Blog


In God we trust; rest we test!

AppLock MITM Password Reset Vulnerability

Applock is an android application used to add lock screen to gallery and other applications. This app has a vulnerability in the web backend allowing an attacker to reset anyone's password with MITM attack.

Reversing DexGuard’s String Encryption

DexGuard is a commercial tool used for protecting android binaries (APK) mainly from reversing and tampering. It provides features like code obfuscation, class encryption, string encryption, asset/resource encryption, tamper protection, anti-debugger checks, VM/Environment checks, SSL pinning etc. This blog post explains the decryption/reversing of DexGuard 6.1's string encryption.

Bypassing Content Security Policy with a JS/GIF Polyglot

This post explains the creation of a JS/GIF polyglot to bypass Content Security Policy (CSP) in certain scenarios. We will build a custom polyglot file that is a valid GIF as well as JavaScript and use Xenotix to simulate real world exploitation.

Bypassing PIN in Whisper Android Application

A vulnerability in Whisper Android Application allowed an attacker to bypass pin and access protected views. The post explains the detection of the vulnerability using Mobile Security Framework - MobSF and exploitation using a custom APK.

Tizen 2.2.1 WebKit Address Spoofing

Vulnerability in Tizen 2.2.1's default web browser based on webkit allowed address bar spoofing where an attacker can show arbitrary content for the URL of choice.