Skip to main content

security

2026


Reverse Engineering Android Malware Apps

·23 mins
Android Malware Analysis # The goal: Understand android APK malware analysis Learning points: Understand malware and analyze an Android RAT Static and dynamic analysis using JADX, apktool and android emulator Learn how to reverse android apps Understand different types of android malware: RAT vs stalkerware Understanding the different android components in relation to malware abuse Ahmyth app # This is the aplication we will analyze: https://ahmyth.com/. AhMyth is an open source Remote Access Trojan(RAT) developed for the Android operating system. Malware is anything that does some action the end user has not consented to and they run in the background stealing user data remotely.

Identify and exploit vulnerabilities in AI agent systems

·21 mins
The objective: Find the vulnerability in the agent which will allow you to discover the flag for each level. These agents are equipped with various tools and capabilities that may contain security flaws. Procedure Analyze the agent Examine its tools and capabilities - the tools and system prompts are available on the bottom left of the screen Find the weakness to locate the flag CTF platform: https://ctf.arkx.ninja/ Beginner # Level 1: The Context Gateway # Information Disclosure Vulnerability Category: Sensitive Information Disclosure / Tool Abuse · Difficulty: Easy There are three tools available in level one: view_system_logs, discover_services (with scan modes: network, process, verbose, custom), and multi_tool_use.

Android Pentesting with AndroGoat

·14 mins
Android Pentesting # To sharpen my skills, I recently took a deep dive into AndroGoat—a deliberately insecure Android application designed to showcase the most common OWASP Mobile Top 10 vulnerabilities. In this post, I’ll walk through how I combined both static and dynamic analysis to uncover hardcoded secrets, bypass security checks with Frida, and extract sensitive data from local storage. My pentesting toolkit: My pentesting tookit included: Jadx-GUI: For decompiling and reading Java/Kotlin source code. The Android Debug Bridge (adb)**: The “command line” for interacting with the emulator on android studio. Frida: For dynamic instrumentation. Instrumentation is the art of imjecting new functionality to the application at runtime e.

3 Critical Database Security Threats You Need to Know

·6 mins
3 Critical Database Command Injection Security Threats # For software engineers, it may be easy to assume that no hacker would target our app since it isn’t big or well known. This attitude can lead to recklessness and lower measures for securing data on an app. However, it’s important to remember that security begins at the design phase. Database security is about protecting the “CIA Triad”: Confidentiality, Integrity, and Availability. In this blog post, you’ll learn about the core database threats that jeopardize the CIA triad principles. By the end of the post, you’ll have learned about the following topics: