Blog posts

This article examines how the misconfigured get-task-allow entitlement in macOS apps enables code injection and TCC bypass. It builds on large-scale testing of notarized applications and highlights the risks of weakened security boundaries.

From phreaking roots to cutting-edge research, Phrack has always been a space where hackers teach hackers. Forty years on, the mission hasn’t changed—it’s only grown stronger. This article dives into Phrack Magazine’s remarkable journey and its milestone 40th anniversary. From its beginnings in the 80s underground to its global presence today, we’ll look at how Phrack shaped hacker culture, what the latest issue means for the community, and how contributors—past and present—continue to keep the signal alive.

Desktop application security lacked unified standards—until now. DASVS provides a structured approach to securing Windows, macOS, and Linux applications with clear verification levels and technical security controls. Our roadmap includes the Desktop Application Security Testing Guide (DASTG) and an automated security assessment tool. Join the community and help shape the future of desktop security!

Are you testing desktop app security and need to know what process to follow? That’s what this desktop application security testing checklist is for. Desktop applications are fundamentally different from web and mobile apps – and those differences create unique security challenges. Web applications run mostly server-side, behind your firewalls and security controls. The browser […]

Thick-client penetration testing is a critical gap in most enterprise security programs. Banking software, trading platforms, healthcare systems, and manufacturing tools – these desktop applications handle your organization’s most sensitive data and critical operations. But when was the last time you actually tested their security? If you’re relying on the same penetration testing approach you […]

SAP GUI scripting automation guide: Python + Windows API for security testing. Includes practical examples of transaction validation and control extraction for penetration testers.

Invoker is a Burp Suite extension that automates external tools like dosfiner, sqlmap, nuclei, or ffuf, bridging the gap between captured requests and CLI commands.

VoIP is transforming business communication with flexibility and cost savings. However, its reliance on the internet brings cybersecurity risks. Discover how VoIP works, common threats, and the role of penetration testers in protecting organizations.

How broken access and Null Pointer Dereference was found in macOS IOMobileFramebuffer (AppleCLCD2) service.

TCC on macOS isn’t just an annoying prompt—it’s the last line of defense between malware and your private data. This article breaks down how TCC works, why third-party developers must take bypass vulnerabilities seriously, and how seemingly minor flaws can open the door to real-world attacks. Written from the perspective of both attacker and defender, it’s a must-read for app developers and security researchers alike.