Android Attack: JavaScript Interfaces and WebViews

Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within an Activity class in order …

The Importance of Not Doing Work: Avoiding Burnout Part Two

So in hindsight this title is a tad misleading, I’m definitely not suggesting to drop all your job responsibilities in a blink of an eye…! But rather evaluate your work/life balance to ensure you’re prioritising your mental health above all – as of course, you should always be your first priority. I’m writing this blog …

Android Attack: Reversing React Native Applications

Estimated difficulty: 💜💜🤍🤍🤍 This post is going to walk you through how to reverse engineer an Android application that is built using React Native. It is more common to see applications being built using this mobile framework, as it supports the development of an app in both Android and iOS platforms. Let’s unpack this further! …

XXE Injection: To Entity and Beyond!

Estimated difficulty: 💜💜💜💜🤍 Welcome back readers! After a few months hiatus, the Queens are back in action and ready to blog to our heart’s content! This month’s blog we will be delving into the art of XXE injection, what it is, a few ways to exploit it, and the mitigation techniques used “IRL”. A huge …

Shh! Weaknesses In Remote Management Protocols

Estimated difficulty:  💜🤍🤍🤍🤍 Recently I was studying for CRT. To help myself and others revise, I thought I would make this blog post on management protocols and some of their common weaknesses and vulnerabilities. This is a high-level overview of some of these protocols and how to exploit them. We will cover the following: SSH …

Smashing Stacks and All the Hax

Estimated difficulty: 💜💜💜💜🤍 Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there are any constructive criticisms or feedback… Please let me know! This month we are covering the basics of stack smashing AKA stack-based buffer overflows, we’ll …

Zoning Out: An Introduction to DNS Zone Transfers

Estimated difficulty:  💜💜🤍🤍🤍 DNS (Domain Name System) zone transfers are used to help replicate databases across different domain servers, allowing administrators to modify or edit records easily by implementing the changes on one server and copying the changes to the others. Zone transfers are completed using the AXFR protocol, and are usually only authorised to …

Deauth Yourself: How to Build a Deauthenticator

Estimated difficulty:  💜🤍🤍🤍 🤍 Welcome to the wonderful world of hardware. This blog post is a walkthrough of how to build a deauthenticator; a pocket-sized tool that you can create to kick a device off of a network (especially good to know for April fools, or if you just want to have some fun with …

Light ’em Up: An Introduction to LiDAR

Estimated difficulty:  💜💜🤍🤍🤍 It’s been a while since I’ve written about zoom hax, if you’re new to Security Queens – you can find my last blog post on hacking cars via. the Control Area Network (CAN) here. Instead of focusing on physical CAN bus hacking, this blog post will do a quick rundown of LiDAR …