I Click Therefore I Am – PixelCAPTCHA Demo App
TL; DR - Everyones hates CAPTCHAs! So do I. But I wrote a new one anyway :p. It's a visual CAPTCHA scheme that can be solved with 2-4 mouse clicks and is ...
I Click Therefore I Am – PixelCAPTCHA Demo App
TL; DR - Everyones hates CAPTCHAs! So do I. But I wrote a new one anyway :p. It's a visual CAPTCHA scheme that can be solved with 2-4 mouse clicks and is ...
Understanding ysoserial’s CommonsCollections1 exploit
Last year, ysoserial was released by frohoff and gebl. It is a fantastic piece of work. The tool provides options to generate several different types of serialized objects, which when deserialized, can result ...
Understanding ysoserial’s CommonsCollections1 exploit
Last year, ysoserial was released by frohoff and gebl. It is a fantastic piece of work. The tool provides options to generate several different types of serialized objects, which when deserialized, can result ...
Patching an Android Application to Bypass Custom Certificate Validation
One of the important tasks while performing mobile application security assessments is to be able to intercept the traffic (Man in The Middle, MiTM) between the mobile application and the server by ...
Patching an Android Application to Bypass Custom Certificate Validation
One of the important tasks while performing mobile application security assessments is to be able to intercept the traffic (Man in The Middle, MiTM) between the mobile application and the server by ...
Debugging Out a Client Certificate from an Android Process
I had setup my web proxy to intercept the Android application’s traffic, tested the proxy configuration with HTTPS based Android applications and the traffic interception worked like a charm. However, for the ...
Debugging Out a Client Certificate from an Android Process
I had setup my web proxy to intercept the Android application’s traffic, tested the proxy configuration with HTTPS based Android applications and the traffic interception worked like a charm. However, for the ...
Extracting RSAPrivateCrtKey and Certificates from an Android Process
An Android application that I assessed recently had extensive cryptographic controls to protect client-server communication and to secure its local storage. To top that, its source code was completely obfuscated. Combined, these ...
Extracting RSAPrivateCrtKey and Certificates from an Android Process
An Android application that I assessed recently had extensive cryptographic controls to protect client-server communication and to secure its local storage. To top that, its source code was completely obfuscated. Combined, these ...
