Awesome Android Security – A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG – Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC – CVE-2020-8913 Android: Access to appRead More

FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) – A Distributed Evolutionary Binary Fuzzer For Pentesters

FLUFFI – A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will not be published. However, FLUFFI found the following published bugs (please helpRead More

Ligolo – Reverse Tunneling Made Easy For Pentesters, By Pentesters

Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve).It is comparable to Meterpreter with Autoroute + Socks4a, but more stable and faster.Use caseYou compromised a Windows / Linux / Mac server during your external audit. This server is locatedRead More

S3Enum – Fast Amazon S3 Bucket Enumeration Tool For Pentesters

s3enum is a tool to enumerate a target’s Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don’t hit AWS directly.It was originally built back in 2016 to target GitHub.Installation BinariesFind the binaries on the Releases page. Go go get github.com/koenrh/s3enum UsageYou need to specify the base nameRead More

X