Maerisec's blog - pentesting, malware, gaming

So far, I've used my physical device for Android apps testing, but I always found it inconvenient for training. With a new Kali setup, it was a good time to create virtual Android testing lab. In this post I will describe how to set up my lab and start learning frida. I use: Genymotion version 3.7.1 (License for Personal Use) on Windows Hyper-V on Windows 11 Kali version 2024.1 Frida version 16.3.3 on Kali and other (Burp, adb, jadx, objection, ...) Note that this is a setup on my private PC, I don't use it for professional purposes.  For iOS apps testing, I recommend  iOS App Testing Through Burp on Corellium by Evan Custodio Android app hacking setup For Kali on Hyper-V setup see  this page . Let's start with Genymotion. I use this solution for Android virtualization because: It has a license for Personal use with enough functionalities. Competitors have some stories about being untrustworthy. Of course Android Studio has to be taken into account when cre...

This is a brief manual of my Hyper-V setup written for other hackers who were using VirtualBox/VMware their whole career like me and are not much interested in preparing advanced settings. Generally, using Hyper-V for the first time is eye opening. The experience is much different but, after a while, everything becomes intuitive. I'm using Windows 11 Pro and Kali VM.  Enable Hyper-V virtualization Hyper-V can't be downloaded from the Internet, it must be enabled on your PC. It will download itself automatically. Follow Microsoft instruction:  Step-By-Step: Enabling Hyper-V for Use on Windows 11 Recap: Win+R -> appwiz.cpl -> Turn Windows features on or off -> Hyper-V -> OK -> restart First look Left-hand panel displays available physical servers - in this case "ROSEMARY" is just a name of my PC. Your PC will be the only option unless you want to connect to remote servers. Virtual Machines panel contains a list of your VMs, and if you click one, the pane...

As penetration testers, we can't escape writing penetration test reports, no matter how inexperienced or experienced we are. Each vulnerability should be properly classified, described, and should be friendly to any reader - tech and non-tech person. In this series I will share with you my knowledge about how to write a professional report. Part 1:  Report sections Let's take a look at this graphic: The biggest chunk of the report should always be the Technical details where the vulnerabilities are described. The order of the summary, RoE, list of findings and technical details can be flexible, as long as it's rational. Title page should consist of: Name/Logo of company doing the test Name/Logo of the Client Test period Version/ID of the report Confidentiality level Optional: any disclaimer to the confidentiality classification Optional: personal names of the testers Optional: screenshot of the test subject Let's not merge Title page with Table of contents, okay? Gener...