Thread Reader
Share this page!
×
Tweet
Share
Email
Aseem Shrey
Follow @AseemShrey
Security Engineer @Rippling | ex-@gojektech | 📹 https://t.co/mRukkCnYJF | CTF player NULLKrypt3rs | Web App Exploitation & Reverse Eng
Add to My Authors
Apr 12, 2022
•
10 tweets
•
4 min read
A 3 step process to finding and reporting critical secrets :
🧵👇 1️⃣ Find secrets :
➡ Look into source control like Github, gitlab etc
Use github dorks for more directed searches. Like
github.com/techgaun/githu…
Mar 27, 2022
•
8 tweets
•
4 min read
Top 7
#Shodan
Dorks :
A thread 🧵👇 1️⃣ Search for secret API keys publicly exposed on websites :
ex : Searching for slack API token on all the scanned websites
http.html:"xoxb-"
Feb 18, 2022
•
11 tweets
•
9 min read
7 Things To Get Started With Android Pentesting :
A Thread 🧵👇 1️⃣ Get the APK
Download from :
➡
apkpure.com
➡
apkmirror.com
➡
aptoide.en.aptoide.com
➡
en.uptodown.com/android
➡
apps.evozi.com/apk-downloader/
(Downloads from PlayStore)
Note: These are 3rd party sites, hence, install only on your testing device/emulator.
Jun 17, 2021
•
9 tweets
•
4 min read
Android Hacking | Deeplink Issues | What, Why & How
➤ What, Why, How of Deeplink ?
➤ Hacking Deeplinks - Insecure URL Validation
➤ Finding, exploiting and fixing them
➤ Demo
#android
#hacking
#bugbounty
#hackingsimplified
🧵👇
1.
What's a Deeplink ?
In context of mobile apps, deeplinks are URLs that send users to a certain point in the app.
For example : If you click this :
fb://profile/100009566573630
It would open my facebook profile on your FB mobile app.
Hosted Link :
bl.ocks.org/LuD1161/raw/1c…