego


Posiadając aplikację tylko w formie pliku APK, na przykład po zainstalowaniu jej z Google Play Store, niemożliwe jest debugowanie jej w standardowy sposób. Wynika to z braku dostępu do kodu źródłowego. APK zawiera jedynie bajtkod dla maszyny wirtualnej Dalvik i ART, przechowywany w plikach o rozszerzeniu dex.

Read More

[PL] Needle - analiza aplikacji mobilnych iOS


Needle wspomaga analizę bezpieczeństwa aplikacji na platformie iOS. Składa się z modułów, które korzystają z wielu dostępnych na tej platformie narzędzi, znacznie upraszczając pracę z nimi. Został stworzony przez MWRLabs, czyli twórców popularnego w androidowym środowisku Drozera. Podobnie jak Drozer, działa w architekturze klient - serwer. Uruchamiany na komputerze klient przesyła polecenia do serwera działającego na urządzeniu mobilnym.

Read More

[PL] Backdoor na Androida w oparciu o narzędzie Drozer


Zapoznamy się ze sposobem na stworzenie backdoora oraz umieszczenie go w dowolnej aplikacji na platformie Android. Będzie on wykorzystywał narzędzie Drozer, które służy przede wszystkim do testowania bezpieczeństwa mobilnych aplikacji. Drozer działa w architekturze klient-serwer, a my użyjemy jego dwóch komponentów:

  • Drozer (.deb albo Python .egg) - pełna wersja narzędzia, do zainstalowania na komputerze. Będzie pełnić rolę serwera, który posłuży do wydawania poleceń.
Read More

We invite you to contact us

through the following form:

By sending an inquiry you agree that the LogicalTrust Company can contact you (e-mail, telephone) and send you its offer.

LogicalTrust sp. z o.o.
sp. k.

al. Aleksandra Brücknera 25-43
51-411 Wrocław, Poland, EU

NIP: 8952177980
KRS: 0000713515