A security attack on a service, application or server can be split into 7 different steps.
Reconnaissance
Scanning
Access and escalation
Exfiltra...
For further actions, you may consider blocking this person and/or reporting abuse
I really loved this article... Cannot wait to read the others ;)
Did you already tried to use truffleHog to search for secrets in a code base?
Did you ever tried the Mobile Security Framework to decompile and analyze an APK for security and potential secrets?
Yes, I used TruffleHog (among others) to search for secrets in a codebase.
I am a heavy user of MobSF, that I modified slightly to automate the process to a bunch of apps at once.
It is working pretty well. One of my colleague is a MobSF contributor by the way. We are working on this in my department.
Oh very nice to know... now I know to who I can complain to ;)
Thanks for pointing out the badly linked "mitmproxy".
Solved by now. :-)
This is a really good article,is there a place where I can get more info about this practice?
Thanks for your reply.
That means a lot to me and I am happy that someone finds my article useful.
The other ones are moving into further Android security assessment.
I learned almost on my own about this on the internet.
And I must say that there is very good material on the internet.
You should try reading for article about "Android Pentesting" and have a look at some videos about it.
Then you should try do do some Capture The Flag about android security. It is the best way to really learn something.
You can have a look at this Github repository that has a list of great materials and tools for penetration testing.
Awesome! I'm still new with pentesting and I found the repo a very useful source. Thanks for sharing!