Posts

Introduction about myself a student that complated university studies related to cybersecurity a CTF player learnt cybersecurity for a few years but still weak in it How I learn ethical hacking Part 0 Back then, I don’t really know about red team and blue team and I just decided to learn hacking for fun. Since hacking others looks more fun, I decided to look into videos and anything related. The first courses I go through is actually Practical Ethical Hacking from TCM Security. After going through the first few topic of the course, I have some basic understanding about how hacking works (that’s what I thought back then). Eventually, I stopped the course halfway because the course started to go through hackthebox retired machine and I don’t have a VIP account to follow along. Instead, I decided to move on with PicoCTF and Tryhackme as some of the people mentioned this 2 platform is great for learning cybersecurity. I further improved my basic skills such as linux command and getting more new knowledge from Tryhackme since it has a lot of different room. As for PicoCTF, I was stunned for quite some times as that is the first time I find out about CTF. That is also when I found out that there are a lot of different hacking. ...

Challenge Description The malware forensics lab identified a new technique for hiding and executing code dynamically. A sample that seems to use this technique has just arrived in their queue. Can you help them? SAW.apk Solution This is something that I think quite hard but yea another fun challenge. Static Analysis As usual, I started with jadx-gui for reading the decompiled Java code. 1 2 3 4 5 6 <activity android:name="com.stego.saw.MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> It seems like there’s only one activity to focus on. I then have a look in it. Inside the MainActivity.java, there’s a few that I think its interesting and useful. ...

Challenge Description This app contains some unique keys. Can you get one? APKey.apk Solution Static Analysis The first step is always static analysis. I started by using jadx-gui to see the decompiled Java code. Looking into the AndroidManifest.xml, it looks like there’s only one activity which is MainActivity. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 <application android:theme="@style/Theme.APKey" android:label="@string/app_name" android:icon="@mipmap/ic_launcher" android:allowBackup="true" android:supportsRtl="true" android:roundIcon="@mipmap/ic_launcher_round" android:appComponentFactory="androidx.core.app.CoreComponentFactory"> <activity android:name="com.example.apkey.MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> </application> Since it’s gonna be MainActivity, we could have a look at the code. Inside the code, we have something interesting. ...