| Follow @lancinimarco

Reading time ~1 minute

Needle v1.0.0 released: new native agent and support for iOS 10

Today we release Needle v1.0.0, which provides a major overhaul of its core and the introduction of a new native agent, written entirely in Objective-C. The agent will allow needle to provide transparent support for iOS 10 (and future versions), and, over time, it will allow us to replace all dependencies required now (such as class-dump and keychain_dumper).

The agent is already available from download on Cydia, and its source code has been published on Github (https://github.com/mwrlabs/needle-agent).

A detailed description of the agent’s inner workings is available on the project wiki (https://github.com/mwrlabs/needle/wiki), alongside all the information needed to get up and running with the new version.

Release tags:

To stay updated, remember to also follow @mwrneedle on Twitter!

CHANGELOG: [1.0.0] - 2017-03-10

Added

  • [AGENT] Released Needle Agent
  • [CORE] iOS 10 Support
  • [CORE] Overhaul of the Core
  • [CORE] Possibility to disable modules if running incompatible version of iOS
  • [MODULE] Simple CLI Client (various/agent_client)
  • [MODULE] Frida Jailbreak Detection Bypass (dynamic/detection/script_jailbreak-detection-bypass.py) [from @HenryHoggard]
  • [MODULE] Frida Touch Id Bypass (hooking/frida/script_touch-id-bypass) [from @HenryHoggard]
  • [SUPPORT] Updated documentation

Fixed

  • [MODULE] Fix storage/data/keychain_dump_frida ACL Parsing [from @bernard-wagner]
  • [MODULE] Frida modules spawn app with Frida instead of UIOpen [from @HenryHoggard]
  • [MODULE] Frida enumerate methods performance enhancement [from @HenryHoggard]

Removed

  • [CORE] Dependencies superseded by the Needle Agent

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies, devops, and network security...  

Currently Working On

Currently, my areas of focus are two: cloud native tech and red teaming. Here is a short list of what I’m currently working on in my spare time.

  1. Cloud Native Tech
    • Cloud Security (AWS, Azure, GCP)
    • Container Security (docker, kubernetes)
      1. So I Heard You Want to Learn Kubernetes -- An attempt to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.
      2. My Arsenal of Cloud Native (Security) Tools -- A curated list of (security) tools that can help assessing the security of AWS, Docker, Kubernetes, and even Git repositories.
    • Infrastructure-as-Code (Consul, Vault, Packer, Terraform, Ansible)
      1. Docker + Consul + Vault: A Practical Guide -- How to use docker-compose to spin up a Vault instance backed by Consul.
      2. Offensive Infrastructure with Modern Technologies -- An N-part blog post series, to record my journey and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
  2. Red Teaming
    • Techniques
      1. Red Teaming Mind Map from The Hacker Playbook 3 -- A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
    • Tooling
      1. Offensive ELK -- Custom Elasticsearch setup, aiming to show how traditional defensive tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.
      2. GoScan -- An interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
      3. Robtex-Go -- A library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.
Continue reading