Agenda We sometimes do not receive an APK file or Play Store link to perform an Android Pentest. It could be necessary for us to install it using a invitation link supplied on the work email. ...
Privilege Escalation - Windows
Initial Enumeration System Enumeration systeminfo systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type" Extract Patching: wmic qfe wmic qfe get Caption,Description...
ios Pentesting - SSL Pinning on Flutter
Flutter application is proxy unware and we cannot redirect the traffic through WIFI proxy. In android, we can do it by ProxyDroid but, in iOS we need to do it through VPN. sudo wget https://...
Privilege Escalation - Linux
Initial Enumeration System Enumeration Enumerate the hostname: hostname Enumerate the kername info uname -a cat /proc/version cat /etc/issues Enumerate the arc...
Attacking and Defending AD
Attacking and Defending Active Directory Domain Enumeration Part 1 The enumeration can be done by using Native executables and .NET classes $ADClass = [System.DirectoryServices.ActiveDirector...
Ngnix Basics
Installation sudo apt install -y nginx Check an status sudo systemctl status nginx If active and running, navigate to http://localhost. Nginx Directory cd /etc/nginx All the config...
Active Directory Pentesting
Active Directory Pentesting Notes and Checklist AD Basics Domains Domains are used to group and manage objects in an organization An administrative boundary for applying polici...
iOS Pentesting
IOS Penetration Testing Contents 1. Setup 2. Cydia Configurations 3. SSH into Device 4. Extracting the IPA File 5. Decompile the IPA file 6. Check for Hardcoded and URL endpoints 7. Digging into...
Android Pentesting
Android Penetration Testing Contents 1. Setup and Decompile 2. Verify Signing 3. Check for Hardcoded and URL endpoints 4. Digging into AndroidManifest.xml File 5. Network 6. Storage 7. Analyze t...
Solving Cybergym CTF Lab1
Solving Cybergym CTF Lab1. This writeup describes the process carried out to solve the Cybergym Android CTF Lab1 with some mitigation techniques. The aim of this CTF is to retrieve the passcode ne...