Cyber-Security Researcher and Developer having interests in Application-Security, *nix based Systems, Android, Reverse Engineering and Programming; loves Command Line, FOSS. Read more..
Android phone as a Webcam on Linux
Learn how to set up a virtual webcam on Linux using your Android device’s cameras using scrcpy.
Breaking down Reverse shell commands
In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement. For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working. Note: I’ll be breaking down all of them, but not all at once....
HackTheBox - Photobomb
Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.
Merging AOSP Security Patches into Custom ROMs
Learn how Android Custom ROM developers merge AOSP security patches.
Primer on HTTP Security Headers
What are HTTP headers? HTTP headers are a list of key-value pairs which are sent along with HTTP requests and responses. Let us take an example with below request(left) and response(right): In the above snapshot, we can see that we have an HTTP request being sent to Host. Along with that request/response, we see Key:Value pairs, these are HTTP Headers. These look similar to YAML format. HTTP headers let the client and the server pass additional information with an HTTP request or response....