some image that didn't load

Learning Android Pentesting: Mobile Hacking Lab Strings

Since that past few weeks, I’ve been going through the free Android Application Security course by Mobile Hacking Lab. I would recommend this to you if you are looking to get started with Android Application pentesting. They have great labs as well, which are excellent if you are looking to get your hands dirty. This blog is a writeup for one of their free labs - Strings. The goal of the lab is to retrieve a flag by finding the correct way to invoke an exported activity, which calls native C/C++ code. ...

September 11, 2024
some image that didn't load

Learning Android Pentesting: Mobile Hacking Lab ConfigEditor

Since that past few weeks, I’ve been going through the free Android Application Security course by Mobile Hacking Lab. I would recommend this to you if you are looking to get started with Android Application pentesting. They have great labs as well, which are excellent if you are looking to get your hands dirty. This blog is a writeup for one of their free labs - Config Editor. The goal of the lab is to achieve Remote Code Execution by exploiting vulnerabilities in a third party library. ...

July 30, 2024
some image that didn't load

Learning Android Pentesting: Part 0 - Getting Started

This month I decided to dive into Android application security, and learn how Android application pentests work. This blog is to help me record my progress. Android Architecture The Android Architecture consists of the following components: Linux Kernel: The foundation of the Android OS, providing core system services such as security, memory management, process management, and network stack. Hardware Abstraction Layer (HAL): Interface for hardware-specific services, enabling the Android OS to communicate with hardware components. Android Runtime (ART): Responsible for executing and managing applications, includes core libraries that provide most of the functionality available in the Java programming language. Native C/C++ Libraries: Libraries used by various components of the Android system and applications. Java API Framework: Provides APIs for building apps, including support for UI, media, graphics, and more. System Apps: Pre-installed apps that provide basic functionalities like calling, messaging, and web browsing. ...

July 1, 2024 · Prajyot Chemburkar
some image that didn't load

Github Runners Are Free Compute

Introduction Github offers hosted virtual machines to run workflows. The virtual machines contain an environment of tools, packages, and settings available for Github Actions to use. - GitHub Docs. Github Workflows are used by developers to automate a vast majority of tasks, like running tests, building their apps, creating releases and many other. All you need to do is create a workflow file, and Github will parse and run it as an action. ...

June 4, 2024 · Prajyot Chemburkar
some image that didn't load

The Plight of Unsanitized Function Calls

Introduction Tutanota is the world’s most secure email service, easy to use and private by design. You get fully encrypted calendars and contacts with all our personal and business email accounts. ~The Tutanota Website Debugging Setup Tutanota fortunately is open source. So all you have to do is download the application source, spin up vscode or any IDE of your liking and read away. Or you can use grep.app to look at its code, which is what I did in this case. ...

October 22, 2023 · Prajyot Chemburkar