erev0s.com personal blog pagehttp://erev0s.com/atom/2023-11-18T16:03:00.663257+00:00erev0sA blog about cyber security, web development and other tech related topicsCopyright (c) 2019-2020, erev0s.comUnmasking Evasive Threats with apkInspector2023-11-12T14:41:18.102156+00:002023-11-18T16:03:00.663257+00:00https://erev0s.com/blog/unmasking-evasive-threats-with-apkinspector/<![CDATA[
apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract content and decode the AndroidManifest.xml file. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Unmasking Evasive Threats with apkInspector">
]>Android permissions grouped per API and protection level2023-02-14T16:53:12.920220+00:002023-02-14T17:35:02.381261+00:00https://erev0s.com/blog/android-permissions-grouped-per-api-and-protection-level/<![CDATA[
Lists of the Android Permissions grouped together based on protection level, like dangerous or signature or based on the API level they were added on. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Android permissions grouped per API and protection level">
]>Statistics on more than 1 million apps from Google Play Store2023-01-24T22:12:20.554156+00:002023-02-21T17:42:16.876694+00:00https://erev0s.com/blog/statistics-on-1million-apps-from-google-play-store/<![CDATA[
What is the average size of a play store app? or the number of permissions requested ? and several other stats shown on an analysis of more than one million apps from Play Store. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Statistics on more than 1 million apps from Google Play Store">
]>3 ways for Dynamic Code Loading in Android2022-11-12T09:42:47.754981+00:002023-02-21T17:20:03.384763+00:00https://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/<![CDATA[
Dynamic code loading in Android, the methods malware employ to hide malicious behaviour. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="3 ways for Dynamic Code Loading in Android">
]>Malware Dropper disguised as an Ebay Android App2022-09-24T22:59:24.156988+00:002022-09-27T22:08:18.291352+00:00https://erev0s.com/blog/malware-dropper-disguised-as-an-ebay-android-app/<![CDATA[
Analysis on a malware dropper which was disguised as an Ebay Android app, with a lot of features like premium sms, keylogger, overlay attacks. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Malware Dropper disguised as an Ebay Android App">
]>Automated security scanning against VAmPI2022-04-20T20:34:20.465152+00:002022-04-20T20:36:31.263452+00:00https://erev0s.com/blog/vampi-against-automated-api-scanning/<![CDATA[
How well automated API security scanners work against an already vulnerable API? <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Automated security scanning against VAmPI">
]>New flag in APKTOOL for automatic generic network configuration2022-05-20T12:00:39.806273+00:002022-05-20T12:00:39.806273+00:00https://erev0s.com/blog/new-flag-in-apktool-for-automatic-generic-network-configuration/<![CDATA[
The known apktool, just got a slight upgrade to include a new flag, allowing it to automatically embed a generic/permissive network configuration. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="New flag in APKTOOL for automatic generic network configuration">
]>InsecureShop Write-up, all vulnerabilities explained2021-10-17T12:59:40.762980+00:002021-10-17T12:59:40.762980+00:00https://erev0s.com/blog/insecureshop-write-up-all-vulnerabilities-explained/<![CDATA[
A full write-up for the InsecureSHop application, to serve for learning purposes <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="InsecureShop Write-up, all vulnerabilities explained">
]>Exploiting content providers through an insecure SetResult implementation2021-10-12T15:21:46.669269+00:002021-10-12T21:18:36.018405+00:00https://erev0s.com/blog/exploiting-content-providers-through-an-insecure-setresult-implementation/<![CDATA[
How an insecure implementation of SetResult can lead to exploitation of the available content providers. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Exploiting content providers through an insecure SetResult implementation">
]>AWS Cognito Misconfigurations in Android Apps2021-09-23T19:39:59.353727+00:002021-10-11T17:19:15.941493+00:00https://erev0s.com/blog/aws-cognito-misconfigurations-in-android-apps/<![CDATA[
Learn how an AWS Cognito Identity Pool can be identified in an APK and then checked if it is misconfigured. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="AWS Cognito Misconfigurations in Android Apps">
]>Statistics from the Static and Dynamic analysis of more than 14,000 APKs from Play Storehttps://erev0s.com/blog/statistics-from-the-static-and-dynamic-analysis-of-more-than-14000-apks-from-play-store/<![CDATA[
A presentation of the statistics from an analysis of more than 14,000 APKs, as part of an experiment. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Statistics from the Static and Dynamic analysis of more than 14,000 APKs from Play Store">
]>Reversing an Android APK using ASM library2021-06-12T11:44:17.243236+00:002021-06-12T11:53:44.808986+00:00https://erev0s.com/blog/reversing-an-android-apk-using-asm-library/<![CDATA[
A quick guide on how to instrument an Android APK with the help of the ASM library and extract information from it <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Reversing an Android APK using ASM library">
]>How to download 1000 (or more) Apps from Play Store?2020-12-12T12:06:45.047723+00:002020-12-12T12:06:45.047723+00:00https://erev0s.com/blog/how-download-1000-or-more-apps-play-store/<![CDATA[
See how you can download hunderds of apps from Play Store automatically! <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="How to download 1000 (or more) Apps from Play Store?">
]>VAmPI the vulnerable API for security testing2020-10-04T19:53:23.528255+00:002020-10-18T21:06:21.020141+00:00https://erev0s.com/blog/vampi-vulnerable-api-security-testing/<![CDATA[
Vulnerable REST API with OWASP top 10 vulnerabilities for APIs <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="VAmPI the vulnerable API for security testing">
]>SSH Local, Remote and Dynamic Port Forwarding - Explain it like I am five!2020-10-20T18:44:35.967305+00:002020-10-20T18:44:35.967305+00:00https://erev0s.com/blog/ssh-local-remote-and-dynamic-port-forwarding-explain-it-i-am-five/<![CDATA[
What are the differences in between ssh local, remote and dynamic port forwarding and when to use which? Explain it like I am five with pictures and examples! <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="SSH Local, Remote and Dynamic Port Forwarding - Explain it like I am five!">
]>Run an Android Service in the background reliably every N seconds2020-08-02T19:29:09.009069+00:002020-10-18T10:16:44.491449+00:00https://erev0s.com/blog/run-android-service-background-reliably-every-n-seconds/<![CDATA[
How to make an android service to run in the background reliably every N seconds even when the device is idle. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Run an Android Service in the background reliably every N seconds">
]>Create your RSS/Atom feed in Wagtail2020-06-24T13:52:10.768259+00:002020-06-24T13:52:10.768259+00:00https://erev0s.com/blog/create-your-rssatom-feed-wagtail/<![CDATA[
See how to create your own RSS/Atom feed in your Wagtail site fast and easy. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Create your RSS/Atom feed in Wagtail">
]>Encrypted Bind and Reverse Shells with Socat (Linux/Windows)2020-06-03T13:03:32.128000+00:002020-06-20T06:48:50.916000+00:00https://erev0s.com/blog/encrypted-bind-and-reverse-shells-socat/<![CDATA[
Encrypt your traffic with openssl when using bind or reverse shells. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Encrypted Bind and Reverse Shells with Socat (Linux/Windows)">
]>3 ways to detect the SELinux status in Android natively2020-05-23T09:13:49.700000+00:002020-05-23T09:18:41.013000+00:00https://erev0s.com/blog/3-ways-detect-selinux-status-android-natively/<![CDATA[
Are you curious about how to detect the SELinux status of an Android device using native code (C) ? <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="3 ways to detect the SELinux status in Android natively">
]>Tiny AES in CBC mode with PKCS7 padding written in C2020-04-29T22:38:30.646000+00:002020-10-16T13:26:08.879187+00:00https://erev0s.com/blog/tiny-aes-cbc-mode-pkcs7-padding-written-c/<![CDATA[
An example on how to use Tiny AES in CBC mode with PKCS7 padding written in C <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Tiny AES in CBC mode with PKCS7 padding written in C">
]>Convert APK to source code automatically with lazyX2020-03-29T12:31:03.879000+00:002020-03-29T12:45:29.691000+00:00https://erev0s.com/blog/convert-apk-source-code-automatically-lazyx/<![CDATA[
A python script to automate the use of dex2jar tool along with cfr in order to decompile apk files instantly. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Convert APK to source code automatically with lazyX">
]>How to hook Android Native methods with Frida (Noob Friendly)2020-03-22T21:03:43.418000+00:002023-05-18T14:42:01.495599+00:00https://erev0s.com/blog/how-hook-android-native-methods-frida-noob-friendly/<![CDATA[
Hooking C/C++ code in Android application using Frida with introduction and explainations in every step - noob friendly <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="How to hook Android Native methods with Frida (Noob Friendly)">
]>Wagtail list of Tips and Tricks!2020-03-29T10:49:38.401000+00:002020-03-29T11:13:19.870000+00:00https://erev0s.com/blog/wagtail-list-tips-and-tricks/<![CDATA[
Tips and tricks in Wagtail that will help you tweak the appearance and functionality. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Wagtail list of Tips and Tricks!">
]>Add JNI(C/C++) into your existing Android app2020-03-17T18:43:56.826000+00:002020-03-22T20:18:55.785000+00:00https://erev0s.com/blog/add-jnicc-your-existing-android-app/<![CDATA[
How to add C/C++ through the JNI, into an existing Android app either with the source code or directly the compiled .so files. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Add JNI(C/C++) into your existing Android app">
]>Gobuster for directory, DNS and virtual hosts bruteforcing2020-02-15T11:30:22.200000+00:002020-03-17T18:35:17.709000+00:00https://erev0s.com/blog/gobuster-directory-dns-and-virtual-hosts-bruteforcing/<![CDATA[
A penetration testing bruteforcing tool running in cli with support for directories, DNS and virtual hosts. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Gobuster for directory, DNS and virtual hosts bruteforcing">
]>Mango - Hack the Box - Writeup2020-01-18T12:15:01.659000+00:002020-10-28T21:19:59.895972+00:00https://erev0s.com/blog/mango-hack-box-writeup/<![CDATA[
A writeup for the machine Mango from hackthebox.eu with medium Difficulty <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Mango - Hack the Box - Writeup">
]>OpenAdmin - Hack the Box - Writeup2020-01-12T16:53:02.261000+00:002020-10-28T21:19:29.506341+00:00https://erev0s.com/blog/openadmin-hack-box-writeup/<![CDATA[
A writeup for the machine OpenAdmin from hackthebox.eu. Difficulty = Easy <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="OpenAdmin - Hack the Box - Writeup">
]>Crack password protected SSH keys with John2020-01-12T17:34:36.728000+00:002020-01-12T17:39:32.842000+00:00https://erev0s.com/blog/crack-password-protected-ssh-keys-john/<![CDATA[
Learn how to crack a password protected ssh key (id_rsa) using John the Ripper. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Crack password protected SSH keys with John">
]>Cracking /etc/shadow with John2020-01-09T16:03:05.009000+00:002020-01-09T16:09:25.735000+00:00https://erev0s.com/blog/cracking-etcshadow-john/<![CDATA[
Learn how to crack /etc/shadow file using John the Ripper. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Cracking /etc/shadow with John">
]>Obscurity - Hack the Box - Writeup2020-01-07T17:56:11.705000+00:002020-10-28T21:19:05.025222+00:00https://erev0s.com/blog/obscurity-hack-box-writeup/<![CDATA[
A writeup for the machine Obscurity from hackthebox.eu with medium Difficulty. <img src="https://erev0s.com/media/images/erev0sFooterLogo.original.png" alt="Obscurity - Hack the Box - Writeup">
]>