- Видео 91
- Просмотров 382 424
CorSecure
США
Добавлен 22 фев 2022
I work in application security with a focus on mobile security. I also enjoy tinkering with projects involving hardware hacking, 3D printing, and other random stuff in the tech space. I'm hoping to provide some insight and information related to hacking and security and occasionally show off some cool projects I am working on.
Hack WebSockets with Burp Suite
In this video I solve the Cross-site WebSocket hijacking lab from the PortSwigger Web Security Academy.
Просмотров: 158
Видео
Burp Suite and Frida on an Android Emulator
Просмотров 41019 часов назад
In this video I show you how to install a Burp Suite certificate in an Android Studio emulator and how to install Frida to work with that emulator, which can be used to bypass SSL pinning and all kinds of other useful things when assessing Android applications. You can download the MagiskTrustUserCerts module here: github.com/NVISOsecurity/MagiskTrustUserCerts And you can download the Frida ser...
![Installing (AND ROOTING) Android Emulator [2024 UPDATE]](http://i.ytimg.com/vi/QzsNn3GhYYk/mqdefault.jpg)
Installing (AND ROOTING) Android Emulator [2024 UPDATE]
Просмотров 77714 дней назад
A long time ago I made a video about setting up an Android emulator, but that video is pretty outdated now. So in this video I walk through how to set up an Android emulator with Android Studio, and I also show you how to root that emulator with Magisk. Install Android Studio here: developer.android.com/studio Download rootAVD here: gitlab.com/newbit/rootAVD In my next video I will walk through...
More Android Hacking | Databases, SQL Injection, and Binary Patching
Просмотров 39321 день назад
In my last video, I covered three of the challenges from the Beetlebug Android CTF app. In this video, I cover three more challenges that include accessing SQLite databases, executing SQL injection, and patching the APK. You can download the Beetlebug app from GitHub here: github.com/hafiz-ng/Beetlebug Use my referral link to sign up for TryHackMe: tryhackme.com/signup?referrer=63901cae2f79f100...
Hacking an Android CTF App
Просмотров 86228 дней назад
If you're an aspiring mobile penetration tester or bug bounty hunter, it can sometimes be hard to find places to practice those Android hacking skills in a safe environment. Fortunately, CTF apps like Beetlebug exist. This is a free open source app containing a lot of challenges that will prepare you for the type of vulnerabilities you might see in a real mobile penetration test. You can downlo...
A Beginner's Guide To Linux
Просмотров 114Месяц назад
I use a lot of Linux commands and Linux tools in my day to day life, but if you are a beginner without much experience using Linux, it can be overwhelming. In this video, I go through a Linux Fundamentals guide from TryHackMe to give you an introduction to all of the Linux commands that you need to get started. The Linux Fundamentals room that I went through in this video can be found here: try...
I'm Not A Newbie Anymore!
Просмотров 177Месяц назад
I have recently been solving a lot of the PortSwigger Web Security Academy labs trying to complete all of the Apprentice rated labs so I can be upgraded from a Newbie to an Apprentice. In this video I finally solve the last 2 labs that I needed to no longer be a Newbie. The two labs that I solved in this video can be found below: portswigger.net/web-security/oauth/lab-oauth-authentication-bypas...
Bypassing 2FA | Web Security Academy
Просмотров 4842 месяца назад
Bypassing 2FA | Web Security Academy
Hack Android With Burp Suite (THE EASY WAY!)
Просмотров 2,2 тыс.2 месяца назад
Hack Android With Burp Suite (THE EASY WAY!)
Hacking AI Chatbots | Web Security Academy
Просмотров 5863 месяца назад
Hacking AI Chatbots | Web Security Academy
Stealing Passwords With GraphQL | Web Security Academy
Просмотров 2803 месяца назад
Stealing Passwords With GraphQL | Web Security Academy
Extract and Reverse Engineer iPhone Apps
Просмотров 2,7 тыс.3 месяца назад
Extract and Reverse Engineer iPhone Apps
Building a DIY Security Camera System | #PiDay
Просмотров 3043 месяца назад
Building a DIY Security Camera System | #PiDay
Access Private Posts With GraphQL | Web Security Academy
Просмотров 2504 месяца назад
Access Private Posts With GraphQL | Web Security Academy
Sideload And Re-Sign Untrusted iPhone Apps
Просмотров 9 тыс.5 месяцев назад
Sideload And Re-Sign Untrusted iPhone Apps
Intercept Traffic and Bypass SSL Pinning on iPhone
Просмотров 5 тыс.6 месяцев назад
Intercept Traffic and Bypass SSL Pinning on iPhone
SANS Holiday Hack Challenge 2023 | Win a FREE SANS training course!
Просмотров 5917 месяцев назад
SANS Holiday Hack Challenge 2023 | Win a FREE SANS training course!
Advent of Cyber 2023 | $50,000 worth of prizes!
Просмотров 2797 месяцев назад
Advent of Cyber 2023 | $50,000 worth of prizes!
Install Custom Firmware and Hack Phones
Просмотров 53 тыс.9 месяцев назад
Install Custom Firmware and Hack Phones
Bypass SSL Pinning on Android | Hack the Box Pinned
Просмотров 1,3 тыс.9 месяцев назад
Bypass SSL Pinning on Android | Hack the Box Pinned
Discover Secrets in React Native Apps | Hack the Box Don't Overreact
Просмотров 60210 месяцев назад
Discover Secrets in React Native Apps | Hack the Box Don't Overreact
Bypass Root Detection and Frida Detection | Android UnCrackable Level 3
Просмотров 2,3 тыс.10 месяцев назад
Bypass Root Detection and Frida Detection | Android UnCrackable Level 3
File Uploads and Remote Code Execution!
Просмотров 79211 месяцев назад
File Uploads and Remote Code Execution!
i know this is unrelated to the video but, is ssl security bypassable in android versions 11 and up?
Yes it is. It may not be easily bypassed in every app because some apps may have some more robust types of pinning implemented. In those cases, it may require some additional reverse engineering to figure it out, but most typical SSL pinning implementations can be bypassed with Frida or Objection.
@CorSecure do you know any guides for breaching more robust apps?
There really isn't any single solution for that kind of thing. You would just need to know how to reverse engineer the application and use that information to create a custom Frida script to bypass those functions. I may be making a video sometime soon about reversing and writing custom Frida scripts, but you would have to use those skills to adapt them to your own situation.
@CorSecure sounds like a great idea and very helpful thnx!
Great work
Thanks!
If want to check out this lab, you can find it here: portswigger.net/web-security/websockets/cross-site-websocket-hijacking/lab
First comment here. Love your content. ❤
Hello, Im having an issue. Whenever I do this the app (Roblox) closes on open.
The app may have some sort of tampering protection in place that prevents tools like Objection and Frida to be used. It may be possible to bypass those types of protections as well, but it would probably take some additional reverse engineering to determine how they were implemented.
How about without JB?
Is it possible to root a phone with a Chromebook instead of a PC?
Do you have a PC to install the firmware?
The new release is 53 From Feb 2 2024 bt doesn’t work to connect to my phone. How do we fix that
Your the best mobile pentester
Not work
I would like to know more about how to reverse engineer using the hopper!
I am a beginner in this area and your videos are of great help to continue learning and improving my skills, so thank you for sharing them.
I'm glad I could help!
I just have in a cycle. iPhone 8+ iOS 16.5 <Warning>: Whoops, device did not enter DFU mode <Info>: Waiting for device to reconnect... <Info>: Entering recovery mode <Info>: Press Enter when ready for DFU mode
I've never seen this issue before, but I did find this thread on GitHub that seems to be a similar issue. github.com/palera1n/palera1n/issues/441 If the comments on that thread don't help, I would suggest trying a different version of palera1n. I have had issues in the past where downgrading to a previous version fixed the issue for me.
@@CorSecure thanks, by the way I found some advise to use old-fashion USB A - Lightning cable because USB C -Lightning doesn't work for such stuff. Can you confirm this information? What kind of cable do you use?
I use lightning cables. I haven't actually tried USB-C cables when working with iOS yet.
@@CorSecure lightning of course. But what connector is on the second end of the cable: usb A or usb C?
USB-A
This is gold bro!
Your videos are amazing. Keep up the good work bro
Thanks!
@@CorSecure Would you be able to give as a video about reversing private API
I typically just test APIs by intercepting traffic with Burp Suite, and I have a lot of videos on my channel showing how to do that.
Thanks god, you saved my life
Is there a difference between decompiling apk and xapk?
An XAPK just contains the APK and an OBB file, which contains some additional assets and data. I believe those are usually only found in third party app stores and websites. You can unzip the XAPK, and then you can decompile the APK just like normal.
please make a video of objection
I already have! I have used Objection in a few of my videos. In the video linked below I used it to solve a challenge from Hack The Box. ruclips.net/video/s-srWxXWKR0/видео.html
@@CorSecure ok 👍
I was waiting as an episode. Keep uploading what is the most important as usual. Thank you.
Thanks for your work!
You can download the MagiskTrustUserCerts module here: github.com/NVISOsecurity/MagiskTrustUserCerts And you can download the Frida server here: github.com/frida/frida
We need any way to run banking applications on the emulator thanks for this video
Thank you so much! You have literally made such a massive difference for me these past few weeks. I’ve been struggling so bad with figuring this android emulator stuff out.
I'm glad I could help!
Another corsecure upload hell yeah
Hey most android devices aren't smartphones, like tv, vending machines,... Could you do some tutorial on for example how to crash a vending machine with NFC noise, so the app crashes and you are in the main android. Or how to update an apk to infect it with a backdor?
I don't really have any experience working with vending machines, but I do have plans to make some videos about other smart devices like TVs.
Finally someone made updates the android lab settings. Bro you saved me the trouble of setting everything up again since I switched to MacOs. Two years ago I watched your video where Burp was set up via cert and input through the terminal. I am waiting for new update videos next week for Burp and other tools. Keep up good work and thanks.
I'm glad I could help!
Hey man, Great vid! I can't get my vm, kali, to connect to the emulator. Any ideas?
Is your VM network settings set to NAT? If it's an Android Studio emulator and the VM is set to NAT, then you should be able to connect to the emulator with adb connect 10.0.2.2.
@@CorSecure Yupp, they are. I can see both the vm and emulator are connected to local, but I still cant connect from to the emulator from my VM. Im using kali in VmWare Fusion and the Android Studio emulator.
That's very strange. I'm using VirtualBox, and I haven't personally used VmWare Fusion in several years. It's possible that there could be some weird networking setting Fusion has that isn't in VirtualBox, but other than that I don't know what could be causing this issue.
Need help please.. I wanto root my Samsung Galaxy tab a 8.0 2019. Model - SM-T295
i used nano for my text
But how can I know the type of encryption of the API key? like base64
But how can I know the type of encryption of the API key? like base 64
Right on! I’ve literally spent a couple days trying to get this to work and your video solved it for me. Thanks man Now I can’t get MagiskTrustUserCert to work. Says unzip error during that module install inside Magisk
I'm glad my video was able to help! I'm planning on going over using MagiskTrustUserCert in the next video. I'll be recording it over the weekend, and it should be uploaded early next week.
@@CorSecure do you have a date set for the upload?
It should be going up later today
@@CorSecure right on!
Can you plz share the tool link that you are using for apk explore.
That was JADX github.com/skylot/jadx
How to contact you brother
Thank you so much for the great videos I love your chanel
Thanks! I'm glad my videos can be helpful!
what is your pc bro
Hello, how to use burp to capture app packets for two-way certificate detection?
Hello, how to use burp to capture app packets for two-way certificate detection?
Hello, how to use burp to capture app packets for two-way certificate detection?
Great. Reminder don't change your default sdk location
Thank you for sharing such amazing videos and helping appsec community
Install Android Studio here: developer.android.com/studio Download rootAVD here: gitlab.com/newbit/rootAVD
GOD🤩
What if you want to make commands even longer?
Hey there CorSecure! Super stoked to have you reviewing my app. You make very engaging content. I have learnt a lot about your walk-though on Beetlebug. I'll have to admit there many bugs, cos I actually built this CTF barely 3 months into learning Android Dev and I needed help with finding bugs. I'd push an update to address these issues real soon and make sure to hit you up before the blog post. Thanks for bringing them up, I really do appreciate it. Hafiz (hafiz-ng)
Thank you so much for the kind words! I would love to make another video in the future after any updates you make to the app!
Good, you have reached the Egyptian audience😂❤