On Cross-chain Bridges Security

Blockchain and distributed ledger technology in general has been gaining a lot of traction in the last few years. The technology moves from simple cryptocurrencies transfer to more complex applications with the rise of smart contracts. The blockchain ecosystem has been growing in many directions to keep up with the increasing needs. Introduction Nowadays, there … Continue reading On Cross-chain Bridges Security →

In-browser End-to-End Encryption: A myth?

End-to-End (E2EE, for short) is an emerging technology for privacy-preserving messaging and content sharing in mobile applications such as ProtonMail, WhatsApp, Telegram, Signal, etc. However, we start to see web applications that claim to have E2EE in the browser including ProtonMail, WhatsApp, Telegram, etc. In this blog post, we will explore these claims in more … Continue reading In-browser End-to-End Encryption: A myth? →

Analysis of Wiqaytna Application for COVID-19 Tracking

I spent some time today analyzing Wiqaytna application (Android Version) published by the Moroccan ministry of interior and I have some comments on the ongoing debate. So, regarding the process, first, I have downloaded the source code published on GitHub (https://github.com/Wiqaytna-app/wiqaytna_android/) and downloaded the APK for the version published in PlayStore then reverse engineered it … Continue reading Analysis of Wiqaytna Application for COVID-19 Tracking →

URLs Support Phishing Attacks by Design

I was reading some articles and watching a video of @LiveOverflow where he was talking about how hard it is to understand URI and then he mentioned a presentation of Orange where he explained how libraries of different programming languages parse URIs and this helped Orange to find many SSRF security issues in many big … Continue reading URLs Support Phishing Attacks by Design →

Overview of Malware Detection Approaches and Techniques

After more than a year without posting anything in this blog. I am currently doing research on malware for mobile and IoT devices. A malware is a malicious software. There are many types of malware like viruses, worms, ransomware, trojans, etc.... They differ depending on their specifications and how they operate. Viruses are codes that … Continue reading Overview of Malware Detection Approaches and Techniques →

Secure Coding Best Practices Checklist

I have been dealing with programmers and programs for a long time as a penetration tester and as a developer. I have been conducting many audits of web and mobile applications with different architectures. I made this checklist for developers to ensure the strict minimum of a "secure" code. I would like to share with … Continue reading Secure Coding Best Practices Checklist →

What you Should Know as a User about GDPR?

I am sure you received plenty of emails about the new regulation in the European Union called GDPR or General Data Protection Regulation. It is now recognised as law across the EU under 2016/679. The European Union is a leader in privacy and data protection of its citizens, and it pushes big companies to comply … Continue reading What you Should Know as a User about GDPR? →

Editorial of “Dehbi et ses amis” – Moroccan Olympiads of Informatics (Round 2)

Dehbi is my roommate and one of the best human beings I have met. He is graduating this semester, so he is the hero of this problem. This problem is the last problem in Moroccan Olympiads of Informatics Round 2, and it was solved during the contest once by walux. I would like to congratulate … Continue reading Editorial of “Dehbi et ses amis” – Moroccan Olympiads of Informatics (Round 2) →

Nidhal Guessoum: Islam, Science and The Next Phase Of Debates

The debate of Islam and Science involves multiple disciplines and multiple thinkers from different schools of thoughts. It is perceived from various angles from the perennialist philosophy with Sayyed Hossein Nasr to secular modernism with Pervez Hoodbhoy, to Islamic ethical science with Muhammad Abdus Salam, universalist science and the Islamization of knowledge with Ismail R. … Continue reading Nidhal Guessoum: Islam, Science and The Next Phase Of Debates →

How DDos can be used to make money?

I have been investigating the impact of the Memcached DDos Attacks which are largely used today against servers, especially after taking down Github by 1.7 Tbps DDos Attack which is the largest DDos Attack ever. Hackers use vulnerable Memcached servers to lunch a DDos attack to take down servers by sending forged UDP packets on … Continue reading How DDos can be used to make money? →