Pentesting

If you perform penetration testing or reverse engineering on mobile apps, Frida is likely already in your toolkit. It’s the de-facto standard for dynamic instrumentation, letting us hook functions, trace execution, and modify behavior at runtime. But powerful as the CLI is, it has friction. managing long command strings, manually looking up package names, juggling PIDs, downloading scripts from Codeshare and pasting script snippets into the terminal can break your flow. I built Frida UI to bridge that gap, a minimal web-based interface that runs locally and gives you a visual dashboard for your instrumentation sessions. ...

In critical web apps (such as banking, finance, healthcare), payload encryption is often implemented to protect sensitive data during transmission. Most developers and product owners assume that encryption is secure and tend to apply it as a final foolproof fix to prevent tampering of data. Although encryption does add a layer of security, it is not always effective if not implemented correctly. This blog post explores common techniques used to break payload encryption in web applications. ...

Setting up a virtual lab for Android App security assessments.

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement. For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working. Note: I’ll be breaking down all of them, but not all at once. If you have any comments/feedback let me know in the comments section. ...