android

Android Pentesting # To sharpen my skills, I recently took a deep dive into AndroGoat—a deliberately insecure Android application designed to showcase the most common OWASP Mobile Top 10 vulnerabilities. In this post, I’ll walk through how I combined both static and dynamic analysis to uncover hardcoded secrets, bypass security checks with Frida, and extract sensitive data from local storage. My pentesting toolkit: My pentesting tookit included: Jadx-GUI: For decompiling and reading Java/Kotlin source code. The Android Debug Bridge (adb)**: The “command line” for interacting with the emulator on android studio. Frida: For dynamic instrumentation. Instrumentation is the art of imjecting new functionality to the application at runtime e.