Posts tagged

Penetration Testing

Apr 07, 2026 HB

Race Condition Attacks in Web Applications: Beyond Double-Spend

When security professionals discuss race conditions in web applications, the conversation almost always gravitates toward the same scenario: a gift card redeemed twice, a coupon applied multiple times, or a bank balance drained through concurrent transfers. These are all instanc…

Vulnerability Penetration Testing OAuth Identity-Confusion Race-Condition HTTP2 Web-Security

Apr 05, 2026 HB

Building an Android Geolocation C2 Agent

In a penetration test or red-team engagement that targets mobile devices, one of the first things an operator needs is command-and-control (C2): a channel through which you can issue instructions to an implant running on the target device and receive the results back. Geolocatio…

Android Penetration Testing Geolocation C2 JNI Security-Research Reverse-Engineering

Apr 04, 2026 HB

Bypassing Android SSL Certificate Pinning with Frida

When analysing an Android application’s network traffic — whether for security auditing, API reverse engineering, or penetration testing — the first obstacle you will almost always face is SSL/TLS certificate pinning. Certificate pinning is a defence mechanism that tells t…

Android Penetration Testing Network-Analysis Frida mitmproxy SSL-Pinning Reverse-Engineering

Mar 31, 2026 HB

Citrix Bleed 3: Unauthenticated Memory Leak in NetScaler

Citrix Bleed 3: CVE-2026-3055 — Unauthenticated Memory Leak in NetScaler ADC/Gateway

A critical vulnerability in Citrix NetScaler allows unauthenticated attackers to dump sensitive memory contents — including admin session tokens — with a single HTTP request. No credentials, no …

Zero-Day Exploit Vulnerability Memory Disclosure Web Applications Networking Information Security Penetration Testing Session Hijacking Out-of-Bounds

Tags

Android Android-Adb Android-apktool Android-Avd Android-Studio Anti-Bot Automotive Baseband C2 CAN-Bus Container-Escape Cross-Site-Scripting Data-Scraping Exploit Frida Geolocation GooglePlay Hardware HTTP2 Identity-Confusion Information Security JNI Linux Linux-Kernel Memory Disclosure mitmproxy Mobile-Security Network-Analysis Networking OAuth OBD2 OIDC Out-of-Bounds Page-Cache Penetration Testing Playwright Privilege-Escalation Python Race-Condition Reverse-Engineering Samsung-Exynos Security Security-Research Session Hijacking SMS Snapchat SSL-Pinning STIG-Manager Vulnerability Web Applications Web-Crawling Web-Security Zero-Day