Android Attack: Malicious APK Walkthrough

Estimated difficulty: 💜💜💜🤍🤍 Why Android Attack? Because it sounds like Art Attack and it reminds me of my childhood. Much like the arty thing I used to do back then, in my mind, reversing Android malware is also similar to an art form. Yes things are more “black and white”; pardon the pun, but there …

Android Attack: Intro to Frida

Estimated difficulty: 💜💜💜🤍🤍 What is Frida? Frida is a potent tool used by reverse engineers to perform several different tasks. It is open source and once downloaded includes an extensive tool suite. These tools are: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. https://frida.re/ For this post, I wanted to walk through some basic …

Android Attack: JavaScript Interfaces and WebViews

Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within an Activity class in order …

Android Attack: Reversing React Native Applications

Estimated difficulty: 💜💜🤍🤍🤍 This post is going to walk you through how to reverse engineer an Android application that is built using React Native. It is more common to see applications being built using this mobile framework, as it supports the development of an app in both Android and iOS platforms. Let’s unpack this further! …

MOBster4: Insecure Authentication

Estimated difficulty: 💜💜💜💜🤍 We are continuing on our quest to conquer the OWASP Mobile Top 10, and if you have been following this series then congratulations, you have made it to M4: Insecure Authentication! This post is going to delve into the world of how mobile apps can use weak authentication methods and how an …

Liability: Insecure Data Storage

Estimated difficulty: 💜💜💜🤍🤍 Oh no, it’s another one from the MOBster series coming to get you! Hide… Run… Read with intrigue! This post is covering, M2: Insecure Data Storage, the second listing from the OWASP Top 10 Mobile Risks list. The last post in the MOBster series covered M1: Improper Platform Usage. Insecure data storage …

What’s that coming over the hill? Is it a MOBster, is it a MOBster!?

Estimated difficulty: 💜💜💜💜🤍 Welcome back to the MOBster series! The last post I published, covered the different aspects of an APK file – otherwise known as an app. This post I want to take some of these principles a step further and look at the possible effects of a misconfigured app! Following the guidelines of …