[~]$ whoami

Cyber-Security Researcher and Developer having interests in Application-Security, *nix based Systems, Android, Reverse Engineering and Programming; loves Command Line, FOSS. Read more..

  • Link Tree - Links to all my social media profiles.
  • RSS Feed - Subscribe to this blog using RSS aggregators.
  • Reach out to me at contact[at]adityatelange[dot]in if you have any questions/suggestions.

Android App Security Testing Lab with MobSleuth

Setting up a virtual lab for Android App security assessments.

June 16, 2024 · 3 min · Aditya Telange

Android phone as a Webcam on Linux

Learn how to set up a virtual webcam on Linux using your Android device’s cameras using scrcpy.

February 17, 2024 · 3 min · Aditya Telange

Breaking down Reverse shell commands

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement. For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working. Note: I’ll be breaking down all of them, but not all at once....

May 7, 2023 · 5 min · Aditya Telange

HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange

Merging AOSP Security Patches into Custom ROMs

Learn how Android Custom ROM developers merge AOSP security patches.

January 28, 2023 · 3 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.