Insecure Data Storage. This is the second of a series of articles about the most significant security risks lurking mobile applications. Per the OWASP Mobile Top 10 2016, the second...
Reverse engineering an Android application. This article shows how to reverse engineer an Android application, first by using d2j-dex2jar to convert the .dex file into .class files within a compressed...
Dumping and analyzing application memory. Here we will see how to dump the memory for an Android application using the Android Device Monitor, after the memory is dumped, it is...
Viewing and analyzing Android logs. In this article we will see what the Android log is, what is it used for, what are the different logging levels and what security...
Inject a meterpreter payload. This video shows how to manually inject a meterpreter payload into an Android application. With this method, once you get the victim to install the infected...
Exploit Android backup. Here, we will see how to exploit an Android application that allows to be backed up, this is achieved when the application has the allowBackup flag set...
Improper Platform Usage. This is the first in a series of articles about the most significant security risks lurking mobile applications, as defined on the OWASP Mobile Top 10 in...
A debuggable Android application could allow an attacker to access to sensitive information, control the application flow and even gain code execution in the context of the debugged application. For...
This article describes basic steps to setup, install and use the drozer framework to identify possible vulnerabilities on Android-based applications during pentesting. The drozer framework[1] comes in two parts, the...
Recent Comments