For a long time, the adb backup command was the “Swiss Army Knife” for mobile pentesters. It allowed us to pull the private /data/data/ folder
Mobile Pentesting 101: How to Pull APKs from Work Profile – A Real-World Intune Challenge
Introduction During a recent mobile application penetration test, I encountered a challenging scenario that many mobile security testers face nowadays: extracting APKs from applications installed
Azure CloudQuarry: Searching for secrets in Public VM Images
After the initial investigation entitled “AWS CloudQuarry: Digging for secrets in Public AMIs” was finalized, we continued with the same idea on Azure in order
Chained Vulnerabilities in Web Applications
Introduction Vulnerability chaining, also known as exploit chaining, is the process of combining multiple vulnerabilities to achieve a more significant or impactful attack by exploiting
Mobile Pentesting 101: How to Install Split APKs
In modern mobile app development, split APKs are becoming increasingly common. They divide a large app into smaller packages, allowing for more efficient downloads and installations, especially on devices with limited storage. For mobile penetration testers, understanding and working with split APKs is essential.
Red Team Finds A Way – (IN)Secure By Design
In our previous post, Red Team Finds A Way – Exploiting The Human Factor, we explored how the human element can often be the weakest
Security Café 