The tale of identifying a vulnerability in the Android Webview component and obtaining CVE-2021–21136 — Sometime back, while analyzing a security issue I thought of learning the behavior of few Webview APIs. During the research, I discovered that in a specific scenario Android webviews may leak sensitive data such as user’s auth tokens, API secrets, etc. to the third-party. The medium blog captures the technical…

The behaviour of retaining Auth headers by OkHttp during redirection — Are you an Android developer who is inclined towards security or an application security guy who’s keen to connect multiple dots to identify a cool security bug? Were you oblivious that OkHttp, the Friend of Android developers retains auth headers during redirection? If yes, then this story would be interesting…

The Secrets of Avoiding Hardcoded Secrets — I remember the early days of my application security journey where we used to identify hardcoded secrets in the backend code, in almost every source code review engagement and at that time I used to struggle a lot to come up with the best remediation considering the cost and overall…

A Simple Python Utility To Perform Passive Enumeration On Android Binaries — Reconnaissance is indeed the most critical and time-consuming phase of a penetration test. In this phase, we collect as much information as possible about the target. The more information we have, the more are the chances of successful exploitation. Over the past few years, I have had multiple experiences where…

Utilities That Might Help You Earn/Save Few Hundred Thousand Dollars! 🤑 — Introduction AWS is indeed a leading cloud platform and is widely used for various types of cloud services by tech giants such as Netflix, Airbnb, Lyft, Deliveroo, etc. In this story, I would be talking about the automated detection of AWS NS Takeover, a security issue related to the misconfiguration in…

In the current era of hybrid mobile architecture, the Webviews and Deep Links are extensively used hand in hand. The former one is used to deliver dynamic web content while the latter one is used to make the applications more interactive. In this story, we would be discussing the common…

From 101 to Detection and Exploitation! — I hope you would have heard of a conventional subdomain takeover because of a dangling CNAME entry. Recently while going through these amazing blogs( Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean and Subdomain Takeover: Going beyond CNAME) I got to know…

Friend of Security Engineers and Architects! — Android is leading the current era of mobility with more than 75% of the market share. Nowadays, mobile applications are not only used leisure purposes but are also used for the business critical operations wherein there is a huge flow of sensitive data. Although, Android supports the beautiful concept of…