Tools One-click SSL-Pinning Bypass Setup One-Click Installer to setup an SSL-pinning bypass environment
PoC From Android Static Analysis to RCE on Prod This is a write-up of how a Remote Command Execution was found on an Internal server of the organisation through Static analysis of the Android app which was then leveraged to work on their Production server as well.
Bypassing Google Maps API Key Restrictions A unique approach to bypassing Google Maps API Key usage restrictions
PoC Exploiting JWT - Lack of Signature Verification Lack of JWT Signature verification leading to full account takeover
Tutorial Android Pentesting CheatSheet This post contains a list of commands which can be used with Drozer, a tool for pentesting Android applications. All of the commands have been taken from Mobile Application Hackers
Docker Exploiting Docker Registry This is a story of a Docker Registry which was exploited to get access to complete Filesystem.
