Walkthrough: Analyzing BXAQ Spyware
Summary The BXAQ (MobileHunter) application, used by Chinese authorities for surveillance purposes, poses significant privacy and security risks to users. This mobile penetration test aimed to identify and evaluate these risks by analyzing the application’s behavior and potential vulnerabilities. The assessment revealed that the application collects a wide array of personal data, including calendar entries, […]
Walkthrough: Config Editor app in Android
Affected Product Config Editor Affected version 1.0 CVE ID N/A Vulnerability Type Remote Code Execution Type MOBILEAPPS DescriptionCVE-2022-1471 identifies a critical unsafe deserialization vulnerability within the SnakeYaml library for Java. This vulnerability arises from the Constructor class’s failure to adequately restrict the types of objects that can be deserialized. Consequently, attackers can craft malicious YAML […]
Walkthrough: Legacy (HTB Retired Box)
Legacy is a retired machine at the beginner level that shows SMB’s possible security threats in Windows OS.
Walkthrough: Lame (HTB Retired Box)
Lame is a retired Linux machine that is rated as Easy on Hack the Box. There are many ways to get flags, but I will demonstrate one of the easiest ways.