Published inInfoSec Write-upsSSL Pinning & AWS Certificate ManagerJust Another Tradeoff Between Security & Stability?May 19, 20217May 19, 20217
Published inInfoSec Write-upsLeakage of Sensitive Data Through Android WebviewsThe tale of identifying a vulnerability in the Android Webview component and obtaining CVE-2021–21136Feb 16, 2021301Feb 16, 2021301
Published inInfoSec Write-upsAre You Sure That You’re Not Leaking User’s Access Tokens To Third Parties?The story talks about the insecure implementation of OkHttp Interceptors in Android applications which might lead leakage of auth tokenJun 30, 20202171Jun 30, 20202171
Published inInfoSec Write-upsIs Your Organization Handling Secrets Securely?The Secrets of Avoiding Hardcoded SecretsMay 17, 202051May 17, 202051
Published inInfoSec Write-upsAPKEnum: A Python Utility For APK EnumerationA Simple Python Utility To Perform Passive Enumeration On Android BinariesMay 5, 202012May 5, 202012
Published inInfoSec Write-upsNSDetect: A Tool To Discover Potential AWS Domain TakeoversUtilities That Might Help You Earn/Save Few Hundred Thousand Dollars! 🤑May 3, 202046May 3, 202046
Published inInfoSec Write-upsThe Zaheck of Android Deep Links!In the current era of hybrid mobile architecture, the Webviews and Deep Links are extensively used hand in hand. The former one is used to…Apr 19, 202082Apr 19, 202082
Published inInfoSec Write-upsAndroid Key AttestationWhat the heck is Android Key Attestation?Jul 14, 2019542Jul 14, 2019542