TeamTonTac

Sign in

Android Pentest Series: Double encrypt Mobile API (Not only AES but also RSA)

Android Pentest Series: Double encrypt Mobile API (Not only AES but also RSA)

Breaking encrypted traffic with RSA and AES in Android application

Evilginx 102: Hacker’s Blueprint - Building the Ultimate Phishing Infra

Evilginx 102: Hacker’s Blueprint - Building the Ultimate Phishing Infra

In our previous post, Evilginx 101: Introduction to Modern Phishing & Adversary-in-the-Middle Attacks, we explored how Evilginx2 works as a powerful Adversary-in-the-middle (AitM) framework for phishing attacks. Now, let’s dive deeper into the attacker’s perspective and understand how to build an effective phishing infrastructure that can bypass multi-factor

Trigrep - Automated Security Scanning for Source Code with the Power of Semgrep and Trivy Integration

Trigrep - Automated Security Scanning for Source Code with the Power of Semgrep and Trivy Integration

Understanding SAST and SCA * SAST (Static Application Security Testing): This technique analyzes source code, bytecode, or binary code for vulnerabilities without executing the application. It is useful for detecting security issues such as injection flaws, insecure coding practices, and hardcoded credentials. * SCA (Software Composition Analysis): SCA scans third-party dependencies and

Build your Phishing-as-a-Service

Build your Phishing-as-a-Service

Evilginx 101: Introduction to Modern Phishing & Adversary-in-the-Middle Attacks

Evilginx Featured

Evilginx 101: Introduction to Modern Phishing & Adversary-in-the-Middle Attacks

What is an Adversary-in-the-Middle (AiTM) Attack? An Adversary-in-the-Middle (AiTM) attack is a sophisticated phishing technique where an attacker intercepts and manipulates communication between a victim and a legitimate service. Unlike traditional phishing, which relies on tricking users into entering their credentials on a fake login page, AiTM attacks go a

Android Pentest: How I Decrypted Mobile API

Android Pentest: How I Decrypted Mobile API

First of all, I would like to thank you for being here to listen to me share my story. Have a great day! Overview I am writing this blog to share my recent experience when I pentested an android application. It was easy to capture the application request but the

How to become a Pro Penetration Testing Intern

How to become a Pro Penetration Testing Intern

Introduction In a world filled with cybersecurity threats, understanding and performing penetration testing (pentest) is not only a skill but also a crucial tool for protecting systems. Pentesting helps security experts discover vulnerabilities, assess risks, and suggest solutions before attackers can exploit them. If you’re a beginner wanting to

Who is the Hunter, Who is the Prey ??? (CVE-2024-51735)

Who is the Hunter, Who is the Prey ??? (CVE-2024-51735)

Product Overview Osmedeus is a Workflow Engine for Offensive Security that allows you to build and run a reconnaissance system on a wide range of targets, including domains, URLs, CIDRs, and GitHub repositories. It was designed to establish a strong foundation and has the ability to adapt and function automatically

My first CVE story (CVE-2025-24372)

Introduction Today is a special day for me, a CVE was released where I am the discoverer: CVE-2025-24372. I have my first CVE! How to find A while back, I discovered the XSS vulnerability of a website while doing the company's pentest project. Let’s call it redacted.

Insecure Deserialization in Python

Insecure Deserialization in Python

Introduction to Object Serialization Imagine playing a game where you've invested significant effort into progressing your character. However, for some reason, you need to stop playing and don’t want to lose your progress. Have you ever wondered how the game saves your character’s state? Let'

OSWE Journey

First of all, I would like to thank you for being here to listen to me share my journey. Have a great day! Overview 1. The starting point 2. The preparation 3. The exam 4. Some advice I. The starting point I am not a professional CTF player or someone

How I passed OSCP with "2 times"

How I passed OSCP with "2 times"

In this blog, I will share my journey of overcoming OSCP. I will be documenting my experience to prepare for the OSCP as well as my exam day experience with the experience of a newbie and 2 times 😵 (so expensive with anyone failed). I can only sum it up in

How to pass OSEP for the first time

How to pass OSEP for the first time

How I passed OSEP on the first attempt