Installing Certificate in User Store: In order to be able to intercept TLS/SSL communication, we need the certificate of our proxy tool to be trusted by the device. Via the android settings we can...

1- Getting APKs from a device First, find the package name of the application you want to download. You can list all third-party packages using: adb shell pm list packages -3 Next, we have to g...

adb install <path to .apk> Using adb install we can manually install packages using the command line. adb shell pm list packages Lists all installed packages - including system packages....

Enumeration is the first step you have to take once you gain access to any system. You may have accessed the system by exploiting a critical vulnerability that resulted in root-level access or just...

Understanding Dynamic Application Security Testing (DAST) for mobile applications is essential to comprehend the communication between the app and other resources like shared object (.so) libraries...

Introduction React Native, introduced by Facebook in 2015, is a JavaScript-based framework for developing native applications on platforms like Android and iOS. Its cross-platform capabilities hav...

Introduction Android applications come in various frameworks, including Flutter, Xamarin, Cordova, React Native, and more. In this article, I will walk you through a Static Application Security Tes...

Editing Smali code is a powerful technique in reverse engineering. In this write-up, I will solve the HTB APKey challenge by modifying its Smali code. What is Smali Code? Smali code represents the ...

Have you ever imagined being able to steal internal files from an Android application, such as .db files or other sensitive data? In this article, I’ll walk you through how it’s done by solving a l...

Hello, hackers! In this article, I will explain how an insecure root-path FileProvider configuration can lead to a path traversal vulnerability, allowing an attacker to access unauthorized files. ...