Thick Client Pentest Lab Setup: DVTA
Thick client applications are not new and have been around for many years and can be still easily found within a variety of organizations. Thick clients are majorly used across organizations for their...
View ArticleAndroid Penetration Testing: Frida
Introduction Frida is a dynamic instrumentation toolkit that is used by researchers to perform android hooking (intercepting IPC and modifying it to make a function perform the desired function). Frida...
View ArticleThick Client Pentest Lab Setup: DVTA (Part 2)
In the previous article, we have discussed the Lab setup of Thick Client: DVTA You can simply take a walkthrough by visiting here: – Thick Client Pentest Lab Setup: DVTA In this article, we are going...
View ArticleAndroid Penetration Testing: WebView Attacks
Introduction Initially, there was a time when only HTML used to display web pages. Then came JavaScript and along came dynamic pages. Further down the line, some person thought opening dynamic pages...
View ArticleExploiting Stored Cross-Site Scripting at Tenda AC5 AC1200
While testing Tenda AC5 AC1200 over at the Hacking Articles Research Lab, we uncovered several vulnerabilities in its latest firmware version V15.03.06.47_multi. Thereby in a heap of basic...
View ArticleAndroid Pentest: Deep Link Exploitation
Introduction to Deep Links In many scenarios an application needs to deal with web based URLs in order to authenticate users using Oauth login, create and transport session IDs and various other test...
View ArticleComprehensive Guide on Dirsearch
In this article, we will learn how we can use Dirsearch. It is a simple command-line tool designed to brute force directories and files in websites. Which is a Python-based command-line website...
View ArticleAndroid Hooking and SSLPinning using Objection Framework
Introduction Objection is runtime mobile exploration toolkit built on top of frida which is used in Android and iOS pentesting. We can use Objection to perform numerous functions like SSLPinning...
View ArticleAndroid Pentest Lab Setup & ADB Command Cheatsheet
Introduction To learn android pentest in a much handier way we’ll be setting up Android Pentest environment in our own system rather than conducting an experiment on a live device. It is to be noted...
View ArticleThick Client Penetration Testing: Information Gathering
In the previous article, we have discussed the reverse engineering of original DVTA application in the Lab setup of Thick Client: DVTA part 2 In this part, we are going to systematically pentesting the...
View ArticleAndroid Penetration Testing: Apk Reverse Engineering
Introduction Android reverse engineering refers to the process of decompiling the APK for the purpose of investigating the source code that is running in the background of an application. An attacker...
View ArticleWebDAV Penetration Testing
Hello Pentesters, today, in this article we are going to learn about the concept of WebDAV. We will also see how to set up the Web DAV server and configure a lab for Penetration Testing. Table of...
View ArticleComprehensive Guide on Dirsearch (Part 2)
This is the second instalment of our series comprehensive guide on dirsearch. In the first part of this series, we have discussed some basic command on dirsearch. If you haven’t checked the first part...
View ArticleAndroid Penetration Testing: APK Reversing (Part 2)
Introduction Android reverse engineering refers to the process of decompiling the APK for the purpose of investigating the source code that is running in the background of an application. In part 1...
View ArticleNmap for Pentester: Vulnerability Scan
Introduction Nmap Scripting Engine (NSE) has been one of the most efficient features of Nmap which lets users prepare and share their scripts to automate the numerous tasks that are involved in...
View ArticleAndroid Pentest: Automated Analysis using MobSF
Introduction MobSF is an open-source tool developed by Ajin Abraham that is used for automated analysis of an APK. This is a collection of tools that run under one interface, perform their own...
View ArticleFirefox for Pentester: Hacktool
It’s very hard for a bug bounty hunter or a web application pentester to remember all the codes or to search for different payloads by searching it over google. So, what if we can get all the payload...
View ArticleFile Transfer Cheatsheet: Windows and Linux
File transfer is considered to be one of the most important steps involved in Post Exploitation. So, today in this article we are going to highlight the several techniques which can be used by the...
View ArticleA Little Guide to SMB Enumeration
We will shine the light on the process or methodology for enumerating SMB services on the Target System/Server in this article. There are numerous tools and methods to perform enumeration, we will be...
View ArticleThick Client Penetration Testing: Traffic Analysis
Traffic analysis is one of the crucial parts of any successful penetration test. In this article, we’re going to discuss some of the different techniques that can be used to analyze thick client...
View Article