- 99
- 469 182
CorSecure
United States
เข้าร่วมเมื่อ 22 ก.พ. 2022
I work in application security with a focus on mobile security. I also enjoy tinkering with projects involving hardware hacking, 3D printing, and other random stuff in the tech space. I'm hoping to provide some insight and information related to hacking and security and occasionally show off some cool projects I am working on.
Create Custom Frida Scripts For Android
In this video, I show you how to use JADX to inspect the source code of an Android application and then use that source code to create a custom Frida script.
As an example, I use this method to bypass an emulation detection check in the AndroGoat application.
Use my referral link to sign up for TryHackMe:
tryhackme.com/signup?referrer=63901cae2f79f1005e1300dd
Use my affiliate link to sign up for Hack The Box:
hacktheboxltd.sjv.io/VmGgeE
corsecure.blog
As an example, I use this method to bypass an emulation detection check in the AndroGoat application.
Use my referral link to sign up for TryHackMe:
tryhackme.com/signup?referrer=63901cae2f79f1005e1300dd
Use my affiliate link to sign up for Hack The Box:
hacktheboxltd.sjv.io/VmGgeE
corsecure.blog
มุมมอง: 373
วีดีโอ
Hack Android Apps With Drozer [UPDATED 2024]
มุมมอง 1.7Kหลายเดือนก่อน
Drozer can be used to interact with the internal components of an Android app, including Activities, Services, Content Providers, and Broadcast Receivers. In this video, I show you how to install and setup Drozer and walkthrough exploiting an unprotected activity in an Android app. You can download Drozer here: github.com/WithSecureLabs/drozer Use my referral link to sign up for TryHackMe: tryh...
Web Cache Deception Attacks! | New From BlackHat 2024!
มุมมอง 816หลายเดือนก่อน
PortSwigger just recently released some new research at BlackHat about Web Cache Deception Attacks. They also added a whole new section to the Web Security Academy and some new labs. In this video, I'm going to solve the first lab from this brand new section. If you want to try the lab yourself, you can check it out here: portswigger.net/web-security/web-cache-deception/lab-wcd-exploiting-path-...
Learn How To Be A Hacker
มุมมอง 1K2 หลายเดือนก่อน
I have nearly 10 years of experience as a penetration tester, and I often get asked how someone can learn how to be a hacker. In this video, I cover 5 different online resources that you can use to learn the skills needed to become a hacker. Links to all 5 resources below: 1. Try Hack Me (tryhackme.com/signup?referrer=63901cae2f79f1005e1300dd)* 2. Hack The Box (hacktheboxltd.sjv.io/VmGgeE) 3. P...
Web Shells & Directory Traversal
มุมมอง 1772 หลายเดือนก่อน
In this video, I solve another lab from the PortSwigger Web Security Academy. This lab involves chaining together a file upload vulnerability and a directory traversal in order to bypass some protections that are in place on the web server.
Hack WebSockets with Burp Suite
มุมมอง 6162 หลายเดือนก่อน
In this video I solve the Cross-site WebSocket hijacking lab from the PortSwigger Web Security Academy.
Burp Suite and Frida on an Android Emulator
มุมมอง 4.4K3 หลายเดือนก่อน
In this video I show you how to install a Burp Suite certificate in an Android Studio emulator and how to install Frida to work with that emulator, which can be used to bypass SSL pinning and all kinds of other useful things when assessing Android applications. You can download the MagiskTrustUserCerts module here: github.com/NVISOsecurity/MagiskTrustUserCerts And you can download the Frida ser...
Installing (AND ROOTING) Android Emulator [2024 UPDATE]
มุมมอง 10K3 หลายเดือนก่อน
A long time ago I made a video about setting up an Android emulator, but that video is pretty outdated now. So in this video I walk through how to set up an Android emulator with Android Studio, and I also show you how to root that emulator with Magisk. Install Android Studio here: developer.android.com/studio Download rootAVD here: gitlab.com/newbit/rootAVD In my next video I will walk through...
More Android Hacking | Databases, SQL Injection, and Binary Patching
มุมมอง 8133 หลายเดือนก่อน
In my last video, I covered three of the challenges from the Beetlebug Android CTF app. In this video, I cover three more challenges that include accessing SQLite databases, executing SQL injection, and patching the APK. You can download the Beetlebug app from GitHub here: github.com/hafiz-ng/Beetlebug Use my referral link to sign up for TryHackMe: tryhackme.com/signup?referrer=63901cae2f79f100...
Hack Android With Burp Suite (THE EASY WAY!)
มุมมอง 5K5 หลายเดือนก่อน
Hack Android With Burp Suite (THE EASY WAY!)
Hacking AI Chatbots | Web Security Academy
มุมมอง 8765 หลายเดือนก่อน
Hacking AI Chatbots | Web Security Academy
Stealing Passwords With GraphQL | Web Security Academy
มุมมอง 3746 หลายเดือนก่อน
Stealing Passwords With GraphQL | Web Security Academy
Extract and Reverse Engineer iPhone Apps
มุมมอง 6K6 หลายเดือนก่อน
Extract and Reverse Engineer iPhone Apps
Building a DIY Security Camera System | #PiDay
มุมมอง 4906 หลายเดือนก่อน
Building a DIY Security Camera System | #PiDay
Access Private Posts With GraphQL | Web Security Academy
มุมมอง 2747 หลายเดือนก่อน
Access Private Posts With GraphQL | Web Security Academy
Sideload And Re-Sign Untrusted iPhone Apps
มุมมอง 10K8 หลายเดือนก่อน
Sideload And Re-Sign Untrusted iPhone Apps
Intercept Traffic and Bypass SSL Pinning on iPhone
มุมมอง 8K9 หลายเดือนก่อน
Intercept Traffic and Bypass SSL Pinning on iPhone
SANS Holiday Hack Challenge 2023 | Win a FREE SANS training course!
มุมมอง 60810 หลายเดือนก่อน
SANS Holiday Hack Challenge 2023 | Win a FREE SANS training course!
Advent of Cyber 2023 | $50,000 worth of prizes!
มุมมอง 28110 หลายเดือนก่อน
Advent of Cyber 2023 | $50,000 worth of prizes!
Install Custom Firmware and Hack Phones
มุมมอง 59K11 หลายเดือนก่อน
Install Custom Firmware and Hack Phones
Bypass SSL Pinning on Android | Hack the Box Pinned
มุมมอง 1.8Kปีที่แล้ว
Bypass SSL Pinning on Android | Hack the Box Pinned
Check out all the upcoming CTFs from Hack The Box here: ctf.hackthebox.com/events/upcoming Sign up for Hack The Box using my affiliate link here: hacktheboxltd.sjv.io/CorSecure
Bro, You are my teacher.. Thank..
I'm glad I could help!
Would you please provide some guide for how to use Frida with Obfuscated APK, I have a hard time trying to hook to stringbuilder toString func and I don't know how the classes are loaded whether through dynamic class loading or via reflection, sometimes Frida gives timeout error when I try to use the enumerateclasses also I don't see the obfuscated classes when I use Frida to print the loaded classes
Great vid dude, want a set up like this too for something. will sub.
I get error: externally-managed environment when I run pip3 install Frida tools. Any videos explaining what to do? Newbie
That is an issue with python. This might help: stackoverflow.com/questions/75608323/how-do-i-solve-error-externally-managed-environment-every-time-i-use-pip-3
please make a video to bypass vpn detection
i didn't even notice that Export as Frida Snipet function, omagad!
i almost watched all your videos
Thanks! I hope they were helpful!
best channel ever i swear
please teach us how to bypass vpn detection
Thanks for the video
Frida Lays
I use chatGPT to create my Frida scripts!
ChatGPT can be great for that kind of thing!
Hello, i do everything good and at the end when i write "fastboot flashing unlock" it tells me "FAILED( remote: 'unknown command') "Fastboot: error: Command failed" Can you please help me?
You are awesome. Keep doing great things. I tried different method but your explanation is so easy to follow and everything work perfectly. Thanks dude :)
Thanks! I'm glad it helped!
Can you make video on ios jailbreak bypass??
Dude you are the MAN!!!! This guide worked perfectly for a mini project I was working on. Thanks!!!!!
I'm glad it helped!
What we need is one ROM. One ROM to find them all and in the darkness bind them.
It says android studio ladybug
It keeps saying it's terminated some kind of error, but I'm going to try your way, but my menu has changed from yours it's took me to the studio app
can you plese make a video to bypass emulation and proxy detection
What discord doesn’t work
android is always a better choice
CTF, dang, it's like Quake III / Unreal Tournament all over again
adb connect 10.0.2.2:5555 failed to connect to '10.0.2.2:5555': Connection refused
You can sign up for the Huntress CTF here: huntress.ctf.games/
In 4:37 minute, we have the completely different content in the "Body". I tried many times . There is still only a "Hello, world!" in my "Body". Do you know why?
That is where you add the payload for your attack. The content that you see in the video is what I added for my payload. Like I mentioned in the video, there are lots of example payloads you can find all over the internet. This GitHub repo has lots of payload examples: github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Web%20Sockets/README.md
@@CorSecure Thanks for your patient reply . I indeed watched your video many times and noticed what you mentioned in the video. Because i am not the native American and my English is not good, i sometimes can not understand what you said well. Thanks for your weblink. I only hear Github before but do not know how to use it. I only know how to search things in the Google.
my $100,000 question is with a brand new SATA 2.5 SSD, Do you format the unused (not formatted) drive? with an RPi Linux doesn't already know what to do with the drive. When does this solid state drive have an assigned a file system to it? I would appreciate help with this, my project is NOT working and I keep returning brand new SSDs because I can't mount them in OpenMediaVault.
done
My computer is 12th Gen Intel(R) Core(TM) i5-1240P 1.70 GHz,ram 16.0 GB,64 bit system etc. Is it OK to run that software ? Sometimes my computer crashes and my screen freezes when the Pixel 8a 31 API launches to run on the Android Studio. My computer never froze up before.
thanks for the videos, also an easy way to transfer files to Android by just dragging and dropping :)
I need mock location app without developer
why i have Magisk Manager shows "Modules" and "Superuser" grayed out
I followed your instructions to the letter. When I accessed a site via Chrome on the Android device, I get the message NET::ERR_CERT_AUTHORITY_INVALID. In Chrome when I display the CA Cert being used, it is a Portswigger CA yet it has a different expiry date than the one in the System Area. Wherever that cert is coming from, the cert is still within the expiry date.
this is so rad, thanks!
Solid!
Hack a game
I follow your video many times and do each step one by one. There is only a "google_apis_playstore" file in my android-31 file. I think that there must be one "google_apis_" file in my android-31 file. But there is no "google_apis_" file there. I really do not know why. Can you help me resolve that problem?
Bro you are an underrated GOAT !! 🐑
Hey ! Can you point out a list of closed source (paid) tools that you said they automate the test with better results than mobsf?
Here's a list from Gartner with several tools: www.gartner.com/reviews/market/mobile-application-security-testing
:wq more like :x! amirite
JB is requied ?
Jailbreak is not required to intercept traffic, but it is usually required to bypass SSL pinning. In order to use Frida or Objection you usually have to have a jailbroken device. There are some ways to get around that, but they are a bit more complicated so I didn't cover them in this video.
Thanks so much! Stoked I finally got this. I tried it on my Mac - didn’t work. I tried it on Kali Linux - didn’t work. I finally tried it using my windows laptop to ssh into my Mac and it worked.
Kinda weird i am on an older portable version of android emulator and no matter which google store device i run su says either not found or inaccessible
Hello, Did u figure it out.
@@pratikpuri7079 kinda yes! I tried different versions of devices (i had a lot of problems with "pixel 5" ) and i tried newer versions of android The solution that worked in most was using rootAVD + magisk there are many videos on TH-cam on how to install it
@@pratikpuri7079 agh yes but i believe youtube removed my reply, use rootAVD from git and dont use the pixel 5 device
I am trying to reply with my solution but youtube is removing my comment
Error emulator failed to connect within 5 minutes
Oh man thanks for this video. Wish I found this days ago
in the 4 minute video, where do you get the burp Suite? Can you give a download link? or can you make a lesson about the Burp Suite?
You can download Burp here: portswigger.net/burp/communitydownload I also have a bunch of videos on my channel about using Burp Suite. Here's a playlist: th-cam.com/play/PLH5GW4W70qp86GdyQNLY37GcIF0nVksup.html
Runte Shore
Thanks for everything. Hope u post a video about install magisk 27 ;>
Great video, would love to see more on drozer. Followed along with your vid and will be digging in myself.