My Journey of Cybersec

Introduction about myself a student that complated university studies related to cybersecurity a CTF player learnt cybersecurity for a few years but still weak in it How I learn ethical hacking Part 0 Back then, I don’t really know about red team and blue team and I just decided to learn hacking for fun. Since hacking others looks more fun, I decided to look into videos and anything related. The first courses I go through is actually Practical Ethical Hacking from TCM Security. After going through the first few topic of the course, I have some basic understanding about how hacking works (that’s what I thought back then). Eventually, I stopped the course halfway because the course started to go through hackthebox retired machine and I don’t have a VIP account to follow along. Instead, I decided to move on with PicoCTF and Tryhackme as some of the people mentioned this 2 platform is great for learning cybersecurity. I further improved my basic skills such as linux command and getting more new knowledge from Tryhackme since it has a lot of different room. As for PicoCTF, I was stunned for quite some times as that is the first time I find out about CTF. That is also when I found out that there are a lot of different hacking. ...

December 3, 2024 · 3 min · 516 words

MHL Food Store

Challenge Description Welcome to the Android App Security Lab: SQL Injection Challenge! Dive into the world of cybersecurity with our hands-on lab. This challenge is centered around a fictitious “Food Store” app, highlighting the critical security flaw of SQL Injection (SQLi) within the app’s framework. foodstore.apk Solution As usual, static analysis to understand first. Static Analysis I started out by reading the AndroidManifest.xml code first. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 <activity android:name="com.mobilehackinglab.foodstore.Signup" android:exported="false"/> <activity android:name="com.mobilehackinglab.foodstore.MainActivity" android:exported="true"/> <activity android:name="com.mobilehackinglab.foodstore.LoginActivity" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> There is a Signup, MainActivity and LoginActivity activity but only Signup activity is not exported. Reading the objective provided, this challenge will be focused in the signup function. ...

April 3, 2025 · 4 min · 770 words

MHL Guess Me

Challenge Description Welcome to the “Guess Me” Deep Link Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge revolves around a fictitious “Guess Me” app, shedding light on a critical security flaw related to deep links that can lead to remote code execution within the app’s framework. guessme.apk Solution I started out by performing static analysis. Static Analysis As usual, jadx-gui for reading the code. ...

April 1, 2025 · 5 min · 1061 words