Leveraging User Profiles for Smarter Password Attacks
November 24th, 2025 by Oleg Afonin
Most real-world passwords aren’t random – they follow the owner’s habits, preferences, and personal history. Names, birthdays, pets, team loyalties, and even old usernames affect how people build their “secret” strings. By turning this everyday information into structured, prioritized password candidates, analysts can reach higher success rates than with generic dictionaries or blind brute force. This article explains how to transform user data into a focused attack strategy.
Apple Strikes Back: the iPhone Cracking Challenge
May 11th, 2018 by Vladimir Katalov
We live in the era of mobile devices with full-disk encryption, dedicated security co-processors and multiple layers of security designed to prevent device exploitation. The recent generations of Apple mobile devices running iOS 10 and 11 are especially secure, effectively resisting experts’ efforts to extract evidence. Yet, several solutions are known to counter Apple’s security measures even in iOS 11 and even for the last-generation devices. It is not surprising that Apple comes up with counter measures to restrict the effectiveness and usability of such methods, particularly by disabling USB data connection in iOS 11.4 after prolonged inactivity periods (well, in fact it is still in question whether this feature will be available in new iOS version or not; it seems it is not ready yet, and may be delayed till iOS 12).
iOS 11.4 to Disable USB Port After 7 Days: What It Means for Mobile Forensics
May 8th, 2018 by Oleg Afonin
UPDATE June 2, 2018: USB Restricted Mode did not make it into iOS 11.4. However, in iOS 11.4.1 Beta USB Restricted Mode Has Arrived
Legal and Technical Implications of Chinese iCloud Operations
April 10th, 2018 by Vladimir Katalov
On February 28, 2018, Apple has officially moved its Chinese iCloud operations and encryption keys to China. The reaction to this move from the media was overwhelmingly negative. The Verge, The Guardian, Reuters, Wired, and CNN among other Western media outlets expressed their concerns about the Chinese government potentially violating the human rights of its citizens. Politics aside, we will review Apple policies governing the Chinese accounts, and look into the technical implementation of Chinese iCloud operations. Let us see if the fears are substantiated.
Demystifying Advanced Logical Acquisition
April 3rd, 2018 by Vladimir Katalov
We were attending the DFRWS EU forum in beautiful Florence, and held a workshop on iOS forensics. During the workshop, an attendee tweeted a photo of the first slide of our workshop, and the first response was from… one of our competitors. He said “Looking forward to the “Accessing a locked device” slide”. You can follow our conversation on Twitter, it is worth reading.
Google Services Blocked on Uncertified Devices
April 3rd, 2018 by Oleg Afonin
After testing waters for more than a year, Google has finally pulled the plug and began blocking access to Google Play services on uncertified devices. Why Google took this step, who is affected, and what it means for the end users? Let’s try to find out.
What’s Broken in iOS for iPhone X
March 28th, 2018 by Oleg Afonin
Apple’s latest and greatest iPhone, the iPhone X, received mixed reviews and sells slower than expected. While the high price of the new iPhone is a major factor influencing the slow sales, some of the negative points come from the device usability. The combination of design language, hardware and software interactions make using the new iPhone less than intuitive in many situations. In this article, we collected the list of utterly strange design decisions affecting the daily use of the iPhone X.
iPhone X Eye Strain: How to Stop OLED Flickering in Just Three Clicks
March 5th, 2018 by Oleg Afonin
The iPhone X uses a new (for Apple) display technology. For the first time ever, Apple went with an OLED display instead of the IPS panels used in all other iPhones. While OLED displays have numerous benefits such as the true blacks and wide color gamut, the majority of OLED displays (particularly those made by Samsung) tend to flicker. The flickering is particularly visible at low brightness levels, causing eyestrain and headaches to sensitive users. Very few users have the slightest idea of what’s going on, attributing these health issues to oversaturated colors, the oh-so-harmful blue light and anything but OLED flickering.
Breaking into iOS 11
February 20th, 2018 by Oleg Afonin
In the world of mobile forensics, physical acquisition is still the way to go. Providing significantly more information compared to logical extraction, physical acquisition can return sandboxed app data (even for apps that disabled backups), downloaded mail, Web browser cache, chat histories, comprehensive location history, system logs and much more.
Get iOS Shared Files without a Jailbreak
February 20th, 2018 by Vladimir Katalov
iOS is a locked down mobile operating system that does not allow its apps to directly access files in the file system. Unlike every other major mobile OS, iOS does not have a “shared” area in the file system to allow apps keep and share files with other apps. Yet, individual iOS apps are allowed to let the user access their files by using the file sharing mechanism.
Apple iCloud Keeps More Real-Time Data Than You Can Imagine
February 8th, 2018 by Oleg Afonin
Apple has a wonderfully integrated ecosystem. Apple computers, tablets and phones conveniently synchronize information such as passwords, Web browsing history, contacts and call logs across all of the user’s devices. This synchronization mechanism uses iCloud to sync and store information. The syncing mechanism works independently from iOS system backups that are also stored in iCloud (or iCloud Drive). As opposed to daily iCloud backups, synchronized data is updated and propagated across devices in almost real time. Extracting this information can be invaluable for investigations as it provides access to the most up to date information about the user, their activities and whereabouts.
