Introduction In the realm of web application security, Server-Side Template Injection (SSTI) stands as a formidable threat that can expose vulnerabilities in even the most well-constructed applications. This blog post delves into the mechanics of SSTI, its potential risks, and how developers can safeguard their applications against this security menace…. Read more »
Patching an iOS application with Frida involves injecting custom code into the application’s runtime to modify its behavior. Tools like Hopper, Ghidra, and others can typically be used to modify an application’s opcode and patch it but this is another topic. Demo In the upcoming demonstration, we will be patching… Read more »
Disclaimer This article does not give you permission to hack, tamper with, or alter any aspect of the application. I do not accept responsibility for any illicit activity you engage in. The bug was notified to those directly involved via the bugcrowd platform even if the latter did not give… Read more »
Installation on Jailbroken device The first step is to connect to the jb device via ssh after that execute the following commands: mkdir /opt export THEOS=/opt/theos git clone –recursive https://github.com/theos/theos.git $THEOS Download an SDK for your device and place it inside /opt/theos/sdks Hook an iOS app with Theos This demo… Read more »
There is an extension for VSCode called Frida Workbench.This plug-in links VSCode and Frida to provide various conveniences.From the introductory screen, you can see that there are several features, but the code autocomplete feature is the most useful.
Dear friends, today I will show you how to resolve the CyberHeroes challenge tryhackme. Let’s start with a service/port scan Initial scanning nmap -sC -sV -p- -Pn $IP It is evident that there is a web service running on port 80 after some dir busting the only interesting part is… Read more »
Hey everyone, I just wanted to let you know that I passed the OSCP exam with 100 points In just a few words, I would like to share my experience with you Background: Aside from my computer science degree, I also have a number of cyber security certifications, including… Read more »
Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 4. So first of all, we have to store some value For this exercise, we will use jadx and adb So what we will do is to analyze the… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Prime:1machine. Description This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam. This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP… Read more »
Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 2. For this exercise, we will use adb and db browser for sqlite. So first of all, we have to store some value After that we connected to our virtual… Read more »
Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 1. For this exercise, we will use adb, first at all fill the text fields after that connect adb to the device adb connect ip get a shell adb… Read more »
Hello, dear friends today I’ll show you how to resolve the CTF Uncrackable – Android Level1. First, we need to install the application in order to understand what it does and how it works adb install UnCrackable-Level1.apk mmm interesting there is a root detection, so now we will use jadx… Read more »
Hello dear friends and welcome back for another mobile security blog, today I’ll show you how to inject frida inside an ipa application. So for todo that we need to install some tools: iOS Deploy brew install node npm install -g ios-deploy If you want to know more about this… Read more »
Hello dear friends, and welcome back for another mobile application security blog, today I’ll show you how to bypass a login form with Frida. For this exercise, I did prepare an easy android Application that you can download from this link. After the download run the app on gennymotion emulator…. Read more »
Arachni è un web scanner molto potente, questo tool può essere eseguito sia nella modalità “web gui” che nella modalità “linea di comando” ed è reperibile qui. Modalità web gui Una volta scaricato ed estratto il tool, lanciamo il programma terminale e rechiamoci presso la cartella bin presente all’interno della cartella… Read more »