Posts by Keith Hoodlet
Last week, David Baker (Bugcrowd’s Chief Security Officer) released a blog post discussing why it’s important to understand researcher motivations in order to run a successful bug bounty program. Furthermore – to enable current and future customers to get a better handle on what drives security researchers at Bugcrowd – we released the Inside the Mind of a Hacker (version 2.0) report covering a broad range of metrics around who the Crowd is comprised of; including data on age, level of education, geographic location, and most importantly – what motivates us (and I use the term “us”, because I myself am a security researcher on Bugcrowd).
What we know so far
Earlier today it was publicly disclosed that Apple’s MacOS High Sierra contains a trivially-exploitable flaw, which allows malicious individuals to generate a persistent root access account to your system. It is not readily apparent whether or not this vulnerability is remotely exploitable, but out an of abundance of caution there are several steps you can take immediately to protect your system.
In this post, I will provide a brief overview of the anatomy of a mobile penetration test, and cover the first step in getting started with mobile testing on an Android device. My goal is to help folks that are new to mobile testing break the barrier of getting started, and debunk the assumption that mobile application testing is too difficult.