Published inInfoSec Write-upsSSL Pinning & AWS Certificate ManagerJust Another Tradeoff Between Security & Stability?May 19, 2021May 19, 2021
Published inInfoSec Write-upsLeakage of Sensitive Data Through Android WebviewsThe tale of identifying a vulnerability in the Android Webview component and obtaining CVE-2021–21136Feb 16, 20211Feb 16, 20211
Published inInfoSec Write-upsAre You Sure That You’re Not Leaking User’s Access Tokens To Third Parties?The story talks about the insecure implementation of OkHttp Interceptors in Android applications which might lead leakage of auth tokenJun 30, 20201Jun 30, 20201
Published inInfoSec Write-upsIs Your Organization Handling Secrets Securely?The Secrets of Avoiding Hardcoded SecretsMay 17, 2020May 17, 2020
Published inInfoSec Write-upsAPKEnum: A Python Utility For APK EnumerationA Simple Python Utility To Perform Passive Enumeration On Android BinariesMay 5, 2020May 5, 2020
Published inInfoSec Write-upsNSDetect: A Tool To Discover Potential AWS Domain TakeoversUtilities That Might Help You Earn/Save Few Hundred Thousand Dollars! 🤑May 3, 2020May 3, 2020
Published inInfoSec Write-upsThe Zaheck of Android Deep Links!In the current era of hybrid mobile architecture, the Webviews and Deep Links are extensively used hand in hand. The former one is used to…Apr 19, 2020Apr 19, 2020
Published inInfoSec Write-upsAndroid Key AttestationWhat the heck is Android Key Attestation?Jul 14, 20192Jul 14, 20192