A 3 step process to finding and reporting critical secrets :

🧵👇 1️⃣ Find secrets :

➡ Look into source control like Github, gitlab etc

Use github dorks for more directed searches. Like github.com/techgaun/githu…

Top 7 #Shodan Dorks :

A thread 🧵👇 1️⃣ Search for secret API keys publicly exposed on websites :
ex : Searching for slack API token on all the scanned websites

http.html:"xoxb-"

7 Things To Get Started With Android Pentesting :

A Thread 🧵👇 1️⃣ Get the APK
Download from :
➡ apkpure.com
➡ apkmirror.com
➡ aptoide.en.aptoide.com
➡ en.uptodown.com/android
➡ apps.evozi.com/apk-downloader/ (Downloads from PlayStore)
Note: These are 3rd party sites, hence, install only on your testing device/emulator.

Android Hacking | Deeplink Issues | What, Why & How

➤ What, Why, How of Deeplink ?
➤ Hacking Deeplinks - Insecure URL Validation
➤ Finding, exploiting and fixing them
➤ Demo

#android #hacking #bugbounty #hackingsimplified
🧵👇 1. What's a Deeplink ?

In context of mobile apps, deeplinks are URLs that send users to a certain point in the app.

For example : If you click this :

fb://profile/100009566573630

It would open my facebook profile on your FB mobile app.

Hosted Link : bl.ocks.org/LuD1161/raw/1c…