Skip to main content

pentest

2026


Identify and exploit vulnerabilities in AI agent systems

·21 mins
The objective: Find the vulnerability in the agent which will allow you to discover the flag for each level. These agents are equipped with various tools and capabilities that may contain security flaws. Procedure Analyze the agent Examine its tools and capabilities - the tools and system prompts are available on the bottom left of the screen Find the weakness to locate the flag CTF platform: https://ctf.arkx.ninja/ Beginner # Level 1: The Context Gateway # Information Disclosure Vulnerability Category: Sensitive Information Disclosure / Tool Abuse · Difficulty: Easy There are three tools available in level one: view_system_logs, discover_services (with scan modes: network, process, verbose, custom), and multi_tool_use.

Android Pentesting with AndroGoat

·14 mins
Android Pentesting # To sharpen my skills, I recently took a deep dive into AndroGoat—a deliberately insecure Android application designed to showcase the most common OWASP Mobile Top 10 vulnerabilities. In this post, I’ll walk through how I combined both static and dynamic analysis to uncover hardcoded secrets, bypass security checks with Frida, and extract sensitive data from local storage. My pentesting toolkit: My pentesting tookit included: Jadx-GUI: For decompiling and reading Java/Kotlin source code. The Android Debug Bridge (adb)**: The “command line” for interacting with the emulator on android studio. Frida: For dynamic instrumentation. Instrumentation is the art of imjecting new functionality to the application at runtime e.