EN - TeamTonTac

Sign in Subscribe

EN

A collection of 4 posts

Android Pentest Series: Double encrypt Mobile API (Not only AES but also RSA)

Android Pentest Series: Double encrypt Mobile API (Not only AES but also RSA)

Breaking encrypted traffic with RSA and AES in Android application

Evilginx 102: Hacker’s Blueprint - Building the Ultimate Phishing Infra

Evilginx 102: Hacker’s Blueprint - Building the Ultimate Phishing Infra

In our previous post, Evilginx 101: Introduction to Modern Phishing & Adversary-in-the-Middle Attacks, we explored how Evilginx works as a powerful Adversary-in-the-middle (AitM) framework for phishing attacks. Now, let’s dive deeper into the attacker’s perspective and understand how to build an effective phishing infrastructure that can bypass multi-factor

Who is the Hunter, Who is the Prey ??? (CVE-2024-51735)

Who is the Hunter, Who is the Prey ??? (CVE-2024-51735)

Product Overview Osmedeus is a Workflow Engine for Offensive Security that allows you to build and run a reconnaissance system on a wide range of targets, including domains, URLs, CIDRs, and GitHub repositories. It was designed to establish a strong foundation and has the ability to adapt and function automatically

My first CVE story (CVE-2025-24372)

Introduction Today is a special day for me, a CVE was released where I am the discoverer: CVE-2025-24372. I have my first CVE! How to find A while back, I discovered the XSS vulnerability of a website while doing the company's pentest project. Let’s call it redacted.