Aseem Shrey Profile picture
Security Engineer @Rippling | ex-@gojektech | 📹 https://t.co/mRukkCnYJF | CTF player NULLKrypt3rs | Web App Exploitation & Reverse Eng
Apr 12, 2022 10 tweets 4 min read
A 3 step process to finding and reporting critical secrets :

🧵👇 1️⃣ Find secrets :

➡ Look into source control like Github, gitlab etc

Use github dorks for more directed searches. Like github.com/techgaun/githu…
Mar 27, 2022 8 tweets 4 min read
Top 7 #Shodan Dorks :

A thread 🧵👇 1️⃣ Search for secret API keys publicly exposed on websites :
ex : Searching for slack API token on all the scanned websites

http.html:"xoxb-"
Feb 18, 2022 11 tweets 9 min read
7 Things To Get Started With Android Pentesting :

A Thread 🧵👇 1️⃣ Get the APK
Download from :
apkpure.com
apkmirror.com
aptoide.en.aptoide.com
en.uptodown.com/android
apps.evozi.com/apk-downloader/ (Downloads from PlayStore)
Note: These are 3rd party sites, hence, install only on your testing device/emulator.
Jun 17, 2021 9 tweets 4 min read
Android Hacking | Deeplink Issues | What, Why & How

➤ What, Why, How of Deeplink ?
➤ Hacking Deeplinks - Insecure URL Validation
➤ Finding, exploiting and fixing them
➤ Demo

#android #hacking #bugbounty #hackingsimplified
🧵👇 1. What's a Deeplink ?

In context of mobile apps, deeplinks are URLs that send users to a certain point in the app.

For example : If you click this :

fb://profile/100009566573630

It would open my facebook profile on your FB mobile app.

Hosted Link : bl.ocks.org/LuD1161/raw/1c… Image