-
Hack the Box Pinned Walkthrough
This is going to be a walkthrough of Pinned, which is another one of the mobile challenges from Hack the Box. This challenge is rated Easy, so I’m not expecting it to be too difficult. But first, let’s take a look at the challenge description: This app has stored my credentials and I can only Continue reading
-
Rooting an Android Device
I have made a lot of content on both this website and my YouTube channel about pentesting Android applications. A lot of that content has been made with an Android emulator in mind. If you are a beginner or don’t have the resources to get physical devices for testing purposes, an emulator can be very Continue reading
-
Hack the Box Don’t Overreact Walkthrough
In my last blog entry, I did a walkthrough of the Anchored challenge from Hack the Box. I’ve solved several of the mobile challenges from Hack the Box, so I thought I would post walkthroughs of any of the retired challenges that I have already solved. The next challenge that I am going to solve Continue reading
-
Hack the Box Anchored Walkthrough
If you aren’t familiar with Hack the Box, it is a great resource to learn and get practice hacking lots of different types of targets in a lab environment. It has several servers and machines that you can hack into, but it also has a Challenges section that is broken down into different categories with Continue reading
-
DIY Raspberry Pi Pico Stream Deck
In honor of Raspberry Pi recently announcing the new Raspberry Pi 5, I thought I would post a project that I built a couple years ago with a Raspberry Pi Pico. This project is a macro keypad built with a Raspberry Pi Pico running CircuitPython and a 3D printed enclosure and keycaps intended to act Continue reading
-
Patching an APK with Objection
Many years ago I was performing a security assessment on an Android application that had SSL pinning enabled. If you don’t already know, SSL pinning essentially allows an application to only trust valid certificates. If you want to learn more about SSL pinning, you can check out my previous blog entry. In that blog entry, Continue reading
-
Bypassing SSL Pinning with Frida
If you have attempted to test many mobile applications, you have probably been in the following situation. You have installed the app you’re trying to test, and you have your mobile device ready to use with Burp Suite. Perhaps you followed the instructions in my previous blog post here. After turning on your proxy settings Continue reading
-
Using Burp Suite with an Android Emulator
If you have ever tested a web application, Burp Suite was probably a key part of your toolkit, and it can be just as useful during mobile pentesting for testing the API endpoints that the mobile applications are using. Several years ago, using Burp Suite with an Android device was not much more complicated than Continue reading
-
Building an Android Emulator with Android Studio
When I first started learning about mobile pentesting, I did not have a lot of spare mobile devices that I could use for testing. If you fast forward to today, mobile application pentesting is now the primary focus of my career, and I have several Android and Apple devices scattered all over my office. Before Continue reading
