Intro Fridump is an open source memory dumper tool, used to retrieve data stored in RAM from all different devices and operating systems. It is using as base Frida (excellent framework, if you don’t know it you should give it a look!) to scan the memory from the access level of a specific application and […]
On this post, I will show you how you can run Fridump against an Android application. The device is connected on our workstation over USB, hence the use of the -u flag is mandatory. A reminder of all the flags available for Fridump is: As an example, I decided to use the Damn Insecure and Vulnerable […]
On this post, I will show you how you can run Fridump against an iOS application. The device is connected on our workstation over USB, hence the use of the -u flag is mandatory. A reminder of all the flags available for Fridump is: As first example, I will illustrate how we can dump the […]
Fridump Fridump (v0.1) is an open source memory dumping tool, primarily aimed to penetration testers and developers. Fridump is using the Frida framework to dump accessible memory addresses from any platform supported. It can be used from a Windows, Linux or Mac OS X system to dump the memory of an iOS, Android or Windows […]
For anyone that is not familiar with it, Hashcat is one of the most well known password cracking tools at the moment, primarily due to it’s lightning fast speed. There are several versions of the tool, allowing it to take advantage of different platforms, including ocl-hashcat and cuda-hashcat. On the latest update of the tool […]
Androguard is a tool used during Android application assessments, primarily focused on reverse engineering of the apk file and application analysis. The tool is python based and can be used through a command prompt to assess an apk file, by extracting and analysing the Android manifest, identifying all available activities, services and content providers and reverse engineering […]
This site was created to share interesting information, step by step guides and research material that were collected during my experience as a Penetration Tester. The content is accurate to the best of my knowledge, but if you think any of the information presented on this site are inaccurate, feel free to contact me.