877.791.9571 |

About the Author:

Srinivas is an Information Security Professional with interest in penetration testing of web applications and mobile applications. He is currently a security researcher at Infosec Institute. His blog is located at - http://www.androidpentesting.com Email: srini0x00@gmail.com
App-Inventor-for-Android-Code

Android Hacking and Security, Part 17: Cracking Android App Binaries

In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the app […]

cryptography01232014

Android Hacking and Security, Part 16: Broken Cryptography

Introduction
In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in […]

android-security-sized

Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques

In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are […]

android-security-sized

Android Hacking and Security, Part 14: Examining Android App Specific Data on Non-Rooted Devices

In all of our previous articles so far in this series, we discussed all the examples only on rooted devices and emulators. Generally, there are people who argue that […]

android-app-security02172014

Android Hacking and Security, Part 13: Introduction to Drozer

We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like […]

Shellshock-10312014

Practical Shellshock Exploitation – Part 2

Topics Covered

Background
Prerequisites

Configuring SSH server

Adding a new user
Creating authorized keys for a specific client
Adding authorized keys to the SSH server
Logging in using authorized keys

The exploit
Configuring Apache server to make it […]

Shell-Exploit10312014

Practical Shellshock Exploitation – Part 1

Topics Covered

Introduction
What is Shellshock?
When can it be exploited?
How to check if you are vulnerable
Checking your bash version
Running the fancy one-liner on your terminal
Technical insights of Shellshock
The basics of bash […]

Android-02112013

Getting Started with Android Forensics

This article introduces Android forensics and the techniques used to perform Android forensic investigations. We will discuss Android file systems, data acquisition, analysis, and various tools available for Android […]

fig1-08052014

Android Hacking and Security, Part 12: Securing Shared Preferences with Third Party Libraries

In one of the previous articles, we have seen how developers implement Shared Preferences in Android applications. We have also seen how one can compromise the sensitive data stored […]

Introspy08042014

Android Hacking and Security, Part 11: Blackbox Assessments with Introspy

This article explains how to start performing black box assessments on Android applications using Introspy. Introspy is one of the important tools in an Android pentester’s arsenal.

As per their […]

App-Inventor-for-Android-Code

Android Hacking and Security, Part 10: Insecure Local Storage

In the previous article, we discussed shared preferences and its security under local data storage. In this article, we will discuss other storage methods being used by Android developers.
Fill […]

android-app-security02172014

Android Hacking and Security, Part 9: Insecure Local Storage: Shared Preferences

In the previous article, we discussed the common techniques of how application developers check for a rooted device and then how an attacker can bypass some of the techniques […]

android-app-security02172014

Android Hacking and Security, Part 8: Root Detection and Evasion

In this article, we will look at the techniques being used by Android developers to detect if a device on which the app is running is rooted or not. […]

android-app-security02172014

Android Hacking and Security, Part 7: Attacks on Android WebViews

In this series of articles so far, we have discussed various techniques to identify and exploit vulnerabilities in Android applications. In the previous article, we have seen how to […]

crack-me05232014

Android Hacking and Security, Part 6: Exploiting Debuggable Android Applications

In the previous article, we have seen how to debug Java applications using a little tool called JDB. In this article, we will apply the same logic to exploit […]

Android_05142014

Android Tamer – A Walk Through

Are you a Backtrack/Kali freak? Ever thought of having a similar distribution in your arsenal dedicated for Android Security? “Android Tamer” is the solution to fulfill your needs.

What is […]

android_debug05122014

Android Hacking and Security, Part 5: Debugging Java Applications Using JDB

This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn’t touch Android concepts, this is a prerequisite to understand […]

Android-02112013

Android Hacking and Security, Part 4: Exploiting Unintended Data Leakage (Side Channel Data Leakage)

In the previous articles, we discussed attacks associated with activity components, content providers, broadcast receivers, and ways to secure them. In this article, we will discuss “Unintended Data Leakage”, […]

AndroidHack04232014

Android Hacking and Security, Part 3: Exploiting Broadcast Receivers

In the first two articles, we discussed attacks associated with Activity Components, content provider leakage and ways to secure them. In this article, we will discuss attacks on broadcast […]

ContentProviderLeak03312014

Android Hacking and Security, Part 2: Content Provider Leakage

In the previous article, we discussed how an attacker exploits vulnerable Activity Components and ways to secure them. In this article, we will discuss “Content Provider Leakage”.

What are […]