Alexandre

OSINT - Simple tips #4 - Usernames

This new post on the OSINT field will discuss usernames.

Read more
OSINT - Simple tips #3 - Google Dorks

In the OSINT field, perform good queries in search engines is very important. Search engines collect a lot of data every day and it could be very difficult and challenging to find good information.

Read more
OSINT - Simple tips #2 - Facebook

This second blog post on the OSINT field will talk about Facebook. Again, it is a really simple tips but very interesting.

Read more
OSINT - Simple tips #1 - Linkedin

OSINT, for Open Source INTelligence, is the process of searching for, gathering and analyzing data found from public sources. The data are accessible without breaking into any systems (hacking, phishing, etc.). Sometimes, data are behind a paywall (it is necessary to pay a monthly subscription to have access to some specific data) but a lot are easily accessible with the right tricks.

Read more
Password guessing with Hydra

A password is like a "key" used to open a specific door or vault. In this vault, there can be different personal documents, pictures, banking information... It is obvious that a user wants its personal documents secure. If the "key", therefore the password, is easy to find, the vault can be as strong as you want, it will be easy to open it.

Read more
Pwndrop - Self-hosting payloads

A tedious step for all red-teamers is set up a system to upload payloads on the victim's machine. Kuba Gretzky, the author of Evilginx, released a nice tool to simplify this task.

Read more
COVID-19 Tracking Application

Most of the countries around the world are in a more or less hard lockdown. In Europe, some countries are gradually starting to allow certain sports outings, visiting family or opening certain stores. An important fear is a possible second wave of contamination. To prevent that, some governments provide a mobile application to track the virus spreading.

Read more
COVID-19 Android Malware

During each crisis, some people use the fear of the population to make benefit. Unfortunately, the COVID-19 crisis is not an exception. There are a lot of different scams related to COVID-19. And a place where it is easy to perform these scams is on the Internet. Globally, the methods used are the same as before the crisis, but currently, the word, Coronavirus, COVID-19,... inspire fear. Fear lowers the level of caution for a lot of people. The possibility that a phishing campaign works is greater now than a few months ago, for example.

Read more
Decompile and modify an Android application

Usually, Android applications are written in Java (or, now, in Javascript) and compiled in a Dalvik bytecode (DEX file). Then, the bytecode is interpreted and executed by the Dalvik Virtual Machine.

Read more
Find secret API token in Android application

In May 2019, Google announced there are 2.5 billion active Android devices. Thereby, most companies develop their own application. Not only the richest companies like Google, Facebook, Amazon,... but also a lot of smaller businesses.

Read more
Create a local Python pip repository

Python is a very interesting programming language because it is possible to prototype a lot of things in a few minutes. The Python Package manager, called pip, is a very simple tool that allows the user to import/install easily any Python package and its dependencies.

Read more
Create a local apt-mirror for offline usage

In some cases, it is necessary to work on offline machines because of sensitive data for example. To install a Ubuntu version on an offline computer is quite easy. Problems begin when it is needed to install some programs/debian packages for your development. With the default configuration, it is not possible to install anything without an Internet connection.

Read more