Android hacking tools update for Sept 2018

This article outlines a few "lessons learned" during an Android pen-test, specifically on which parts of my toolset I needed to update to accommodate newer android versions (Android v7+) MultiDex support One of the standard pen-test techniques is to decompile the App's source code. Typically this is done by converting the APK DEX code to … Continue reading Android hacking tools update for Sept 2018

First steps in writing a custom OWASP ZAP extension

OWASP ZAP is a very popular attack proxy typically used in Web Application penetration tests. Think "Open Source BurpSuite", and that's ZAP in a nutshell. It has become my go-to tool for penetration tests, and it definitely is a fantastic piece of software that ticks all my boxes - except one. The problem : Note taking … Continue reading First steps in writing a custom OWASP ZAP extension