01
SEKAI CTF 2025: Sekai Bank Transaction
IntroductionThis document provides a detailed walkthrough of the vulnerability found in the SekaiBank Android application and how we exploited it to steal one m…
11 min read
→
02
TCP1P 2024: Mobile Writeup
Team: MAGER / Vantage Point SecurityRank: 5/1110 Password Manager 2.0OverviewChallenge ini adalah sebuah aplikasi Password Manager yang memiliki sebua…
12 min read
→
03
TCP1P 2023: Mobile Writeup
Check my writeup on this challenge below:https://jekyll-theme-chirpy-git-master-noxlaw.vercel.app/posts/all-mobile-tcp1p-ctf/
1 min read
→
04
intechfest 2023: Notes Manager Challenge - CXMAP
Check my walkthrough video on this challenge below:https://www.facebook.com/lawbytee/videos/1328446641202923
1 min read
→
05
TCP1P 2023: Internals
Author: aimardcr Seperti yang sudah ada dideskripsi challenge nya, untuk menyelesaikan challenge ini kita perlu untuk membuat malicious/exploit aplikasi se…
11 min read
→
06
iOS Data Storage Security
iOS applications store data in several locations — some secure by default, others frequently misused. This guide covers how to locate, extract, and assess data …
4 min read
→
07
Android Root Detection Bypass
Root detection blocks security testing on production apps. Bypassing it is a standard step in mobile penetration testing to assess the app’s true security postu…
4 min read
→
08
LDAP Injection
LDAP injection occurs when user input is unsafely embedded into LDAP queries. Unlike SQL injection, LDAP injection is less commonly tested — but it’s prevalent …
3 min read
→
09
Clickjacking Testing
Clickjacking tricks users into clicking on hidden or disguised interface elements. While often low severity alone, combined with sensitive actions (password cha…
3 min read
→
10
Open Redirect Testing
Open redirects are often dismissed as low severity, but when chained with OAuth token theft or SSRF bypass, they become critical. They also enable highly convin…
2 min read
→