TL;DR APKs must be aligned and signed before installation apktool extracts resources and smali jadx provides near-source Java decompilation Client-side code is fully exposed Context ...

TL;DR ADB is the primary bridge between analyst and device Many Android attacks require ADB interaction File access, app management, logging, and activity triggering are possible Understa...

TL;DR Intents are Android’s inter-process communication (IPC) mechanism Exported activities act as external entry points Incoming intent data is fully attacker-controlled Most Android log...

Summary Today I learned that finding a vulnerability is rarely the end of the story. Real-world impact usually comes from: Bypassing security controls Combining multiple weaknesses together ...

Summary Today I practiced Injection vulnerabilities and Server-Side Request Forgery (SSRF) in APIs. Using fuzzing techniques and multiple tools, I learned how improper input handling can allow att...

Summary Today I practiced two high-impact API vulnerabilities that frequently lead to account takeover and business logic abuse: Improper Assets Management Mass Assignment Both issues often...

Summary Today I practiced two of the most critical API authorization vulnerabilities: Broken Object Level Authorization (BOLA) Broken Function Level Authorization (BFLA) These issues are si...

Summary Today I focused on JSON Web Token (JWT) security weaknesses and how improper implementations can lead to authentication bypass and privilege escalation. I explored common JWT attack vector...