Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within an Activity class in order …
Read more “Android Attack: JavaScript Interfaces and WebViews”
So in hindsight this title is a tad misleading, I’m definitely not suggesting to drop all your job responsibilities in a blink of an eye…! But rather evaluate your work/life balance to ensure you’re prioritising your mental health above all – as of course, you should always be your first priority. I’m writing this blog …
Read more “The Importance of Not Doing Work: Avoiding Burnout Part Two”
Estimated difficulty: 💜💜🤍🤍🤍 This post is going to walk you through how to reverse engineer an Android application that is built using React Native. It is more common to see applications being built using this mobile framework, as it supports the development of an app in both Android and iOS platforms. Let’s unpack this further! …
Read more “Android Attack: Reversing React Native Applications”
Estimated difficulty: 💜💜💜💜🤍 Welcome back readers! After a few months hiatus, the Queens are back in action and ready to blog to our heart’s content! This month’s blog we will be delving into the art of XXE injection, what it is, a few ways to exploit it, and the mitigation techniques used “IRL”. A huge …
Estimated difficulty: 💜🤍🤍🤍🤍 Recently I was studying for CRT. To help myself and others revise, I thought I would make this blog post on management protocols and some of their common weaknesses and vulnerabilities. This is a high-level overview of some of these protocols and how to exploit them. We will cover the following: SSH …
Estimated difficulty: 💜💜💜💜🤍 Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there are any constructive criticisms or feedback… Please let me know! This month we are covering the basics of stack smashing AKA stack-based buffer overflows, we’ll …
Estimated difficulty: 💚🤍🤍 If you are a newbie in security and want to start learning about Unix, then this is a great post for you. This will be a quick fire post on file permissions. What do they mean and some of the vulnerabilities you might spot out in the wild. What are file permissions? …
Estimated difficulty: 💜💜🤍🤍🤍 DNS (Domain Name System) zone transfers are used to help replicate databases across different domain servers, allowing administrators to modify or edit records easily by implementing the changes on one server and copying the changes to the others. Zone transfers are completed using the AXFR protocol, and are usually only authorised to …
Read more “Zoning Out: An Introduction to DNS Zone Transfers”
Estimated difficulty: 💜🤍🤍🤍 🤍 Welcome to the wonderful world of hardware. This blog post is a walkthrough of how to build a deauthenticator; a pocket-sized tool that you can create to kick a device off of a network (especially good to know for April fools, or if you just want to have some fun with …
Estimated difficulty: 💜💜🤍🤍🤍 It’s been a while since I’ve written about zoom hax, if you’re new to Security Queens – you can find my last blog post on hacking cars via. the Control Area Network (CAN) here. Instead of focusing on physical CAN bus hacking, this blog post will do a quick rundown of LiDAR …