- https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
- https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
- https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
- https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
- https://www.hackingarticles.in/android-penetration-testing-frida/
- https://www.hackingarticles.in/android-pentest-lab-setup-adb-command-cheatsheet/
- https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
- https://www.hackingarticles.in/android-penetration-testing-drozer/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
responsible disclosure reward r=h:UK | |
site:*.*.nl intext:security report reward | |
inurl:responsible disclosure reward | |
inurl:responsible disclosure bounty | |
inurl:responsible disclosure swag | |
site:*.*.nl intext:responsible disclosure reward | |
responsible disclosure reward r=h:eu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
google dork -> site:.co.uk inurl:"responsible disclosure" | |
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
http://www.123contactform.com/security-acknowledgements.htm | |
https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
https://support.1password.com/security-assessments/ | |
https://www.23andme.com/security-report/ | |
https://www.abnamro.com/en/footer/responsible-disclosure.html | |
https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
https://www.accredible.com/white_hat/ | |
https://www.acquia.com/how-report-security-issue |
- checkra1n
- A7 - A10 devices (iPhone 5s - iPhone X), iOS 12.0+
- Dropbear SSH, port 44, root:alpine
- USB multiplexing daemon
usbmuxd
(available viabrew
) - Use
scp
to copy file to/from device
Forward remote (iDevice) port 44 (Dropbear SSH) to local (Mac) 2222
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Burp SSL Certificate on IOS 11 | |
On iOS 11 you can't just install your MITM root cert, you also need to explicitly trust it. | |
You can do this by: | |
Settings -> General -> About -> Certificate Trust Settings -> Flip the switch on your cert | |
---------------------------------------------------------------------------------------------------------------- | |
#GDB on IOS 11 | |
Source: https://shmoo419.github.io/ | |
gdb | |
ps -ax | grep -i appName | |
attach [processNo] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# # WRITE-UPS | |
https://www.softwaretestinghelp.com/html-injection-tutorial/ | |
HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute https://hackerone.com/reports/263226 | |
Html Injection and Possible XSS in sms-be-vip.twitter.com https://hackerone.com/reports/150179 | |
“I too like to live dangerously”, Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies https://thehackerblog.com/i-too-like-to-live-dangerously-accidentally-finding-rce-in-signal-desktop-via-html-injection-in-quoted-replies/index.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
How to setup Burp Suite inside a docker container. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "Online Subdomain Detect Script" | |
echo "Twitter => https://twitter.com/cihanmehmets" | |
echo "Github => https://github.com/cihanmehmet" | |
echo "CURL Subdomain Execute => curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s bing.com" | |
echo "██████████████████████████████████████████████████████████████████████████████████████████████████████████████" | |
if [[ $# -eq 0 ]] ; | |
then |
NewerOlder